From 93a6d0536e2b8c3e75c53753a54e7613bf4c00fe Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 2 Oct 2010 10:23:47 +0200
Subject: properly encode user wildcard in ACLs FS#2039

---
 inc/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/auth.php')

diff --git a/inc/auth.php b/inc/auth.php
index e1f689f96..90ce61a37 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -107,7 +107,7 @@ function auth_setup(){
         $AUTH_ACL = file($config_cascade['acl']['default']);
         //support user wildcard
         if(isset($_SERVER['REMOTE_USER'])){
-            $AUTH_ACL = str_replace('%USER%',$_SERVER['REMOTE_USER'],$AUTH_ACL);
+            $AUTH_ACL = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$AUTH_ACL);
         }
     }
 }
-- 
cgit v1.2.3