From 2046a6546c8ed62b9a7b33305b6201458f2f8291 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 12 Mar 2014 15:38:28 +0000 Subject: Allow user info to be retrieved without groups Some parts of dokuwiki (e.g. recent changes, old revisions) can requests lots of user info (to provide editor names) without requiring any group information. This change also implements caching of user info by authmysql & authpgsql plugins to avoid repeated querying of the DB to retrieve the same user information. --- lib/plugins/authplain/auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/plugins/authplain/auth.php') diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index 8c4ce0dd9..16ecaa147 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -76,9 +76,10 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { * * @author Andreas Gohr * @param string $user + * @param bool $requireGroups (optional) ignored by this plugin, grps info always supplied * @return array|bool */ - public function getUserData($user) { + public function getUserData($user, $requireGroups=true) { if($this->users === null) $this->_loadUserData(); return isset($this->users[$user]) ? $this->users[$user] : false; } -- cgit v1.2.3 From f95ecbbf8b1de8bc1270d3cf91dfdf055ea5c78c Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 1 Jul 2014 08:35:07 +1000 Subject: authplain: Escape ':' in any data field as '\:' ':' is the field delimiter in the authplain flat text conf/users.auth.php file, but it's also used as an internal delimiter for the 'mediawiki' password hash format. Currently using this hash format corrupts the file This change escapes ':' as '\:' in any field in the users.auth.php file, and any '\' as '\\'. Also adds test cases for escaping modes. --- lib/plugins/authplain/auth.php | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'lib/plugins/authplain/auth.php') diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index 8c4ce0dd9..e53f56667 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -83,6 +83,27 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { return isset($this->users[$user]) ? $this->users[$user] : false; } + /** + * Creates a string suitable for saving as a line + * in the file database + * (delimiters escaped, etc.) + * + * @param string $user + * @param string $pass + * @param string $name + * @param string $mail + * @param array $grps list of groups the user is in + * @return string + */ + protected function _createUserLine($user, $pass, $name, $mail, $grps) { + $groups = join(',', $grps); + $userline = array($user, $pass, $name, $mail, $groups); + $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\ + $userline = str_replace(':', '\\:', $userline); // escape : as \: + $userline = join(':', $userline)."\n"; + return $userline; + } + /** * Create a new User * @@ -115,8 +136,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { if(!is_array($grps)) $grps = array($conf['defaultgroup']); // prepare user line - $groups = join(',', $grps); - $userline = join(':', array($user, $pass, $name, $mail, $groups))."\n"; + $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps); if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) { $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); @@ -157,8 +177,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $userinfo[$field] = $value; } - $groups = join(',', $userinfo['grps']); - $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n"; + $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']); if(!$this->deleteUsers(array($user))) { msg('Unable to modify user data. Please inform the Wiki-Admin', -1); @@ -308,7 +327,11 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $line = trim($line); if(empty($line)) continue; - $row = explode(":", $line, 5); + /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */ + $row = preg_split('/(?users[$row[0]]['pass'] = $row[1]; -- cgit v1.2.3 From 253d4b48ec708eb42033862dc15c8576f44a48ed Mon Sep 17 00:00:00 2001 From: Gerrit Uitslag Date: Wed, 1 Oct 2014 15:32:05 +0200 Subject: more PHPDocs, unused var, small bit code reformatting --- lib/plugins/authplain/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/authplain/auth.php') diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index b3ca988b9..1ea75b100 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -77,7 +77,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { * @author Andreas Gohr * @param string $user * @param bool $requireGroups (optional) ignored by this plugin, grps info always supplied - * @return array|bool + * @return array|false */ public function getUserData($user, $requireGroups=true) { if($this->users === null) $this->_loadUserData(); -- cgit v1.2.3 From 6c8c1f4632a82459236200e9264c40ecebd4b162 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Fri, 3 Oct 2014 17:41:14 +0100 Subject: Fix for issues 877 & 885 related to a bug in PCRE 6.6 --- lib/plugins/authplain/auth.php | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'lib/plugins/authplain/auth.php') diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index b3ca988b9..ec5d16e9d 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -17,6 +17,9 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { /** @var array filter pattern */ protected $_pattern = array(); + /** @var bool safe version of preg_split */ + protected $_pregsplit_safe = false; + /** * Constructor * @@ -44,6 +47,8 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $this->cando['getUsers'] = true; $this->cando['getUserCount'] = true; } + + $this->_pregsplit_safe = version_compare(PCRE_VERSION,'6.7','>='); } /** @@ -329,7 +334,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { if(empty($line)) continue; /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */ - $row = preg_split('/(?_splitUserData($line); $row = str_replace('\\:', ':', $row); $row = str_replace('\\\\', '\\', $row); @@ -342,6 +347,30 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { } } + protected function _splitUserData($line){ + // due to a bug in PCRE 6.6, preg_split will fail with the regex we use here + // refer github issues 877 & 885 + if ($this->_pregsplit_safe){ + return preg_split('/(? Date: Sat, 4 Oct 2014 11:59:42 +0100 Subject: escaping backslash should be included in split items --- lib/plugins/authplain/auth.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/plugins/authplain/auth.php') diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index ec5d16e9d..3d303597c 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -356,9 +356,12 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $row = array(); $piece = ''; - for($i=0; $i=$len) break; } else if ($line[$i]==':'){ $row[] = $piece; $piece = ''; -- cgit v1.2.3 From 79e79377626799a77c11aa7849cb9c64305590c8 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 7 Jan 2015 10:47:45 +0100 Subject: Remove error supression for file_exists() In an older version of PHP a file_exists() call would issue a warning when the file did not exist. This was fixed in later PHP releases. Since we require PHP 5.3 now, there's no need to supress any error here anymore. This might even give a minor performance boost. --- lib/plugins/authplain/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/authplain/auth.php') diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index fd2d0b249..b31c02fc8 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -325,7 +325,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $this->users = array(); - if(!@file_exists($config_cascade['plainauth.users']['default'])) return; + if(!file_exists($config_cascade['plainauth.users']['default'])) return; $lines = file($config_cascade['plainauth.users']['default']); foreach($lines as $line) { -- cgit v1.2.3