From 80601d26897c5dced80645aaf904085aa08b7bb9 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 26 Jun 2010 11:20:25 +0200
Subject: fixed wildcard handling in ACL manager FS#1955

This patch also removes legacy support for @USER@. Only %USER% is valid
now.
---
 lib/plugins/acl/admin.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/plugins')

diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index 1f666660c..673ffbc96 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -96,7 +96,10 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
         if($_REQUEST['acl_t'] == '__g__' && $who){
             $this->who = '@'.ltrim($auth->cleanGroup($who),'@');
         }elseif($_REQUEST['acl_t'] == '__u__' && $who){
-            $this->who = ltrim($auth->cleanUser($who),'@');
+            $this->who = ltrim($who,'@');
+            if($this->who != '%USER%'){ #keep wildcard as is
+                $this->who = $auth->cleanUser($this->who);
+            }
         }elseif($_REQUEST['acl_t'] &&
                 $_REQUEST['acl_t'] != '__u__' &&
                 $_REQUEST['acl_t'] != '__g__'){
@@ -150,7 +153,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
                             if ($who!='@ALL') {
                                 $who = '@'.ltrim($auth->cleanGroup($who),'@');
                             }
-                        } else {
+                        } elseif ($who != '%USER%'){ #keep wildcard as is
                             $who = $auth->cleanUser($who);
                         }
                         $who = auth_nameencode($who,true);
-- 
cgit v1.2.3