This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Fixed
FS#1505 Search results returns pages for which user has no access
ACL & Authentication
2008-10-12ChrisS
Search results page and ajax popup box of matching page names both include pages for which the user access is none.
2008-10-12andi
I can't reproduce this. Are you sure you weren't logged in?
2008-10-13ChrisS
Yes. See attached screenshot, actual page permissions are shown in the $INFO dump below the footer.
The $id passed from ft_page_lookup to auth_quickaclcheck is terminated with a new-line character which messes up the regexp matching against the ACL list. The new-line comes from reading page.idx with file(). Its never removed. Namespace ACL rules should work, but exact page rules shouldn't.
Simple solution is to trim the id as its sent to auth_quickaclcheck(). I'll send a patch that does this.
If you want to try and reproduce the problem again to confirm its not specific to my setup, I believe the key is that the only ACL rule that has NONE access is a page specific rule.
2010-06-26andi
The $pages array is mapped with rtrim() in the current code, so there shouldn't be any newlines left. Can you still reproduce this?