FS#1274 toolbar signature incorrectly using authorization specific code

ACL & Authentication

• 

  2007-10-17 jugg

  In toolbar.php (2007-09-30 20:49) line 197 - 198:
  
   $sig = str_replace('@NAME@',$_SESSION[DOKU_COOKIE]['auth']['info']['name'],$sig);
   $sig = str_replace('@MAIL@',$_SESSION[DOKU_COOKIE]['auth']['info']['mail'],$sig);
  
  $_SESSION[DOKU_COOKIE]['auth'] is specific to the auth.plain mechanism.
  
  This information should be pulled from $INFO['userinfo'] instead.
  
  Any auth mechansim that uses trustExternal is not required to set the $_SESSION[DOKU_COOKIE]['auth'] information, thus this code does not work with external authenticators.  Whereas $INFO['userinfo'] should be correctly populated regardless of authenticator.