This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Fixed
Fixed
FS#1955 URL escaped %USER% mask in conf/acl.auth.php
ACL & Authentication
-
2010-05-13 AlexJ
Any operation (add, edit, delete) with ACL from admin's GUI replace mask %USER% in the second field(user/group) of ACL in the file conf/acl.auth.php with %25USER%25.
In this case %USER% rules became broken.
Quick hack to avoid this is to add:
$lines = preg_replace('/%25/','%',$lines); // before line 138 in the lib/plugins/acl/admin.php
$new_config = preg_replace('/%25/','%',$new_config); // before line 662 in the lib/plugins/acl/admin.php
$new_config = preg_replace('/%25/','%',$new_config); // before line 679 in the lib/plugins/acl/admin.php
escaping is happened in the inc/auth.php in the function 'auth_nameencode'.
Not sure if replacing regex with preg_replace('/([\x00-\x24\x26-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',... there
would be safe since reference to 'auth_nameencode' came from many different places.
-
2010-06-26 andi
fixed in devel - Related tasks:
