Searched hist:"3 e304b55d99607a2d4586c7a4f0219736d995478" (Results 1 – 1 of 1) sorted by relevance
| /dokuwiki/inc/ |
| H A D | auth.php | 3e304b55d99607a2d4586c7a4f0219736d995478 Fri Dec 10 23:08:51 UTC 2010 Michael Hamann <michael@content-space.de> preg_quote namespaces in auth_aclcheck
Like ids namespaces are now preg_quoted in the acl check (and therefore
the escaping of "*" has been removed). When plugins call the ACL check
function with strange ids the regex fails otherwise (in the case of the
include plugin errors like "Warning: preg_grep() [function.preg-grep]:
Compilation failed: missing terminating ] for character class at offset
47" have been reported by two users).
I've run the acl tests after this change and everything passes so this
shouldn't break anything but please test this especially with protected
wikis as this change modifies the code that handles namespace
permissions. Furthermore permissions for a namespace foobar are no
longer applied to namespaces with names like foo.ar, I hope nobody has
used that "feature".
When you are using per-user namespaces, user registration is open and
either write or read protection for these namespaces is important to
you this is a security fix for you: When someone wants to get access to
the namespace of a user "foo.bar" he can register as "fooxbar" (where
"x" is an arbitrary character) and will have access to the user
namespace of the user "foo.bar" as when a page in "foo.bar" is checked
it will match the rule for "fooxbar".
|