preg_quote namespaces in auth_aclcheck

Like ids namespaces are now preg_quoted in the acl check (and therefore the escaping of "*" has been removed). When plugins call the ACL check function with strange ids the regex fails otherwise (in the case of the include plugin errors like "Warning: preg_grep() [function.preg-grep]: Compilation failed: missing terminating ] for character class at offset 47" have been reported by two users). I've run the acl tests after this change and everything passes so this shouldn't break anything but please test this especially with protected wikis as this change modifies the code that handles namespace permissions. Furthermore permissions for a namespace foobar are no longer applied to namespaces with names like foo.ar, I hope nobody has used that "feature". When you are using per-user namespaces, user registration is open and either write or read protection for these namespaces is important to you this is a security fix for you: When someone wants to get access to the namespace of a user "foo.bar" he can register as "fooxbar" (where "x" is an arbitrary character) and will have access to the user namespace of the user "foo.bar" as when a page in "foo.bar" is checked it will match the rule for "fooxbar".

preg_quote namespaces in auth_aclcheck
3e304b55 · Michael Hamann · 8596046d · 3e304b55
Commit 3e304b55 authored 14 years ago by Michael Hamann
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -534,13 +534,13 @@ function auth_aclcheck($id,$user,$groups){

    //still here? do the namespace checks
    if($ns){
-        $path = $ns.':\*';
+        $path = $ns.':*';
    }else{
-        $path = '\*'; //root document
+        $path = '*'; //root document
    }

    do{
-        $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
+        $matches = preg_grep('/^'.preg_quote($path,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL);
        if(count($matches)){
            foreach($matches as $match){
                $match = preg_replace('/#.*$/','',$match); //ignore comments
@@ -557,9 +557,9 @@ function auth_aclcheck($id,$user,$groups){
        //get next higher namespace
        $ns   = getNS($ns);

-        if($path != '\*'){
-            $path = $ns.':\*';
-            if($path == ':\*') $path = '\*';
+        if($path != '*'){
+            $path = $ns.':*';
+            if($path == ':*') $path = '*';
        }else{
            //we did this already
            //looks like there is something wrong with the ACL