diff --git a/inc/auth.php b/inc/auth.php
index 70514316c22f80887ef7b3e5cb988e17eb84c954..6a4108a7caf4964fbed1548a8ae0e7e4496806c0 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -107,7 +107,6 @@ function auth_setup(){
//support user wildcard
if(isset($_SERVER['REMOTE_USER'])){
$AUTH_ACL = str_replace('%USER%',$_SERVER['REMOTE_USER'],$AUTH_ACL);
- $AUTH_ACL = str_replace('@USER@',$_SERVER['REMOTE_USER'],$AUTH_ACL); //legacy
}
}
}
@@ -569,6 +568,9 @@ function auth_nameencode($name,$skip_group=false){
$cache =& $cache_authname;
$name = (string) $name;
+ // never encode wildcard FS#1955
+ if($name == '%USER%') return $name;
+
if (!isset($cache[$name][$skip_group])) {
if($skip_group && $name{0} =='@'){
$cache[$name][$skip_group] = '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index 1f666660c03061897725387240c7de92e0f6228d..673ffbc963ae1f5d53a523dbf1d5ebee8a107a09 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -96,7 +96,10 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
if($_REQUEST['acl_t'] == '__g__' && $who){
$this->who = '@'.ltrim($auth->cleanGroup($who),'@');
}elseif($_REQUEST['acl_t'] == '__u__' && $who){
- $this->who = ltrim($auth->cleanUser($who),'@');
+ $this->who = ltrim($who,'@');
+ if($this->who != '%USER%'){ #keep wildcard as is
+ $this->who = $auth->cleanUser($this->who);
+ }
}elseif($_REQUEST['acl_t'] &&
$_REQUEST['acl_t'] != '__u__' &&
$_REQUEST['acl_t'] != '__g__'){
@@ -150,7 +153,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
if ($who!='@ALL') {
$who = '@'.ltrim($auth->cleanGroup($who),'@');
}
- } else {
+ } elseif ($who != '%USER%'){ #keep wildcard as is
$who = $auth->cleanUser($who);
}
$who = auth_nameencode($who,true);