From e838fc2e58c8da15c084e275cfa3d423b56e4b28 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 7 Mar 2006 20:29:28 +0100
Subject: [PATCH] use nameencoding on superuser check in inc/auth.php

darcs-hash:20060307192928-7ad00-1ec5393d63d536992810fe8f611525d2af4834a2.gz
---
 _test/cases/inc/auth_nameencode.test.php | 11 +++++++++++
 inc/auth.php                             | 14 ++++++++++----
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/_test/cases/inc/auth_nameencode.test.php b/_test/cases/inc/auth_nameencode.test.php
index 6deb7de9f..926937a09 100644
--- a/_test/cases/inc/auth_nameencode.test.php
+++ b/_test/cases/inc/auth_nameencode.test.php
@@ -23,6 +23,17 @@ class auth_nameencode_test extends UnitTestCase {
         $this->assertEqual(auth_nameencode($in),$out);
     }
 
+    function test_groupskipon(){
+        $in  = '@hey$you';
+        $out = '@hey%24you';
+        $this->assertEqual(auth_nameencode($in,true),$out);
+    }
+
+    function test_groupskipoff(){
+        $in  = '@hey$you';
+        $out = '%40hey%24you';
+        $this->assertEqual(auth_nameencode($in),$out);
+    }
 }
 
 //Setup VIM: ex: et ts=4 enc=utf-8 :
diff --git a/inc/auth.php b/inc/auth.php
index 1efd42448..7c739d4ef 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -267,7 +267,7 @@ function auth_aclcheck($id,$user,$groups){
   $user = auth_nameencode($user);
 
   //if user is superuser return 255 (acl_admin)
-  if($conf['superuser'] == $user) { return AUTH_ADMIN; }
+  if(auth_nameencode($conf['superuser']) == $user) { return AUTH_ADMIN; }
 
   //make sure groups is an array
   if(!is_array($groups)) $groups = array();
@@ -278,7 +278,7 @@ function auth_aclcheck($id,$user,$groups){
     $groups[$i] = '@'.auth_nameencode($groups[$i]);
   }
   //if user is in superuser group return 255 (acl_admin)
-  if(in_array($conf['superuser'], $groups)) { return AUTH_ADMIN; }
+  if(in_array(auth_nameencode($conf['superuser'],true), $groups)) { return AUTH_ADMIN; }
 
   $ns    = getNS($id);
   $perm  = -1;
@@ -365,8 +365,14 @@ function auth_aclcheck($id,$user,$groups){
  * @author Andreas Gohr <gohr@cosmocode.de>
  * @see rawurldecode()
  */
-function auth_nameencode($name){
-  return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',"'%'.dechex(ord('\\1'))",$name);
+function auth_nameencode($name,$skip_group=false){
+  if($skip_group && $name{0} =='@'){
+    return '@'.preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
+                            "'%'.dechex(ord('\\1'))",substr($name,1));
+  }else{
+    return preg_replace('/([\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f])/e',
+                        "'%'.dechex(ord('\\1'))",$name);
+  }
 }
 
 /**
-- 
GitLab