Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
preg_quote namespaces in auth_aclcheck
Like ids namespaces are now preg_quoted in the acl check (and therefore the escaping of "*" has been removed). When plugins call the ACL check function with strange ids the regex fails otherwise (in the case of the include plugin errors like "Warning: preg_grep() [function.preg-grep]: Compilation failed: missing terminating ] for character class at offset 47" have been reported by two users). I've run the acl tests after this change and everything passes so this shouldn't break anything but please test this especially with protected wikis as this change modifies the code that handles namespace permissions. Furthermore permissions for a namespace foobar are no longer applied to namespaces with names like foo.ar, I hope nobody has used that "feature". When you are using per-user namespaces, user registration is open and either write or read protection for these namespaces is important to you this is a security fix for you: When someone wants to get access to the namespace of a user "foo.bar" he can register as "fooxbar" (where "x" is an arbitrary character) and will have access to the user namespace of the user "foo.bar" as when a page in "foo.bar" is checked it will match the rule for "fooxbar".
- Loading branch information
