PukiWiki Fork
Fork

Fork origin: pukiwiki / pukiwiki

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revisión	a1e83eb7cdd3a0af4629817701104287c051cdc3 (tree)
Tiempo	2017-02-16 02:36:50
Autor	umorigu <umorigu@gmai...>
Commiter	umorigu

Log Message

BugTrack/598 Stop reading page that is not readable as template

Cambiar Resumen

modified: lib/auth.php (diff)
modified: plugin/edit.inc.php (diff)

Diferencia incremental

--- a/lib/auth.php

+++ b/lib/auth.php

		@@ -1,7 +1,7 @@
1	1	<?php
2	2	// PukiWiki - Yet another WikiWikiWeb clone
3		-// $Id: auth.php,v 1.22 2011/01/25 15:01:01 henoheno Exp $
4		-// Copyright (C) 2003-2005, 2007 PukiWiki Developers Team
	3	+// auth.php
	4	+// Copyright 2003-2017 PukiWiki Development Team
5	5	// License: GPL v2 or (at your option) any later version
6	6	//
7	7	// Authentication related functions

		@@ -154,16 +154,16 @@ function pkwk_ldap_escape_dn($value) {
154	154	// Basic-auth related ----
155	155
156	156	// Check edit-permission
157		-function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE)
	157	+function check_editable($page, $auth_enabled = TRUE, $exit_on_fail = TRUE)
158	158	{
159	159	global $script, $_title_cannotedit, $_msg_unfreeze;
160	160
161		- if (edit_auth($page, $auth_flag, $exit_flag) && is_editable($page)) {
	161	+ if (edit_auth($page, $auth_enabled, $exit_on_fail) && is_editable($page)) {
162	162	// Editable
163	163	return TRUE;
164	164	} else {
165	165	// Not editable
166		- if ($exit_flag === FALSE) {
	166	+ if ($exit_on_fail === FALSE) {
167	167	return FALSE; // Without exit
168	168	} else {
169	169	// With exit

		@@ -179,31 +179,32 @@ function check_editable($page, $auth_flag = TRUE, $exit_flag = TRUE)
179	179	}
180	180	}
181	181
182		-// Check read-permission
183		-function check_readable($page, $auth_flag = TRUE, $exit_flag = TRUE)
184		-{
185		- return read_auth($page, $auth_flag, $exit_flag);
	182	+/**
	183	+ * Whether the page is readable from current user or not.
	184	+ */
	185	+function is_page_readable($page) {
	186	+ global $read_auth_pages;
	187	+ return _is_page_accessible($page, $read_auth_pages);
186	188	}
187	189
188		-function edit_auth($page, $auth_flag = TRUE, $exit_flag = TRUE)
189		-{
190		- global $edit_auth, $edit_auth_pages, $_title_cannotedit;
191		- return $edit_auth ? basic_auth($page, $auth_flag, $exit_flag,
192		- $edit_auth_pages, $_title_cannotedit) : TRUE;
	190	+/**
	191	+ * Whether the page is writable from current user or not.
	192	+ */
	193	+function is_page_writable($page) {
	194	+ global $edit_auth_pages;
	195	+ return _is_page_accessible($page, $edit_auth_pages);
193	196	}
194	197
195		-function read_auth($page, $auth_flag = TRUE, $exit_flag = TRUE)
196		-{
197		- global $read_auth, $read_auth_pages, $_title_cannotread;
198		- return $read_auth ? basic_auth($page, $auth_flag, $exit_flag,
199		- $read_auth_pages, $_title_cannotread) : TRUE;
200		-}
	198	+/**
	199	+ * Get whether a current auth user can access the page
	200	+ *
	201	+ * @param $page page name
	202	+ * @param $auth_pages pagepattern -> groups map
	203	+ * @return true if a current user can access the page
	204	+ */
	205	+function _is_page_accessible($page, $auth_pages) {
	206	+ global $auth_method_type, $auth_user_groups, $auth_user;
201	207
202		-// Basic authentication
203		-function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
204		-{
205		- global $auth_method_type, $auth_users, $_msg_auth, $auth_user, $auth_groups;
206		- global $auth_user_groups, $auth_type, $g_query_string;
207	208	// Checked by:
208	209	$target_str = '';
209	210	if ($auth_method_type == 'pagename') {

		@@ -211,22 +212,96 @@ function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
211	212	} else if ($auth_method_type == 'contents') {
212	213	$target_str = join('', get_source($page)); // Its contents
213	214	}
214		-
215	215	$user_list = array();
216		- foreach($auth_pages as $key=>$val)
217		- if (preg_match($key, $target_str))
	216	+ foreach($auth_pages as $key=>$val) {
	217	+ if (preg_match($key, $target_str)) {
218	218	$user_list = array_merge($user_list, explode(',', $val));
219		-
	219	+ }
	220	+ }
220	221	if (empty($user_list)) return TRUE; // No limit
	222	+ if (!$auth_user) {
	223	+ // Current user doesen't yet log in.
	224	+ return FALSE;
	225	+ }
	226	+ if (count(array_intersect($auth_user_groups, $user_list)) === 0) {
	227	+ return FALSE;
	228	+ }
	229	+ return TRUE;
	230	+}
221	231
222		- $matches = array();
223		- if (PKWK_READONLY \|\|
224		- ! $auth_user \|\|
225		- count(array_intersect($auth_user_groups, $user_list)) === 0)
226		- {
	232	+/**
	233	+ * Ensure the page is readable, or show Login UI.
	234	+ * @param $page page
	235	+ */
	236	+function ensure_page_readable($page) {
	237	+ global $read_auth, $read_auth_pages, $_title_cannotread;
	238	+ if (!$read_auth) {
	239	+ return true;
	240	+ }
	241	+ return basic_auth($page, true, true,
	242	+ $read_auth_pages, $_title_cannotread);
	243	+}
	244	+
	245	+/**
	246	+ * Ensure the page is writable, or show Login UI.
	247	+ * @param $page page
	248	+ */
	249	+function ensure_page_writable($page) {
	250	+ global $edit_auth, $edit_auth_pages, $_title_cannotedit;
	251	+ if (!$edit_auth) {
	252	+ return true;
	253	+ }
	254	+ return basic_auth($page, true, true,
	255	+ $edit_auth_pages, $_title_cannotedit);
	256	+}
	257	+
	258	+/**
	259	+ * Check a page is readable or not, show Auth UI in some cases.
	260	+ *
	261	+ * @param $page page name
	262	+ * @param $auth_enabled true if auth is available (Normally true)
	263	+ * @param $exit_on_fail (Normally true)
	264	+ * @return true if the page is readable
	265	+ */
	266	+function check_readable($page, $auth_enabled = TRUE, $exit_on_fail = TRUE)
	267	+{
	268	+ return read_auth($page, $auth_enabled, $exit_on_fail);
	269	+}
	270	+
	271	+function edit_auth($page, $auth_enabled = TRUE, $exit_on_fail = TRUE)
	272	+{
	273	+ global $edit_auth, $edit_auth_pages, $_title_cannotedit;
	274	+ return $edit_auth ? basic_auth($page, $auth_enabled, $exit_on_fail,
	275	+ $edit_auth_pages, $_title_cannotedit) : TRUE;
	276	+}
	277	+
	278	+function read_auth($page, $auth_enabled = TRUE, $exit_on_fail = TRUE)
	279	+{
	280	+ global $read_auth, $read_auth_pages, $_title_cannotread;
	281	+ return $read_auth ? basic_auth($page, $auth_enabled, $exit_on_fail,
	282	+ $read_auth_pages, $_title_cannotread) : TRUE;
	283	+}
	284	+
	285	+/**
	286	+ * Authentication
	287	+ *
	288	+ * @param $page page name
	289	+ * @param $auth_enabled true if auth is available
	290	+ * @param $exit_on_fail Show forbidden message and stop all following processes
	291	+ * @param $auth_pages accessible users -> pages pattern map
	292	+ * @param $title_cannot forbidden message
	293	+ */
	294	+function basic_auth($page, $auth_enabled, $exit_on_fail, $auth_pages, $title_cannot)
	295	+{
	296	+ global $auth_users, $_msg_auth, $auth_user;
	297	+ global $auth_type, $g_query_string;
	298	+ $is_accessible = _is_page_accessible($page, $auth_pages);
	299	+ if ($is_accessible) {
	300	+ return TRUE;
	301	+ } else {
227	302	// Auth failed
228	303	pkwk_common_headers();
229		- if ($auth_flag && !$auth_user) {
	304	+ if ($auth_enabled && !$auth_user) {
230	305	if (AUTH_TYPE_BASIC === $auth_type) {
231	306	header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
232	307	header('HTTP/1.0 401 Unauthorized');

		@@ -244,7 +319,7 @@ function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
244	319	header('Location: ' . $loginurl);
245	320	}
246	321	}
247		- if ($exit_flag) {
	322	+ if ($exit_on_fail) {
248	323	$body = $title = str_replace('$1',
249	324	htmlsc(strip_bracket($page)), $title_cannot);
250	325	$page = str_replace('$1', make_search($page), $title_cannot);

		@@ -252,8 +327,6 @@ function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
252	327	exit;
253	328	}
254	329	return FALSE;
255		- } else {
256		- return TRUE;
257	330	}
258	331	}
259	332

--- a/plugin/edit.inc.php

+++ b/plugin/edit.inc.php

		@@ -1,7 +1,7 @@
1	1	<?php
2	2	// PukiWiki - Yet another WikiWikiWeb clone.
3	3	// edit.inc.php
4		-// Copyright (C) 2001-2016 PukiWiki Development Team
	4	+// Copyright 2001-2017 PukiWiki Development Team
5	5	// License: GPL v2 or (at your option) any later version
6	6	//
7	7	// Edit plugin (cmd=edit)

		@@ -42,12 +42,14 @@ function plugin_edit_preview()
42	42	$page = isset($vars['page']) ? $vars['page'] : '';
43	43
44	44	// Loading template
45		- if (isset($vars['template_page']) && is_page($vars['template_page'])) {
46		- $vars['msg'] = remove_author_info(get_source($vars['template_page'], TRUE, TRUE));
47		- // Cut fixed anchors
48		- $vars['msg'] = preg_replace('/^(\{1,3}.)\[#[A-Za-z][\w-]+\](.*)$/m', '$1$2', $vars['msg']);
	45	+ $template_page;
	46	+ if (isset($vars['template_page']) && is_page($template_page = $vars['template_page'])) {
	47	+ if (is_page_readable($template_page)) {
	48	+ $vars['msg'] = remove_author_info(get_source($vars['template_page'], TRUE, TRUE));
	49	+ // Cut fixed anchors
	50	+ $vars['msg'] = preg_replace('/^(\{1,3}.)\[#[A-Za-z][\w-]+\](.*)$/m', '$1$2', $vars['msg']);
	51	+ }
49	52	}
50		-
51	53	$vars['msg'] = preg_replace(PLUGIN_EDIT_FREEZE_REGEX, '', $vars['msg']);
52	54	$postdata = $vars['msg'];
53	55

PukiWiki Fork Fork

Commit

Tags

Frequently used words (click to add to your profile)

Commit MetaInfo

Log Message

Cambiar Resumen

Diferencia incremental

PukiWiki Fork
Fork