When pages, namespaces and users are deleted, the permission settings for them are left in the access control list (ACL). This can create a potential security risk when pages or users are created again. The following script (to be placed in the bin folder of your DokuWiki installation) cleans up the ACL. You must create the folder conf/backup first, the old ACL file will be backed up there. Depending on the usage patterns in your wiki, you can run it as as daily, weekly or monthly cron job.
#!/usr/bin/php <?php #------------------------------------------------------------------------------ if(!defined('NOSESSION')) define('NOSESSION', true); if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../').'/'); require_once DOKU_INC.'inc/init.php'; require_once DOKU_INC.'inc/common.php'; require_once DOKU_INC.'inc/cliopts.php'; // handle options $short_opts = 'hq'; $long_opts = array('help', 'quiet'); $OPTS = Doku_Cli_Opts::getOptions(__FILE__,$short_opts,$long_opts); if ( $OPTS->isError() ) { fwrite( STDERR, $OPTS->getMessage() . "\n"); _usage(); exit(1); } $QUIET = false; foreach ($OPTS->options as $key => $val) { switch ($key) { case 'h': case 'help': _usage(); exit; case 'q': case 'quiet': $QUIET = true; break; } } #------------------------------------------------------------------------------ function _usage() { print "Usage: clean_acl.php <options> Removes entries from acl.auth.php referencing page ids that don't exist anymore. OPTIONS -h, --help show this help and exit -q, --quiet don't produce any output "; } #------------------------------------------------------------------------------ function clean_acl() { $acls_name = DOKU_CONF.'/acl.auth.php'; $acls = file($acls_name); $new_acls = fopen(DOKU_CONF.'/acl.auth.new.php', 'w'); $msg = "Removed: '%s' (%s).\n"; $was_changed = false; foreach($acls as $line) { if(trim($line) && !preg_match('/^#/', $line)) { if(id_exists($line)) { if(user_exists($line)) { fwrite($new_acls, $line); } else { _quietecho(sprintf($msg, trim($line), 'user does not exist')); $was_changed = true; } } else { _quietecho(sprintf($msg, trim($line), 'page does not exist')); $was_changed = true; } } else { fwrite($new_acls, $line); } } fclose($new_acls); //die(); if($was_changed) { $ok = @rename(DOKU_CONF.'/acl.auth.php', DOKU_CONF.'/backup/acl.auth.'.date('Y-m-d_His').'.php'); if($ok) $ok = @rename(DOKU_CONF.'/acl.auth.new.php', DOKU_CONF.'/acl.auth.php'); else _quietecho('Could not rename old acl file.'); } else { @unlink(DOKU_CONF.'/acl.auth.new.php'); } } #------------------------------------------------------------------------------ function id_exists($acl_line) { $access = preg_split("/\s/", $acl_line); // "All" if($access[0]=="*") { return true; } // Namespace elseif(preg_match('/(.*):\*$/', $access[0], $matches)) { $fn = str_replace(".txt", "", wikiFN($matches[1])); } // Page else { $fn = wikiFN($access[0]); } return file_exists($fn); } function user_exists($line) { static $usernames = null; if(is_null($usernames)) { $usernames = array(); foreach(file(DOKU_CONF.'/users.auth.php') as $userline) { if($userline[0] == '#') continue; $line_arr = explode(':', $userline); if(trim($line_arr[0])) $usernames[] = trim($line_arr[0]); } } list(,$user) = explode("\t", $line); if($user[0] == '@') return true; return in_array(rawurldecode($user), $usernames); } function _quietecho($msg) { global $QUIET; if(!$QUIET) echo $msg; } clean_acl(); ?>