ja:tips:clean_acl
no way to compare when less than two revisions
差分
このページの2つのバージョン間の差分を表示します。
— | ja:tips:clean_acl [2010-01-05 16:46] (現在) – created kazmiya | ||
---|---|---|---|
行 1: | 行 1: | ||
+ | |||
+ | ====== アクセス制御リストを掃除する ====== | ||
+ | |||
+ | ページや名前空間、ユーザーが削除されたとき、それらに対する権限の設定はアクセス制御リスト (ACL) の中に残されます。これはページやユーザーが再び作成された場合の潜在的なセキュリティリスクとなります。以下に示すスクリプト (DokuWiki の '' | ||
+ | |||
+ | <code php clean_acl.php> | ||
+ | # | ||
+ | <?php | ||
+ | # | ||
+ | if(!defined(' | ||
+ | if(!defined(' | ||
+ | require_once DOKU_INC.' | ||
+ | require_once DOKU_INC.' | ||
+ | require_once DOKU_INC.' | ||
+ | |||
+ | // handle options | ||
+ | $short_opts = ' | ||
+ | $long_opts | ||
+ | $OPTS = Doku_Cli_Opts:: | ||
+ | if ( $OPTS-> | ||
+ | fwrite( STDERR, $OPTS-> | ||
+ | _usage(); | ||
+ | exit(1); | ||
+ | } | ||
+ | |||
+ | $QUIET = false; | ||
+ | foreach ($OPTS-> | ||
+ | switch ($key) { | ||
+ | case ' | ||
+ | case ' | ||
+ | _usage(); | ||
+ | exit; | ||
+ | case ' | ||
+ | case ' | ||
+ | $QUIET = true; | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # | ||
+ | |||
+ | function _usage() { | ||
+ | print " | ||
+ | | ||
+ | Removes entries from acl.auth.php referencing page ids that | ||
+ | don't exist anymore. | ||
+ | | ||
+ | OPTIONS | ||
+ | -h, --help | ||
+ | -q, --quiet | ||
+ | "; | ||
+ | } | ||
+ | |||
+ | # | ||
+ | function clean_acl() | ||
+ | { | ||
+ | $acls_name = DOKU_CONF.'/ | ||
+ | $acls = file($acls_name); | ||
+ | $new_acls = fopen(DOKU_CONF.'/ | ||
+ | $msg = " | ||
+ | $was_changed = false; | ||
+ | foreach($acls as $line) | ||
+ | { | ||
+ | if(trim($line) && !preg_match('/ | ||
+ | { | ||
+ | if(id_exists($line)) | ||
+ | { | ||
+ | if(user_exists($line)) | ||
+ | { | ||
+ | fwrite($new_acls, | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | _quietecho(sprintf($msg, | ||
+ | $was_changed = true; | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | _quietecho(sprintf($msg, | ||
+ | | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | fwrite($new_acls, | ||
+ | } | ||
+ | } | ||
+ | fclose($new_acls); | ||
+ | //die(); | ||
+ | if($was_changed) | ||
+ | { | ||
+ | $ok = @rename(DOKU_CONF.'/ | ||
+ | if($ok) | ||
+ | $ok = @rename(DOKU_CONF.'/ | ||
+ | else | ||
+ | _quietecho(' | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | @unlink(DOKU_CONF.'/ | ||
+ | } | ||
+ | | ||
+ | } | ||
+ | |||
+ | # | ||
+ | function id_exists($acl_line) | ||
+ | { | ||
+ | $access = preg_split("/ | ||
+ | // " | ||
+ | if($access[0]==" | ||
+ | { | ||
+ | return true; | ||
+ | } | ||
+ | // Namespace | ||
+ | elseif(preg_match('/ | ||
+ | { | ||
+ | $fn = str_replace(" | ||
+ | } | ||
+ | // Page | ||
+ | else | ||
+ | { | ||
+ | $fn = wikiFN($access[0]); | ||
+ | } | ||
+ | return file_exists($fn); | ||
+ | } | ||
+ | |||
+ | function user_exists($line) | ||
+ | { | ||
+ | static $usernames = null; | ||
+ | if(is_null($usernames)) | ||
+ | { | ||
+ | $usernames = array(); | ||
+ | foreach(file(DOKU_CONF.'/ | ||
+ | { | ||
+ | if($userline[0] == '#' | ||
+ | continue; | ||
+ | $line_arr = explode(':', | ||
+ | if(trim($line_arr[0])) | ||
+ | $usernames[] = trim($line_arr[0]); | ||
+ | } | ||
+ | } | ||
+ | list(, | ||
+ | if($user[0] == ' | ||
+ | return true; | ||
+ | return in_array(rawurldecode($user), | ||
+ | } | ||
+ | |||
+ | function _quietecho($msg) | ||
+ | { | ||
+ | global $QUIET; | ||
+ | if(!$QUIET) | ||
+ | echo $msg; | ||
+ | } | ||
+ | |||
+ | clean_acl(); | ||
+ | ?> | ||
+ | </ | ||
ja/tips/clean_acl.txt · 最終更新: 2010-01-05 16:46 by kazmiya