authz_policy matches pages in a case-sensitive manner
|Reported by:||Owned by:|
authz_policy got rolled into Trac mainline, so I'm filing a bug here, as opposed to at Trac Hacks.
I'm running Trac 0.11.6, but it doesn't look like the authz_policy plugin has changed int Trac 0.12. I noticed that the authz_policy matches the wiki page names using
fnmatch, which matches in a case-sensitive manner. So if you block users from a test page like so:
the user cannot access wiki/test, but can still access the page using wiki/Test, wiki/tEst, wiki/tESt, etc. authz_policy should not use case-sensitive matching for something like this. My temporary patch is to do:
236 if fnmatch(resource_key.lower(), resource_glob.lower()):
and we retain the benefits of a filesystem-type match.