id summary reporter owner description type status priority milestone component version severity resolution keywords cc branch changelog apichanges internalchanges 9778 authz_policy matches pages in a case-sensitive manner kpeng@… "authz_policy got rolled into Trac mainline, so I'm filing a bug here, as opposed to at Trac Hacks. I'm running Trac 0.11.6, but it doesn't look like the authz_policy plugin has changed int Trac 0.12. I noticed that the authz_policy matches the wiki page names using `fnmatch`, which matches in a case-sensitive manner. So if you block users from a test page like so: {{{ [wiki:test] }}} the user cannot access wiki/test, but can still access the page using wiki/Test, wiki/tEst, wiki/tESt, etc. authz_policy should not use case-sensitive matching for something like this. My temporary patch is to do: {{{ 236 if fnmatch(resource_key.lower(), resource_glob.lower()): }}} and we retain the benefits of a filesystem-type match." defect closed normal general 0.12dev normal wontfix authz_policy