diff options
-rw-r--r-- | Bugzilla/DB.pm | 7 | ||||
-rw-r--r-- | Bugzilla/DB/Mysql.pm | 9 | ||||
-rw-r--r-- | Bugzilla/DB/Pg.pm | 9 | ||||
-rw-r--r-- | Bugzilla/Search.pm | 27 | ||||
-rwxr-xr-x | checksetup.pl | 5 | ||||
-rw-r--r-- | contrib/BugzillaEmail.pm | 9 | ||||
-rwxr-xr-x | editusers.cgi | 10 |
7 files changed, 53 insertions, 23 deletions
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index 6ec377cd7..fd846d2a5 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -24,6 +24,7 @@ # Christopher Aillon <christopher@aillon.com> # Tomas Kopal <Tomas.Kopal@altap.cz> # Max Kanat-Alexander <mkanat@bugzilla.org> +# Lance Larsh <lance.larsh@oracle.com> package Bugzilla::DB; @@ -1081,7 +1082,8 @@ formatted SQL command have prefix C<sql_>. All other methods have prefix C<bz_>. searches (case insensitive) in format suitable for a given database. Abstract method, should be overriden by database specific code. - Params: none + Params: $expr = SQL expression for the text to be searched (scalar) + $pattern = the regular expression to search for (scalar) Returns: formatted SQL for regular expression search (e.g. REGEXP) (scalar) @@ -1091,7 +1093,8 @@ formatted SQL command have prefix C<sql_>. All other methods have prefix C<bz_>. regex searches (case insensitive) in format suitable for a given database. Abstract method, should be overriden by database specific code. - Params: none + Params: $expr = SQL expression for the text to be searched (scalar) + $pattern = the regular expression to search for (scalar) Returns: formatted SQL for negative regular expression search (e.g. NOT REGEXP) (scalar) diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm index 0951cdc5f..c3824ab9a 100644 --- a/Bugzilla/DB/Mysql.pm +++ b/Bugzilla/DB/Mysql.pm @@ -23,6 +23,7 @@ # Dave Lawrence <dkl@redhat.com> # Tomas Kopal <Tomas.Kopal@altap.cz> # Max Kanat-Alexander <mkanat@bugzilla.org> +# Lance Larsh <lance.larsh@oracle.com> =head1 NAME @@ -83,11 +84,15 @@ sub bz_last_key { } sub sql_regexp { - return "REGEXP"; + my ($self, $expr, $pattern) = @_; + + return "$expr REGEXP $pattern"; } sub sql_not_regexp { - return "NOT REGEXP"; + my ($self, $expr, $pattern) = @_; + + return "$expr NOT REGEXP $pattern"; } sub sql_limit { diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm index c8ff4221b..f0c18b728 100644 --- a/Bugzilla/DB/Pg.pm +++ b/Bugzilla/DB/Pg.pm @@ -23,6 +23,7 @@ # Dave Lawrence <dkl@redhat.com> # Tomas Kopal <Tomas.Kopal@altap.cz> # Max Kanat-Alexander <mkanat@bugzilla.org> +# Lance Larsh <lance.larsh@oracle.com> =head1 NAME @@ -89,11 +90,15 @@ sub bz_last_key { } sub sql_regexp { - return "~*"; + my ($self, $expr, $pattern) = @_; + + return "$expr ~* $pattern"; } sub sql_not_regexp { - return "!~*" + my ($self, $expr, $pattern) = @_; + + return "$expr !~* $pattern" } sub sql_limit { diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index ae11dfa67..42f6da749 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -26,6 +26,7 @@ # Michael Schindler <michael@compressconsult.com> # Max Kanat-Alexander <mkanat@bugzilla.org> # Joel Peshkin <bugreport@peshkin.net> +# Lance Larsh <lance.larsh@oracle.com> use strict; @@ -724,9 +725,15 @@ sub init { } elsif ($t eq "notequal") { $oper = "<>"; } elsif ($t eq "regexp") { - $oper = $dbh->sql_regexp(); + # This is just a dummy to help catch bugs- $oper won't be used + # since "regexp" is treated as a special case below. But + # leaving $oper uninitialized seems risky... + $oper = "sql_regexp"; } elsif ($t eq "notregexp") { - $oper = $dbh->sql_not_regexp(); + # This is just a dummy to help catch bugs- $oper won't be used + # since "notregexp" is treated as a special case below. But + # leaving $oper uninitialized seems risky... + $oper = "sql_not_regexp"; } else { $oper = "noop"; } @@ -744,7 +751,13 @@ sub init { COUNT(DISTINCT $table.bug_when) / COUNT(bugs.bug_id)) + bugs.remaining_time)))"; - push(@having, "$expression $oper " . &::SqlQuote($v)); + if ($t eq "regexp") { + push(@having, $dbh->sql_regexp($expression, &::SqlQuote($v))); + } elsif ($t eq "notregexp") { + push(@having, $dbh->sql_not_regexp($expression, &::SqlQuote($v))); + } else { + push(@having, "$expression $oper " . &::SqlQuote($v)); + } push(@groupby, "bugs.remaining_time"); } $term = "0=0"; @@ -1024,10 +1037,10 @@ sub init { $term = $dbh->sql_position(lc($q), "LOWER($ff)") . " = 0"; }, ",regexp" => sub { - $term = "$ff " . $dbh->sql_regexp() . " $q"; + $term = $dbh->sql_regexp($ff, $q); }, ",notregexp" => sub { - $term = "$ff " . $dbh->sql_not_regexp() . " $q"; + $term = $dbh->sql_not_regexp($ff, $q); }, ",lessthan" => sub { $term = "$ff < $q"; @@ -1517,7 +1530,7 @@ sub ListIDsForEmail { } } elsif ($type eq 'regexp') { &::SendSQL("SELECT userid FROM profiles WHERE " . - "login_name " . $dbh->sql_regexp() . ::SqlQuote($email) . + $dbh->sql_regexp("login_name", ::SqlQuote($email)) . " " . $dbh->sql_limit(51)); while (&::MoreSQLData()) { my ($id) = &::FetchSQLData(); @@ -1558,7 +1571,7 @@ sub GetByWordList { $word =~ s/^'//; $word =~ s/'$//; $word = '(^|[^a-z0-9])' . $word . '($|[^a-z0-9])'; - push(@list, "$field " . $dbh->sql_regexp() . " '$word'"); + push(@list, $dbh->sql_regexp($field, "'$word'")); } } diff --git a/checksetup.pl b/checksetup.pl index 5fe6cea97..b37d6e414 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -32,6 +32,7 @@ # Dave Lawrence <dkl@redhat.com> # Max Kanat-Alexander <mkanat@bugzilla.org> # Joel Peshkin <bugreport@peshkin.net> +# Lance Larsh <lance.larsh@oracle.com> # # # @@ -2446,8 +2447,8 @@ if (!($sth->fetchrow_arrayref()->[0])) { "SELECT longdescs.bug_id, thetext " . "FROM longdescs " . "LEFT JOIN bugs using(bug_id) " . - "WHERE (thetext " . $dbh->sql_regexp . - " '[.*.]{3} This bug has been marked as a duplicate of [[:digit:]]+ [.*.]{3}') " . + "WHERE (" . $dbh->sql_regexp("thetext", + "'[.*.]{3} This bug has been marked as a duplicate of [[:digit:]]+ [.*.]{3}'") . ") " . "AND (resolution = 'DUPLICATE') " . "ORDER BY longdescs.bug_when"); $sth->execute(); diff --git a/contrib/BugzillaEmail.pm b/contrib/BugzillaEmail.pm index 473169c9e..db31d1f24 100644 --- a/contrib/BugzillaEmail.pm +++ b/contrib/BugzillaEmail.pm @@ -16,6 +16,7 @@ # Gregor Fischer <fischer@suse.de> # Klaas Freitag <freitag@suse.de> # Seth Landsman <seth@dworkin.net> +# Lance Larsh <lance.larsh@oracle.com> # The purpose of this module is to abstract out a bunch of the code # that is central to email interfaces to bugzilla and its database @@ -54,8 +55,8 @@ sub findUser($) { return $found_address; } elsif ($email_transform eq $EMAIL_TRANSFORM_BASE_DOMAIN) { my ($username) = ($address =~ /(.+)@/); - my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_istrcmp( - 'login_name', $dbh->quote($username), $dbh->sql_regexp()); + my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_regexp( + $dbh->sql_istring('login_name'), $dbh->sql_istring($dbh->quote($username))); SendSQL($stmt); my $domain; @@ -72,8 +73,8 @@ sub findUser($) { return $new_address; } elsif ($email_transform eq $EMAIL_TRANSFORM_NAME_ONLY) { my ($username) = ($address =~ /(.+)@/); - my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_istrcmp( - 'login_name', $dbh->quote($username), $dbh->sql_regexp()); + my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_regexp( + $dbh->sql_istring('login_name'), $dbh->sql_istring($dbh->quote($username))); SendSQL($stmt); my $found_address = FetchOneColumn(); return $found_address; diff --git a/editusers.cgi b/editusers.cgi index 0d413f2ca..b7ce52b3e 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -14,6 +14,7 @@ # The Original Code is the Bugzilla Bug Tracking System. # # Contributor(s): Marc Schumann <wurblzap@gmail.com> +# Lance Larsh <lance.larsh@oracle.com> use strict; use lib "."; @@ -109,15 +110,16 @@ if ($action eq 'search') { else { # Handle selection by user name. if (defined($matchtype)) { - $query .= " $nextCondition profiles.login_name "; + $query .= " $nextCondition "; + my $expr = "profiles.login_name"; if ($matchtype eq 'regexp') { - $query .= $dbh->sql_regexp . ' ?'; + $query .= $dbh->sql_regexp($expr, '?'); $matchstr = '.' unless $matchstr; } elsif ($matchtype eq 'notregexp') { - $query .= $dbh->sql_not_regexp . ' ?'; + $query .= $dbh->sql_not_regexp($expr, '?'); $matchstr = '.' unless $matchstr; } else { # substr or unknown - $query .= 'like ?'; + $query .= $expr . ' like ?'; $matchstr = "%$matchstr%"; } $nextCondition = 'AND'; |