summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/DB.pm7
-rw-r--r--Bugzilla/DB/Mysql.pm9
-rw-r--r--Bugzilla/DB/Pg.pm9
-rw-r--r--Bugzilla/Search.pm27
-rwxr-xr-xchecksetup.pl5
-rw-r--r--contrib/BugzillaEmail.pm9
-rwxr-xr-xeditusers.cgi10
7 files changed, 53 insertions, 23 deletions
diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 6ec377cd7..fd846d2a5 100644
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -24,6 +24,7 @@
# Christopher Aillon <christopher@aillon.com>
# Tomas Kopal <Tomas.Kopal@altap.cz>
# Max Kanat-Alexander <mkanat@bugzilla.org>
+# Lance Larsh <lance.larsh@oracle.com>
package Bugzilla::DB;
@@ -1081,7 +1082,8 @@ formatted SQL command have prefix C<sql_>. All other methods have prefix C<bz_>.
searches (case insensitive) in format suitable for a given
database.
Abstract method, should be overriden by database specific code.
- Params: none
+ Params: $expr = SQL expression for the text to be searched (scalar)
+ $pattern = the regular expression to search for (scalar)
Returns: formatted SQL for regular expression search (e.g. REGEXP)
(scalar)
@@ -1091,7 +1093,8 @@ formatted SQL command have prefix C<sql_>. All other methods have prefix C<bz_>.
regex searches (case insensitive) in format suitable for a given
database.
Abstract method, should be overriden by database specific code.
- Params: none
+ Params: $expr = SQL expression for the text to be searched (scalar)
+ $pattern = the regular expression to search for (scalar)
Returns: formatted SQL for negative regular expression search
(e.g. NOT REGEXP) (scalar)
diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm
index 0951cdc5f..c3824ab9a 100644
--- a/Bugzilla/DB/Mysql.pm
+++ b/Bugzilla/DB/Mysql.pm
@@ -23,6 +23,7 @@
# Dave Lawrence <dkl@redhat.com>
# Tomas Kopal <Tomas.Kopal@altap.cz>
# Max Kanat-Alexander <mkanat@bugzilla.org>
+# Lance Larsh <lance.larsh@oracle.com>
=head1 NAME
@@ -83,11 +84,15 @@ sub bz_last_key {
}
sub sql_regexp {
- return "REGEXP";
+ my ($self, $expr, $pattern) = @_;
+
+ return "$expr REGEXP $pattern";
}
sub sql_not_regexp {
- return "NOT REGEXP";
+ my ($self, $expr, $pattern) = @_;
+
+ return "$expr NOT REGEXP $pattern";
}
sub sql_limit {
diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm
index c8ff4221b..f0c18b728 100644
--- a/Bugzilla/DB/Pg.pm
+++ b/Bugzilla/DB/Pg.pm
@@ -23,6 +23,7 @@
# Dave Lawrence <dkl@redhat.com>
# Tomas Kopal <Tomas.Kopal@altap.cz>
# Max Kanat-Alexander <mkanat@bugzilla.org>
+# Lance Larsh <lance.larsh@oracle.com>
=head1 NAME
@@ -89,11 +90,15 @@ sub bz_last_key {
}
sub sql_regexp {
- return "~*";
+ my ($self, $expr, $pattern) = @_;
+
+ return "$expr ~* $pattern";
}
sub sql_not_regexp {
- return "!~*"
+ my ($self, $expr, $pattern) = @_;
+
+ return "$expr !~* $pattern"
}
sub sql_limit {
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index ae11dfa67..42f6da749 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -26,6 +26,7 @@
# Michael Schindler <michael@compressconsult.com>
# Max Kanat-Alexander <mkanat@bugzilla.org>
# Joel Peshkin <bugreport@peshkin.net>
+# Lance Larsh <lance.larsh@oracle.com>
use strict;
@@ -724,9 +725,15 @@ sub init {
} elsif ($t eq "notequal") {
$oper = "<>";
} elsif ($t eq "regexp") {
- $oper = $dbh->sql_regexp();
+ # This is just a dummy to help catch bugs- $oper won't be used
+ # since "regexp" is treated as a special case below. But
+ # leaving $oper uninitialized seems risky...
+ $oper = "sql_regexp";
} elsif ($t eq "notregexp") {
- $oper = $dbh->sql_not_regexp();
+ # This is just a dummy to help catch bugs- $oper won't be used
+ # since "notregexp" is treated as a special case below. But
+ # leaving $oper uninitialized seems risky...
+ $oper = "sql_not_regexp";
} else {
$oper = "noop";
}
@@ -744,7 +751,13 @@ sub init {
COUNT(DISTINCT $table.bug_when) /
COUNT(bugs.bug_id)) +
bugs.remaining_time)))";
- push(@having, "$expression $oper " . &::SqlQuote($v));
+ if ($t eq "regexp") {
+ push(@having, $dbh->sql_regexp($expression, &::SqlQuote($v)));
+ } elsif ($t eq "notregexp") {
+ push(@having, $dbh->sql_not_regexp($expression, &::SqlQuote($v)));
+ } else {
+ push(@having, "$expression $oper " . &::SqlQuote($v));
+ }
push(@groupby, "bugs.remaining_time");
}
$term = "0=0";
@@ -1024,10 +1037,10 @@ sub init {
$term = $dbh->sql_position(lc($q), "LOWER($ff)") . " = 0";
},
",regexp" => sub {
- $term = "$ff " . $dbh->sql_regexp() . " $q";
+ $term = $dbh->sql_regexp($ff, $q);
},
",notregexp" => sub {
- $term = "$ff " . $dbh->sql_not_regexp() . " $q";
+ $term = $dbh->sql_not_regexp($ff, $q);
},
",lessthan" => sub {
$term = "$ff < $q";
@@ -1517,7 +1530,7 @@ sub ListIDsForEmail {
}
} elsif ($type eq 'regexp') {
&::SendSQL("SELECT userid FROM profiles WHERE " .
- "login_name " . $dbh->sql_regexp() . ::SqlQuote($email) .
+ $dbh->sql_regexp("login_name", ::SqlQuote($email)) .
" " . $dbh->sql_limit(51));
while (&::MoreSQLData()) {
my ($id) = &::FetchSQLData();
@@ -1558,7 +1571,7 @@ sub GetByWordList {
$word =~ s/^'//;
$word =~ s/'$//;
$word = '(^|[^a-z0-9])' . $word . '($|[^a-z0-9])';
- push(@list, "$field " . $dbh->sql_regexp() . " '$word'");
+ push(@list, $dbh->sql_regexp($field, "'$word'"));
}
}
diff --git a/checksetup.pl b/checksetup.pl
index 5fe6cea97..b37d6e414 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -32,6 +32,7 @@
# Dave Lawrence <dkl@redhat.com>
# Max Kanat-Alexander <mkanat@bugzilla.org>
# Joel Peshkin <bugreport@peshkin.net>
+# Lance Larsh <lance.larsh@oracle.com>
#
#
#
@@ -2446,8 +2447,8 @@ if (!($sth->fetchrow_arrayref()->[0])) {
"SELECT longdescs.bug_id, thetext " .
"FROM longdescs " .
"LEFT JOIN bugs using(bug_id) " .
- "WHERE (thetext " . $dbh->sql_regexp .
- " '[.*.]{3} This bug has been marked as a duplicate of [[:digit:]]+ [.*.]{3}') " .
+ "WHERE (" . $dbh->sql_regexp("thetext",
+ "'[.*.]{3} This bug has been marked as a duplicate of [[:digit:]]+ [.*.]{3}'") . ") " .
"AND (resolution = 'DUPLICATE') " .
"ORDER BY longdescs.bug_when");
$sth->execute();
diff --git a/contrib/BugzillaEmail.pm b/contrib/BugzillaEmail.pm
index 473169c9e..db31d1f24 100644
--- a/contrib/BugzillaEmail.pm
+++ b/contrib/BugzillaEmail.pm
@@ -16,6 +16,7 @@
# Gregor Fischer <fischer@suse.de>
# Klaas Freitag <freitag@suse.de>
# Seth Landsman <seth@dworkin.net>
+# Lance Larsh <lance.larsh@oracle.com>
# The purpose of this module is to abstract out a bunch of the code
# that is central to email interfaces to bugzilla and its database
@@ -54,8 +55,8 @@ sub findUser($) {
return $found_address;
} elsif ($email_transform eq $EMAIL_TRANSFORM_BASE_DOMAIN) {
my ($username) = ($address =~ /(.+)@/);
- my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_istrcmp(
- 'login_name', $dbh->quote($username), $dbh->sql_regexp());
+ my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_regexp(
+ $dbh->sql_istring('login_name'), $dbh->sql_istring($dbh->quote($username)));
SendSQL($stmt);
my $domain;
@@ -72,8 +73,8 @@ sub findUser($) {
return $new_address;
} elsif ($email_transform eq $EMAIL_TRANSFORM_NAME_ONLY) {
my ($username) = ($address =~ /(.+)@/);
- my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_istrcmp(
- 'login_name', $dbh->quote($username), $dbh->sql_regexp());
+ my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_regexp(
+ $dbh->sql_istring('login_name'), $dbh->sql_istring($dbh->quote($username)));
SendSQL($stmt);
my $found_address = FetchOneColumn();
return $found_address;
diff --git a/editusers.cgi b/editusers.cgi
index 0d413f2ca..b7ce52b3e 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -14,6 +14,7 @@
# The Original Code is the Bugzilla Bug Tracking System.
#
# Contributor(s): Marc Schumann <wurblzap@gmail.com>
+# Lance Larsh <lance.larsh@oracle.com>
use strict;
use lib ".";
@@ -109,15 +110,16 @@ if ($action eq 'search') {
else {
# Handle selection by user name.
if (defined($matchtype)) {
- $query .= " $nextCondition profiles.login_name ";
+ $query .= " $nextCondition ";
+ my $expr = "profiles.login_name";
if ($matchtype eq 'regexp') {
- $query .= $dbh->sql_regexp . ' ?';
+ $query .= $dbh->sql_regexp($expr, '?');
$matchstr = '.' unless $matchstr;
} elsif ($matchtype eq 'notregexp') {
- $query .= $dbh->sql_not_regexp . ' ?';
+ $query .= $dbh->sql_not_regexp($expr, '?');
$matchstr = '.' unless $matchstr;
} else { # substr or unknown
- $query .= 'like ?';
+ $query .= $expr . ' like ?';
$matchstr = "%$matchstr%";
}
$nextCondition = 'AND';