7 files changed, 53 insertions, 23 deletions

diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm
index 6ec377cd7..fd846d2a5 100644
--- a/Bugzilla/DB.pm
+++ b/Bugzilla/DB.pm
@@ -24,6 +24,7 @@
 #                 Christopher Aillon <christopher@aillon.com>
 #                 Tomas Kopal <Tomas.Kopal@altap.cz>
 #                 Max Kanat-Alexander <mkanat@bugzilla.org>
+#                 Lance Larsh <lance.larsh@oracle.com>
 
 package Bugzilla::DB;
 
@@ -1081,7 +1082,8 @@ formatted SQL command have prefix C<sql_>. All other methods have prefix C<bz_>.
               searches (case insensitive) in format suitable for a given
               database.
               Abstract method, should be overriden by database specific code.
- Params:      none
+ Params:      $expr = SQL expression for the text to be searched (scalar)
+              $pattern = the regular expression to search for (scalar)
  Returns:     formatted SQL for regular expression search (e.g. REGEXP)
               (scalar)
 
@@ -1091,7 +1093,8 @@ formatted SQL command have prefix C<sql_>. All other methods have prefix C<bz_>.
               regex searches (case insensitive) in format suitable for a given
               database.
               Abstract method, should be overriden by database specific code.
- Params:      none
+ Params:      $expr = SQL expression for the text to be searched (scalar)
+              $pattern = the regular expression to search for (scalar)
  Returns:     formatted SQL for negative regular expression search
               (e.g. NOT REGEXP) (scalar)
 
diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm
index 0951cdc5f..c3824ab9a 100644
--- a/Bugzilla/DB/Mysql.pm
+++ b/Bugzilla/DB/Mysql.pm
@@ -23,6 +23,7 @@
 #                 Dave Lawrence <dkl@redhat.com>
 #                 Tomas Kopal <Tomas.Kopal@altap.cz>
 #                 Max Kanat-Alexander <mkanat@bugzilla.org>
+#                 Lance Larsh <lance.larsh@oracle.com>
 
 =head1 NAME
 
@@ -83,11 +84,15 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    return "REGEXP";
+    my ($self, $expr, $pattern) = @_;
+
+    return "$expr REGEXP $pattern";
 }
 
 sub sql_not_regexp {
-    return "NOT REGEXP";
+    my ($self, $expr, $pattern) = @_;
+
+    return "$expr NOT REGEXP $pattern";
 }
 
 sub sql_limit {
diff --git a/Bugzilla/DB/Pg.pm b/Bugzilla/DB/Pg.pm
index c8ff4221b..f0c18b728 100644
--- a/Bugzilla/DB/Pg.pm
+++ b/Bugzilla/DB/Pg.pm
@@ -23,6 +23,7 @@
 #                 Dave Lawrence <dkl@redhat.com>
 #                 Tomas Kopal <Tomas.Kopal@altap.cz>
 #                 Max Kanat-Alexander <mkanat@bugzilla.org>
+#                 Lance Larsh <lance.larsh@oracle.com>
 
 =head1 NAME
 
@@ -89,11 +90,15 @@ sub bz_last_key {
 }
 
 sub sql_regexp {
-    return "~*";
+    my ($self, $expr, $pattern) = @_;
+
+    return "$expr ~* $pattern";
 }
 
 sub sql_not_regexp {
-    return "!~*" 
+    my ($self, $expr, $pattern) = @_;
+
+    return "$expr !~* $pattern" 
 }
 
 sub sql_limit {
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index ae11dfa67..42f6da749 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -26,6 +26,7 @@
 #                 Michael Schindler <michael@compressconsult.com>
 #                 Max Kanat-Alexander <mkanat@bugzilla.org>
 #                 Joel Peshkin <bugreport@peshkin.net>
+#                 Lance Larsh <lance.larsh@oracle.com>
 
 use strict;
 
@@ -724,9 +725,15 @@ sub init {
              } elsif ($t eq "notequal") {
                  $oper = "<>";
              } elsif ($t eq "regexp") {
-                 $oper = $dbh->sql_regexp();
+                 # This is just a dummy to help catch bugs- $oper won't be used
+                 # since "regexp" is treated as a special case below.  But
+                 # leaving $oper uninitialized seems risky...
+                 $oper = "sql_regexp";
              } elsif ($t eq "notregexp") {
-                 $oper = $dbh->sql_not_regexp();
+                 # This is just a dummy to help catch bugs- $oper won't be used
+                 # since "notregexp" is treated as a special case below.  But
+                 # leaving $oper uninitialized seems risky...
+                 $oper = "sql_not_regexp";
              } else {
                  $oper = "noop";
              }
@@ -744,7 +751,13 @@ sub init {
                                               COUNT(DISTINCT $table.bug_when) /
                                               COUNT(bugs.bug_id)) +
                                              bugs.remaining_time)))";
-                 push(@having, "$expression $oper " . &::SqlQuote($v));
+                 if ($t eq "regexp") {
+                     push(@having, $dbh->sql_regexp($expression, &::SqlQuote($v)));
+                 } elsif ($t eq "notregexp") {
+                     push(@having, $dbh->sql_not_regexp($expression, &::SqlQuote($v)));
+                 } else {
+                     push(@having, "$expression $oper " . &::SqlQuote($v));
+                 }
                  push(@groupby, "bugs.remaining_time");
              }
              $term = "0=0";
@@ -1024,10 +1037,10 @@ sub init {
              $term = $dbh->sql_position(lc($q), "LOWER($ff)") . " = 0";
          },
          ",regexp" => sub {
-             $term = "$ff " . $dbh->sql_regexp() . " $q";
+             $term = $dbh->sql_regexp($ff, $q);
          },
          ",notregexp" => sub {
-             $term = "$ff " . $dbh->sql_not_regexp() . " $q";
+             $term = $dbh->sql_not_regexp($ff, $q);
          },
          ",lessthan" => sub {
              $term = "$ff < $q";
@@ -1517,7 +1530,7 @@ sub ListIDsForEmail {
         }
     } elsif ($type eq 'regexp') {
         &::SendSQL("SELECT userid FROM profiles WHERE " .
-            "login_name " . $dbh->sql_regexp() . ::SqlQuote($email) .
+            $dbh->sql_regexp("login_name", ::SqlQuote($email)) .
             " " . $dbh->sql_limit(51));
         while (&::MoreSQLData()) {
             my ($id) = &::FetchSQLData();
@@ -1558,7 +1571,7 @@ sub GetByWordList {
             $word =~ s/^'//;
             $word =~ s/'$//;
             $word = '(^|[^a-z0-9])' . $word . '($|[^a-z0-9])';
-            push(@list, "$field " . $dbh->sql_regexp() . " '$word'");
+            push(@list, $dbh->sql_regexp($field, "'$word'"));
         }
     }
 
diff --git a/checksetup.pl b/checksetup.pl
index 5fe6cea97..b37d6e414 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -32,6 +32,7 @@
 #                 Dave Lawrence <dkl@redhat.com>
 #                 Max Kanat-Alexander <mkanat@bugzilla.org>
 #                 Joel Peshkin <bugreport@peshkin.net>
+#                 Lance Larsh <lance.larsh@oracle.com>
 #
 #
 #
@@ -2446,8 +2447,8 @@ if (!($sth->fetchrow_arrayref()->[0])) {
         "SELECT longdescs.bug_id, thetext " .
           "FROM longdescs " .
      "LEFT JOIN bugs using(bug_id) " .
-         "WHERE (thetext " . $dbh->sql_regexp .
-                 " '[.*.]{3} This bug has been marked as a duplicate of [[:digit:]]+ [.*.]{3}') " .
+         "WHERE (" . $dbh->sql_regexp("thetext",
+                 "'[.*.]{3} This bug has been marked as a duplicate of [[:digit:]]+ [.*.]{3}'") . ") " .
            "AND (resolution = 'DUPLICATE') " .
       "ORDER BY longdescs.bug_when");
     $sth->execute();
diff --git a/contrib/BugzillaEmail.pm b/contrib/BugzillaEmail.pm
index 473169c9e..db31d1f24 100644
--- a/contrib/BugzillaEmail.pm
+++ b/contrib/BugzillaEmail.pm
@@ -16,6 +16,7 @@
 #                 Gregor Fischer <fischer@suse.de>
 #                 Klaas Freitag  <freitag@suse.de>
 #                 Seth Landsman  <seth@dworkin.net>
+#                 Lance Larsh <lance.larsh@oracle.com>
 
 # The purpose of this module is to abstract out a bunch of the code
 #  that is central to email interfaces to bugzilla and its database
@@ -54,8 +55,8 @@ sub findUser($) {
     return $found_address;
   } elsif ($email_transform eq $EMAIL_TRANSFORM_BASE_DOMAIN) {
     my ($username) = ($address =~ /(.+)@/);
-    my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_istrcmp(
-               'login_name', $dbh->quote($username), $dbh->sql_regexp());
+    my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_regexp(
+               $dbh->sql_istring('login_name'), $dbh->sql_istring($dbh->quote($username)));
     SendSQL($stmt);
 
     my $domain;
@@ -72,8 +73,8 @@ sub findUser($) {
     return $new_address;
   } elsif ($email_transform eq $EMAIL_TRANSFORM_NAME_ONLY) {
     my ($username) = ($address =~ /(.+)@/);
-    my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_istrcmp(
-                'login_name', $dbh->quote($username), $dbh->sql_regexp());
+    my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_regexp(
+                $dbh->sql_istring('login_name'), $dbh->sql_istring($dbh->quote($username)));
     SendSQL($stmt);
     my $found_address = FetchOneColumn();
     return $found_address;
diff --git a/editusers.cgi b/editusers.cgi
index 0d413f2ca..b7ce52b3e 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -14,6 +14,7 @@
 # The Original Code is the Bugzilla Bug Tracking System.
 #
 # Contributor(s): Marc Schumann <wurblzap@gmail.com>
+#                 Lance Larsh <lance.larsh@oracle.com>
 
 use strict;
 use lib ".";
@@ -109,15 +110,16 @@ if ($action eq 'search') {
     else {
         # Handle selection by user name.
         if (defined($matchtype)) {
-            $query .= " $nextCondition profiles.login_name ";
+            $query .= " $nextCondition ";
+            my $expr = "profiles.login_name";
             if ($matchtype eq 'regexp') {
-                $query .= $dbh->sql_regexp . ' ?';
+                $query .= $dbh->sql_regexp($expr, '?');
                 $matchstr = '.' unless $matchstr;
             } elsif ($matchtype eq 'notregexp') {
-                $query .= $dbh->sql_not_regexp . ' ?';
+                $query .= $dbh->sql_not_regexp($expr, '?');
                 $matchstr = '.' unless $matchstr;
             } else { # substr or unknown
-                $query .= 'like ?';
+                $query .= $expr . ' like ?';
                 $matchstr = "%$matchstr%";
             }
             $nextCondition = 'AND';