summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xeditusers.cgi22
-rw-r--r--template/en/default/admin/users/search.html.tmpl9
-rw-r--r--template/en/default/global/user-error.html.tmpl4
3 files changed, 30 insertions, 5 deletions
diff --git a/editusers.cgi b/editusers.cgi
index 3e23d0808..4e4009dc7 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl -wT
# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
@@ -16,6 +16,7 @@
# Contributor(s): Marc Schumann <wurblzap@gmail.com>
# Lance Larsh <lance.larsh@oracle.com>
# Frédéric Buclin <LpSolit@gmail.com>
+# David Lawrence <dkl@redhat.com>
use strict;
use lib ".";
@@ -69,6 +70,7 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'list') {
+ my $matchvalue = $cgi->param('matchvalue') || '';
my $matchstr = $cgi->param('matchstr');
my $matchtype = $cgi->param('matchtype');
my $grouprestrict = $cgi->param('grouprestrict') || '0';
@@ -115,10 +117,22 @@ if ($action eq 'search') {
$vars->{'users'} = {};
}
else {
- # Handle selection by user name.
+ # Handle selection by login name, real name, or userid.
if (defined($matchtype)) {
$query .= " $nextCondition ";
- my $expr = "profiles.login_name";
+ my $expr = "";
+ if ($matchvalue eq 'userid') {
+ if ($matchstr) {
+ my $stored_matchstr = $matchstr;
+ detaint_natural($matchstr)
+ || ThrowUserError('illegal_user_id', {userid => $stored_matchstr});
+ }
+ $expr = "profiles.userid";
+ } elsif ($matchvalue eq 'realname') {
+ $expr = "profiles.realname";
+ } else {
+ $expr = "profiles.login_name";
+ }
if ($matchtype eq 'regexp') {
$query .= $dbh->sql_regexp($expr, '?');
$matchstr = '.' unless $matchstr;
@@ -752,7 +766,7 @@ sub check_user {
# Copy incoming list selection values from CGI params to template variables.
sub mirrorListSelectionValues {
if (defined($cgi->param('matchtype'))) {
- foreach ('matchstr', 'matchtype', 'grouprestrict', 'groupid') {
+ foreach ('matchvalue', 'matchstr', 'matchtype', 'grouprestrict', 'groupid') {
$vars->{'listselectionvalues'}{$_} = $cgi->param($_);
}
}
diff --git a/template/en/default/admin/users/search.html.tmpl b/template/en/default/admin/users/search.html.tmpl
index 4cb51ca94..68208f756 100644
--- a/template/en/default/admin/users/search.html.tmpl
+++ b/template/en/default/admin/users/search.html.tmpl
@@ -12,6 +12,7 @@
# The Original Code is the Bugzilla Bug Tracking System.
#
# Contributor(s): Marc Schumann <wurblzap@gmail.com>
+ # David Lawrence <dkl@redhat.com>
#%]
[%# INTERFACE:
@@ -35,7 +36,13 @@
<form name="f" method="get" action="editusers.cgi">
<input type="hidden" name="action" value="list" />
-<p><label for="matchstr">List users with login name matching</label>
+<p><label for="matchvalue">List users with</label>
+<select id="matchvalue" name="matchvalue">
+ <option value="login_name">login name</option>
+ <option value="realname">real name</option>
+ <option value="userid">user id</option>
+</select>
+<label for="matchstr">matching</label>
<input size="32" name="matchstr" id="matchstr" />
<select name="matchtype">
<option value="substr" selected="selected">case-insensitive substring</option>
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index cd3fd14db..091e4248c 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1256,6 +1256,10 @@
[% title = "File Is Empty" %]
The file you are trying to attach is empty!
+ [% ELSIF error == "illegal_user_id" %]
+ [% title = "Illegal User ID" %]
+ User ID '[% userid FILTER html %]' is not valid integer.
+
[% ELSE %]
[%# Try to find hooked error messages %]