diff options
-rwxr-xr-x | editusers.cgi | 22 | ||||
-rw-r--r-- | template/en/default/admin/users/search.html.tmpl | 9 | ||||
-rw-r--r-- | template/en/default/global/user-error.html.tmpl | 4 |
3 files changed, 30 insertions, 5 deletions
diff --git a/editusers.cgi b/editusers.cgi index 3e23d0808..4e4009dc7 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -1,4 +1,4 @@ -#!/usr/bin/perl -wT +#!/usr/bin/perl -wT # -*- Mode: perl; indent-tabs-mode: nil -*- # # The contents of this file are subject to the Mozilla Public @@ -16,6 +16,7 @@ # Contributor(s): Marc Schumann <wurblzap@gmail.com> # Lance Larsh <lance.larsh@oracle.com> # Frédéric Buclin <LpSolit@gmail.com> +# David Lawrence <dkl@redhat.com> use strict; use lib "."; @@ -69,6 +70,7 @@ if ($action eq 'search') { ########################################################################### } elsif ($action eq 'list') { + my $matchvalue = $cgi->param('matchvalue') || ''; my $matchstr = $cgi->param('matchstr'); my $matchtype = $cgi->param('matchtype'); my $grouprestrict = $cgi->param('grouprestrict') || '0'; @@ -115,10 +117,22 @@ if ($action eq 'search') { $vars->{'users'} = {}; } else { - # Handle selection by user name. + # Handle selection by login name, real name, or userid. if (defined($matchtype)) { $query .= " $nextCondition "; - my $expr = "profiles.login_name"; + my $expr = ""; + if ($matchvalue eq 'userid') { + if ($matchstr) { + my $stored_matchstr = $matchstr; + detaint_natural($matchstr) + || ThrowUserError('illegal_user_id', {userid => $stored_matchstr}); + } + $expr = "profiles.userid"; + } elsif ($matchvalue eq 'realname') { + $expr = "profiles.realname"; + } else { + $expr = "profiles.login_name"; + } if ($matchtype eq 'regexp') { $query .= $dbh->sql_regexp($expr, '?'); $matchstr = '.' unless $matchstr; @@ -752,7 +766,7 @@ sub check_user { # Copy incoming list selection values from CGI params to template variables. sub mirrorListSelectionValues { if (defined($cgi->param('matchtype'))) { - foreach ('matchstr', 'matchtype', 'grouprestrict', 'groupid') { + foreach ('matchvalue', 'matchstr', 'matchtype', 'grouprestrict', 'groupid') { $vars->{'listselectionvalues'}{$_} = $cgi->param($_); } } diff --git a/template/en/default/admin/users/search.html.tmpl b/template/en/default/admin/users/search.html.tmpl index 4cb51ca94..68208f756 100644 --- a/template/en/default/admin/users/search.html.tmpl +++ b/template/en/default/admin/users/search.html.tmpl @@ -12,6 +12,7 @@ # The Original Code is the Bugzilla Bug Tracking System. # # Contributor(s): Marc Schumann <wurblzap@gmail.com> + # David Lawrence <dkl@redhat.com> #%] [%# INTERFACE: @@ -35,7 +36,13 @@ <form name="f" method="get" action="editusers.cgi"> <input type="hidden" name="action" value="list" /> -<p><label for="matchstr">List users with login name matching</label> +<p><label for="matchvalue">List users with</label> +<select id="matchvalue" name="matchvalue"> + <option value="login_name">login name</option> + <option value="realname">real name</option> + <option value="userid">user id</option> +</select> +<label for="matchstr">matching</label> <input size="32" name="matchstr" id="matchstr" /> <select name="matchtype"> <option value="substr" selected="selected">case-insensitive substring</option> diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index cd3fd14db..091e4248c 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1256,6 +1256,10 @@ [% title = "File Is Empty" %] The file you are trying to attach is empty! + [% ELSIF error == "illegal_user_id" %] + [% title = "Illegal User ID" %] + User ID '[% userid FILTER html %]' is not valid integer. + [% ELSE %] [%# Try to find hooked error messages %] |