From 4f25eedf9065f28badf1e5e1df6c925062d8279e Mon Sep 17 00:00:00 2001
From: "mkanat%kerio.com" <>
Date: Fri, 8 Jul 2005 09:31:41 +0000
Subject: Bug 285695: [PostgreSQL] Username checks for login, etc. need to be
 case insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org>
 r=LpSolit, a=justdave

---
 contrib/BugzillaEmail.pm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'contrib/BugzillaEmail.pm')

diff --git a/contrib/BugzillaEmail.pm b/contrib/BugzillaEmail.pm
index 48602cdb7..473169c9e 100644
--- a/contrib/BugzillaEmail.pm
+++ b/contrib/BugzillaEmail.pm
@@ -31,6 +31,8 @@ require "globals.pl";
 
 use strict;
 
+my $dbh = Bugzilla->dbh;
+
 my $EMAIL_TRANSFORM_NONE = "email_transform_none";
 my $EMAIL_TRANSFORM_BASE_DOMAIN = "email_transform_base_domain";
 my $EMAIL_TRANSFORM_NAME_ONLY = "email_transform_name_only";
@@ -45,13 +47,15 @@ sub findUser($) {
   my ($address) = @_;
   # if $email_transform is $EMAIL_TRANSFORM_NONE, return the address, otherwise, return undef
   if ($email_transform eq $EMAIL_TRANSFORM_NONE) {
-    my $stmt = "SELECT login_name FROM profiles WHERE profiles.login_name = \'$address\';";
+    my $stmt = "SELECT login_name FROM profiles WHERE " .
+               $dbh->sql_istrcmp('login_name', $dbh->quote($address));
     SendSQL($stmt);
     my $found_address = FetchOneColumn();
     return $found_address;
   } elsif ($email_transform eq $EMAIL_TRANSFORM_BASE_DOMAIN) {
     my ($username) = ($address =~ /(.+)@/);
-    my $stmt = "SELECT login_name FROM profiles WHERE profiles.login_name RLIKE \'$username\';";
+    my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_istrcmp(
+               'login_name', $dbh->quote($username), $dbh->sql_regexp());
     SendSQL($stmt);
 
     my $domain;
@@ -68,7 +72,8 @@ sub findUser($) {
     return $new_address;
   } elsif ($email_transform eq $EMAIL_TRANSFORM_NAME_ONLY) {
     my ($username) = ($address =~ /(.+)@/);
-    my $stmt = "SELECT login_name FROM profiles WHERE profiles.login_name RLIKE \'$username\';";
+    my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_istrcmp(
+                'login_name', $dbh->quote($username), $dbh->sql_regexp());
     SendSQL($stmt);
     my $found_address = FetchOneColumn();
     return $found_address;
-- 
cgit v1.2.3-24-g4f1b