From 4f25eedf9065f28badf1e5e1df6c925062d8279e Mon Sep 17 00:00:00 2001 From: "mkanat%kerio.com" <> Date: Fri, 8 Jul 2005 09:31:41 +0000 Subject: Bug 285695: [PostgreSQL] Username checks for login, etc. need to be case insensitive Patch By Max Kanat-Alexander r=LpSolit, a=justdave --- contrib/BugzillaEmail.pm | 11 ++++++++--- contrib/bug_email.pl | 7 +++++-- contrib/bugzilla_email_append.pl | 5 ++++- contrib/syncLDAP.pl | 12 +++++++++--- 4 files changed, 26 insertions(+), 9 deletions(-) (limited to 'contrib') diff --git a/contrib/BugzillaEmail.pm b/contrib/BugzillaEmail.pm index 48602cdb7..473169c9e 100644 --- a/contrib/BugzillaEmail.pm +++ b/contrib/BugzillaEmail.pm @@ -31,6 +31,8 @@ require "globals.pl"; use strict; +my $dbh = Bugzilla->dbh; + my $EMAIL_TRANSFORM_NONE = "email_transform_none"; my $EMAIL_TRANSFORM_BASE_DOMAIN = "email_transform_base_domain"; my $EMAIL_TRANSFORM_NAME_ONLY = "email_transform_name_only"; @@ -45,13 +47,15 @@ sub findUser($) { my ($address) = @_; # if $email_transform is $EMAIL_TRANSFORM_NONE, return the address, otherwise, return undef if ($email_transform eq $EMAIL_TRANSFORM_NONE) { - my $stmt = "SELECT login_name FROM profiles WHERE profiles.login_name = \'$address\';"; + my $stmt = "SELECT login_name FROM profiles WHERE " . + $dbh->sql_istrcmp('login_name', $dbh->quote($address)); SendSQL($stmt); my $found_address = FetchOneColumn(); return $found_address; } elsif ($email_transform eq $EMAIL_TRANSFORM_BASE_DOMAIN) { my ($username) = ($address =~ /(.+)@/); - my $stmt = "SELECT login_name FROM profiles WHERE profiles.login_name RLIKE \'$username\';"; + my $stmt = "SELECT login_name FROM profiles WHERE " . $dbh->sql_istrcmp( + 'login_name', $dbh->quote($username), $dbh->sql_regexp()); SendSQL($stmt); my $domain; @@ -68,7 +72,8 @@ sub findUser($) { return $new_address; } elsif ($email_transform eq $EMAIL_TRANSFORM_NAME_ONLY) { my ($username) = ($address =~ /(.+)@/); - my $stmt = "SELECT login_name FROM profiles WHERE profiles.login_name RLIKE \'$username\';"; + my $stmt = "SELECT login_name FROM profiles WHERE " .$dbh->sql_istrcmp( + 'login_name', $dbh->quote($username), $dbh->sql_regexp()); SendSQL($stmt); my $found_address = FetchOneColumn(); return $found_address; diff --git a/contrib/bug_email.pl b/contrib/bug_email.pl index 46c23c3c3..1590387e6 100755 --- a/contrib/bug_email.pl +++ b/contrib/bug_email.pl @@ -38,7 +38,7 @@ # # You need to work with bug_email.pl the MIME::Parser installed. # -# $Id: bug_email.pl,v 1.27 2005/05/12 19:13:56 lpsolit%gmail.com Exp $ +# $Id: bug_email.pl,v 1.28 2005/07/08 02:31:43 mkanat%kerio.com Exp $ ############################################################### # 02/12/2000 (SML) @@ -112,6 +112,8 @@ my $restricted = 0; my $SenderShort; my $Message_ID; +my $dbh = Bugzilla->dbh; + # change to use default product / component functionality my $DEFAULT_PRODUCT = "PENDING"; my $DEFAULT_COMPONENT = "PENDING"; @@ -1149,7 +1151,8 @@ END $query .= $state . ", \'$bug_when\', \'$bug_when\', $ever_confirmed)\n"; # $query .= SqlQuote( "NEW" ) . ", now(), " . SqlQuote($comment) . " )\n"; - SendSQL("SELECT userid FROM profiles WHERE login_name=\'$reporter\'"); + SendSQL("SELECT userid FROM profiles WHERE " . + $dbh->sql_istrcmp('login_name', $dbh->quote($reporter))); my $userid = FetchOneColumn(); my $id; diff --git a/contrib/bugzilla_email_append.pl b/contrib/bugzilla_email_append.pl index fee9b62ac..e409f0862 100755 --- a/contrib/bugzilla_email_append.pl +++ b/contrib/bugzilla_email_append.pl @@ -42,6 +42,8 @@ use BugzillaEmail; use Bugzilla::Config qw(:DEFAULT $datadir); use Bugzilla::BugMail; +my $dbh = Bugzilla->dbh; + # Create a new MIME parser: my $parser = new MIME::Parser; @@ -101,7 +103,8 @@ if (!defined($found_id)) { } # get the user id -SendSQL("SELECT userid FROM profiles WHERE login_name = \'$SenderShort\';"); +SendSQL("SELECT userid FROM profiles WHERE " . + $dbh->sql_istrcmp('login_name', $dbh->quote($SenderShort))); my $userid = FetchOneColumn(); if (!defined($userid)) { DealWithError("Userid not found for $SenderShort"); diff --git a/contrib/syncLDAP.pl b/contrib/syncLDAP.pl index b9d3e8a5f..14ba1402c 100755 --- a/contrib/syncLDAP.pl +++ b/contrib/syncLDAP.pl @@ -30,6 +30,7 @@ use lib qw(.); use Net::LDAP; my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; my $readonly = 0; my $nodisable = 0; @@ -237,7 +238,9 @@ if($readonly == 0) { print "Performing DB update:\nPhase 1: disabling not-existing users... " unless $quiet; if($nodisable == 0) { while( my ($key, $value) = each(%disable_users) ) { - SendSQL("UPDATE profiles SET disabledtext = 'auto-disabled by ldap sync' WHERE login_name='$key'" ); + SendSQL("UPDATE profiles SET disabledtext = 'auto-disabled by ldap " . + "sync' WHERE " . $dbh->sql_istrcmp('login_name', + $dbh->quote($key))); } print "done!\n" unless $quiet; } @@ -249,9 +252,12 @@ if($readonly == 0) { if($noupdate == 0) { while( my ($key, $value) = each(%update_users) ) { if(defined @$value{'new_login_name'}) { - SendSQL("UPDATE profiles SET login_name = '" . @$value{'new_login_name'} . "' WHERE login_name='$key'" ); + SendSQL("UPDATE profiles SET login_name = '" . + @$value{'new_login_name'} . "' WHERE " . + $dbh->sql_istrcmp('login_name', $dbh->quote($key))); } else { - SendSQL("UPDATE profiles SET realname = '" . @$value{'realname'} . "' WHERE login_name='$key'" ); + SendSQL("UPDATE profiles SET realname = '" . @$value{'realname'} . + "' WHERE " . $dbh->sql_istrcmp('login_name', $dbh->quote($key))); } } print "done!\n" unless $quiet; -- cgit v1.2.3-24-g4f1b