From bf1e1f7c24389c140a8768cf3d243e6ffbdd2f8a Mon Sep 17 00:00:00 2001
From: "jocuri%softhome.net" <>
Date: Wed, 22 Feb 2006 06:25:51 +0000
Subject: Patch for bug 237683: Allow for more flexible user searching such as
 real name, email, and userid, in editusers; patch by David Lawrence
 <dkl@redhat.com>, r=bugzilla@chimpychompy.org, a=justdave@bugzilla.org.

---
 editusers.cgi | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

(limited to 'editusers.cgi')

diff --git a/editusers.cgi b/editusers.cgi
index 3e23d0808..4e4009dc7 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -wT
+#!/usr/bin/perl -wT
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
@@ -16,6 +16,7 @@
 # Contributor(s): Marc Schumann <wurblzap@gmail.com>
 #                 Lance Larsh <lance.larsh@oracle.com>
 #                 Frédéric Buclin <LpSolit@gmail.com>
+#                 David Lawrence <dkl@redhat.com>
 
 use strict;
 use lib ".";
@@ -69,6 +70,7 @@ if ($action eq 'search') {
 
 ###########################################################################
 } elsif ($action eq 'list') {
+    my $matchvalue    = $cgi->param('matchvalue') || '';
     my $matchstr      = $cgi->param('matchstr');
     my $matchtype     = $cgi->param('matchtype');
     my $grouprestrict = $cgi->param('grouprestrict') || '0';
@@ -115,10 +117,22 @@ if ($action eq 'search') {
         $vars->{'users'} = {};
     }
     else {
-        # Handle selection by user name.
+        # Handle selection by login name, real name, or userid.
         if (defined($matchtype)) {
             $query .= " $nextCondition ";
-            my $expr = "profiles.login_name";
+            my $expr = "";
+            if ($matchvalue eq 'userid') {
+                if ($matchstr) {
+                    my $stored_matchstr = $matchstr;
+                    detaint_natural($matchstr) 
+                        || ThrowUserError('illegal_user_id', {userid => $stored_matchstr});
+                }
+                $expr = "profiles.userid";
+            } elsif ($matchvalue eq 'realname') {
+                $expr = "profiles.realname";
+            } else {
+                $expr = "profiles.login_name";
+            }
             if ($matchtype eq 'regexp') {
                 $query .= $dbh->sql_regexp($expr, '?');
                 $matchstr = '.' unless $matchstr;
@@ -752,7 +766,7 @@ sub check_user {
 # Copy incoming list selection values from CGI params to template variables.
 sub mirrorListSelectionValues {
     if (defined($cgi->param('matchtype'))) {
-        foreach ('matchstr', 'matchtype', 'grouprestrict', 'groupid') {
+        foreach ('matchvalue', 'matchstr', 'matchtype', 'grouprestrict', 'groupid') {
             $vars->{'listselectionvalues'}{$_} = $cgi->param($_);
         }
     }
-- 
cgit v1.2.3-24-g4f1b