Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 290149 Details for
Bug 406361
3.26: All login names lowercase.
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
force lowercasing in bugzilla app
diff_after_profile.login_name_cleanup (text/plain), 12.68 KB, created by
Noura El hawary
on 2007-12-20 13:19:05 UTC
(
hide
)
Description:
force lowercasing in bugzilla app
Filename:
MIME Type:
Creator:
Noura El hawary
Created:
2007-12-20 13:19:05 UTC
Size:
12.68 KB
patch
obsolete
>Index: Bugzilla/Auth/DB.pm >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/Bugzilla/Auth/DB.pm,v >retrieving revision 1.2 >diff -u -r1.2 DB.pm >--- Bugzilla/Auth/DB.pm 5 Nov 2004 23:10:15 -0000 1.2 >+++ Bugzilla/Auth/DB.pm 26 Jun 2007 03:40:17 -0000 >@@ -42,6 +42,10 @@ > # We're just testing against the db: any value is ok > trick_taint($username); > >+ # Lowercase, trim, username before checking database >+ $username = lc(trim($username)); >+ >+ > my $userid = $class->get_id_from_username($username); > return (AUTH_LOGINFAILED) unless defined $userid; > >Index: globals.pl >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/globals.pl,v >retrieving revision 1.58 >diff -u -r1.58 globals.pl >--- globals.pl 26 Jun 2007 01:40:18 -0000 1.58 >+++ globals.pl 26 Jun 2007 03:48:39 -0000 >@@ -796,6 +796,10 @@ > > sub DBname_to_realname { > my ($login) = (@_); >+ >+ #lowercase, trim login name before searching database for its realname >+ $login = lc(trim($login)); >+ > PushGlobalSQLState(); > SendSQL("SELECT realname FROM profiles WHERE login_name = ". > SqlQuote($login)); >@@ -844,6 +848,10 @@ > > sub DBname_to_id { > my ($name) = (@_); >+ >+ #lowercase, trim login name before searching database for its userid >+ $name = lc(trim($name)); >+ > PushGlobalSQLState(); > SendSQL("select userid from profiles where login_name = @{[SqlQuote($name)]}"); > my $r = FetchOneColumn(); >Index: Bugzilla/Auth/LDAP.pm >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/Bugzilla/Auth/LDAP.pm,v >retrieving revision 1.1.1.1 >diff -u -r1.1.1.1 LDAP.pm >--- Bugzilla/Auth/LDAP.pm 21 Sep 2004 15:35:55 -0000 1.1.1.1 >+++ Bugzilla/Auth/LDAP.pm 26 Jun 2007 03:51:17 -0000 >@@ -115,6 +115,9 @@ > $username = $user_entry->get_value(Param("LDAPmailattribute")); > # OK, so now we know that the user is valid. Lets try finding them in the > # Bugzilla database >+ >+ # Lowercase, trim username before trying to find it in the database >+ $username = lc(trim($username)); > > # XXX - should this part be made more generic, and placed in > # Bugzilla::Auth? Lots of login mechanisms may have to do this, although >Index: CGI.pl >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/CGI.pl,v >retrieving revision 1.15 >diff -u -r1.15 CGI.pl >--- CGI.pl 4 Apr 2007 13:21:02 -0000 1.15 >+++ CGI.pl 26 Jun 2007 03:53:05 -0000 >@@ -211,6 +211,10 @@ > > sub PasswordForLogin { > my ($login) = (@_); >+ >+ # lowercase, trim login name before searching the database for its password >+ $login = lc(trim($login)); >+ > SendSQL("select cryptpassword from profiles where login_name = " . > SqlQuote($login)); > my $result = FetchOneColumn(); >Index: CGI2.pl >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/CGI2.pl,v >retrieving revision 1.3 >diff -u -r1.3 CGI2.pl >--- CGI2.pl 4 Apr 2007 13:21:55 -0000 1.3 >+++ CGI2.pl 26 Jun 2007 03:59:58 -0000 >@@ -202,6 +202,10 @@ > > sub PasswordForLogin { > my ($login) = (@_); >+ >+ # lowercase login_name before searching the database for its password >+ $login = lc(trim($login)); >+ > SendSQL("select cryptpassword from profiles where login_name = " . > SqlQuote($login)); > my $result = FetchOneColumn(); >Index: editusers.cgi >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/editusers.cgi,v >retrieving revision 1.8 >diff -u -r1.8 editusers.cgi >--- editusers.cgi 16 Jun 2007 00:20:09 -0000 1.8 >+++ editusers.cgi 26 Jun 2007 04:10:17 -0000 >@@ -62,6 +62,9 @@ > { > my $user = shift; > >+ # lowercase login name before checking if it exists in the database >+ $user = lc(trim($user)); >+ > # does the product exist? > SendSQL("SELECT login_name > FROM profiles >@@ -818,6 +821,10 @@ > > if ($action eq 'update') { > my $userold = trim($::FORM{userold} || ''); >+ >+ # lowercase login name before checking the database for its id >+ $userold = lc($userold); >+ > my $realname = trim($::FORM{realname} || ''); > my $realnameold = trim($::FORM{realnameold} || ''); > my $password = $::FORM{password} || ''; >Index: request.cgi >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/request.cgi,v >retrieving revision 1.4 >diff -u -r1.4 request.cgi >--- request.cgi 30 Jan 2007 18:02:18 -0000 1.4 >+++ request.cgi 26 Jun 2007 04:19:39 -0000 >@@ -180,12 +180,12 @@ > > # Filter results by exact email address of requester or requestee. > if (defined $cgi->param('requester') && $cgi->param('requester') ne "") { >- push(@criteria, "requesters.login_name = " . SqlQuote($cgi->param('requester'))); >+ push(@criteria, "requesters.login_name = " . lc(trim(SqlQuote($cgi->param('requester'))))); > push(@excluded_columns, 'requester') unless $cgi->param('do_union'); > } > if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") { > if ($cgi->param('requestee') ne "-") { >- push(@criteria, "requestees.login_name = " . SqlQuote($cgi->param('requestee'))); >+ push(@criteria, "requestees.login_name = " . lc(trim(SqlQuote($cgi->param('requestee'))))); > } > else { push(@criteria, "flags.requestee_id IS NULL") } > push(@excluded_columns, 'requestee') unless $cgi->param('do_union'); >Index: contrib/BugzillaEmail.pm >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/contrib/BugzillaEmail.pm,v >retrieving revision 1.1.1.1 >diff -u -r1.1.1.1 BugzillaEmail.pm >--- contrib/BugzillaEmail.pm 21 Sep 2004 15:35:55 -0000 1.1.1.1 >+++ contrib/BugzillaEmail.pm 26 Jun 2007 04:21:18 -0000 >@@ -43,6 +43,10 @@ > # matching is sloppy based on the $email_transform parameter > sub findUser($) { > my ($address) = @_; >+ >+ # lowercase login name before trying to find it in the database >+ $address = lc($address); >+ > # if $email_transform is $EMAIL_TRANSFORM_NONE, return the address, otherwise, return undef > if ($email_transform eq $EMAIL_TRANSFORM_NONE) { > my $stmt = "SELECT login_name FROM profiles WHERE profiles.login_name = \'$address\';"; >Index: contrib/bug_email.pl >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/contrib/bug_email.pl,v >retrieving revision 1.1.1.1 >diff -u -r1.1.1.1 bug_email.pl >--- contrib/bug_email.pl 21 Sep 2004 15:35:55 -0000 1.1.1.1 >+++ contrib/bug_email.pl 26 Jun 2007 04:24:28 -0000 >@@ -207,6 +207,10 @@ > # } else { > # return; > # } >+ >+ # lowercase, trim login name before checking its permissions in the database >+ $Name = lc(trim($Name)); >+ > return findUser($Name); > } > >@@ -1143,6 +1147,11 @@ > $query .= $state . ", \'$bug_when\', $ever_confirmed)\n"; > # $query .= SqlQuote( "NEW" ) . ", now(), " . SqlQuote($comment) . " )\n"; > >+ >+ # lowercase, trim reporter before getting its id from the database >+ $reporter = lc(trim($reporter)); >+ >+ > SendSQL("SELECT userid FROM profiles WHERE login_name=\'$reporter\'"); > my $userid = FetchOneColumn(); > >Index: contrib/bugzilla_email_append.pl >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/contrib/bugzilla_email_append.pl,v >retrieving revision 1.1.1.1 >diff -u -r1.1.1.1 bugzilla_email_append.pl >--- contrib/bugzilla_email_append.pl 21 Sep 2004 15:35:55 -0000 1.1.1.1 >+++ contrib/bugzilla_email_append.pl 26 Jun 2007 04:26:47 -0000 >@@ -100,6 +100,10 @@ > DealWithError("Bug $bugid does not exist"); > } > >+ >+# lowercase login name before trying to get its id from the database >+$SenderShort = lc($SenderShort); >+ > # get the user id > SendSQL("SELECT userid FROM profiles WHERE login_name = \'$SenderShort\';"); > my $userid = FetchOneColumn(); >Index: contrib/syncLDAP.pl >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/contrib/syncLDAP.pl,v >retrieving revision 1.1.1.1 >diff -u -r1.1.1.1 syncLDAP.pl >--- contrib/syncLDAP.pl 21 Sep 2004 15:35:55 -0000 1.1.1.1 >+++ contrib/syncLDAP.pl 26 Jun 2007 04:32:03 -0000 >@@ -237,6 +237,10 @@ > print "Performing DB update:\nPhase 1: disabling not-existing users... " unless $quiet; > if($nodisable == 0) { > while( my ($key, $value) = each(%disable_users) ) { >+ >+ >+ # lowercase login name before searching the database for it >+ $key = lc($key); > SendSQL("UPDATE profiles SET disabledtext = 'auto-disabled by ldap sync' WHERE login_name='$key'" ); > } > print "done!\n" unless $quiet; >@@ -248,6 +252,10 @@ > print "Phase 2: updating existing users... " unless $quiet; > if($noupdate == 0) { > while( my ($key, $value) = each(%update_users) ) { >+ >+ # lowercase login name before searching the database for it >+ $key = lc($key); >+ > if(defined @$value{'new_login_name'}) { > SendSQL("UPDATE profiles SET login_name = '" . @$value{'new_login_name'} . "' WHERE login_name='$key'" ); > } else { >Index: token.cgi >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/token.cgi,v >retrieving revision 1.1.1.1 >diff -u -r1.1.1.1 token.cgi >--- token.cgi 21 Sep 2004 15:35:55 -0000 1.1.1.1 >+++ token.cgi 26 Jun 2007 04:37:10 -0000 >@@ -106,6 +106,9 @@ > CheckEmailSyntax($cgi->param('loginname')); > > my $quotedloginname = SqlQuote($cgi->param('loginname')); >+ >+ $quotedloginname = lc($quotedloginname); >+ > SendSQL("SELECT userid FROM profiles WHERE login_name = $quotedloginname"); > FetchSQLData() > || ThrowUserError("account_inexistent"); >@@ -229,6 +232,9 @@ > my ($old_email, $new_email) = split(/:/,$eventdata); > my $quotednewemail = SqlQuote($new_email); > >+ # lowercase login name before updating the database with it >+ $quotednewemail = lc($quotednewemail); >+ > # Check the user entered the correct old email address > if(lc($cgi->param('email')) ne lc($old_email)) { > ThrowUserError("email_confirmation_failed"); >@@ -284,6 +290,9 @@ > if($actualemail ne $old_email) { > my $quotedoldemail = SqlQuote($old_email); > >+ # lowercase login name before updating the database with it >+ $quotedoldemail = lc($quotednewemail); >+ > Bugzilla::DB::LockTables("LOCK TABLES profiles WRITE"); > SendSQL("UPDATE profiles > SET login_name = $quotedoldemail >Index: frontpage.cgi >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/frontpage.cgi,v >retrieving revision 1.26 >diff -u -r1.26 frontpage.cgi >--- frontpage.cgi 9 Jun 2007 14:57:12 -0000 1.26 >+++ frontpage.cgi 26 Jun 2007 04:39:14 -0000 >@@ -363,10 +363,10 @@ > $query .= " AND flags.status = '?' " unless $cgi->param('status'); > > # Limit to user as requestee >-my $requestee_query = $query . " AND requestees.login_name = " . SqlQuote($user->email); >+my $requestee_query = $query . " AND requestees.login_name = " . lc(SqlQuote($user->email)); > > # Limit to user as requester >-my $requester_query = $query . " AND requesters.login_name = " . SqlQuote($user->email); >+my $requester_query = $query . " AND requesters.login_name = " . lc(SqlQuote($user->email)); > > # Order the records (within each group). > $requestee_query .= " ORDER BY flagtypes.name, flags.creation_date"; >Index: Bugzilla/Token.pm >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/Bugzilla/Token.pm,v >retrieving revision 1.4 >diff -u -r1.4 Token.pm >--- Bugzilla/Token.pm 27 Oct 2004 21:24:20 -0000 1.4 >+++ Bugzilla/Token.pm 26 Jun 2007 04:41:20 -0000 >@@ -117,6 +117,10 @@ > > # Retrieve the user's ID from the database. > my $quotedloginname = &::SqlQuote($loginname); >+ >+ # lowercase login name before searching the database for it >+ $quotedloginname = lc($quotedloginname); >+ > &::SendSQL("SELECT profiles.userid, tokens.issuedate FROM profiles > LEFT JOIN tokens > ON tokens.userid = profiles.userid >Index: Bugzilla/User.pm >=================================================================== >RCS file: /cvs/qa/rh_bugzilla_2_18/Bugzilla/User.pm,v >retrieving revision 1.15 >diff -u -r1.15 User.pm >--- Bugzilla/User.pm 5 Mar 2007 16:57:44 -0000 1.15 >+++ Bugzilla/User.pm 26 Jun 2007 04:44:18 -0000 >@@ -503,6 +503,10 @@ > > # first try wildcards > >+ # lowercase the login_name string before trying to match it with >+ # the profiles table login_names >+ $str = lc($str); >+ > my $wildstr = $str; > > if ($wildstr =~ s/\*/\%/g && # don't do wildcards if no '*' in the string
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 406361
: 290149