Patch for bug 237683: Allow for more flexible user searching such as real name,…

editusers.cgi

-#!/usr/bin/perl -wT
+#!/usr/bin/perl -wT
 # -*- Mode: perl; indent-tabs-mode: nil -*-
 #
 # The contents of this file are subject to the Mozilla Public
@@ -16,6 +16,7 @@
 # Contributor(s): Marc Schumann <wurblzap@gmail.com>
 #                 Lance Larsh <lance.larsh@oracle.com>
 #                 Frédéric Buclin <LpSolit@gmail.com>
+#                 David Lawrence <dkl@redhat.com>
 
 use strict;
 use lib ".";
@@ -69,6 +70,7 @@ if ($action eq 'search') {
 
 ###########################################################################
 } elsif ($action eq 'list') {
+    my $matchvalue    = $cgi->param('matchvalue') || '';
     my $matchstr      = $cgi->param('matchstr');
     my $matchtype     = $cgi->param('matchtype');
     my $grouprestrict = $cgi->param('grouprestrict') || '0';
@@ -115,10 +117,22 @@ if ($action eq 'search') {
         $vars->{'users'} = {};
     }
     else {
-        # Handle selection by user name.
+        # Handle selection by login name, real name, or userid.
         if (defined($matchtype)) {
             $query .= " $nextCondition ";
-            my $expr = "profiles.login_name";
+            my $expr = "";
+            if ($matchvalue eq 'userid') {
+                if ($matchstr) {
+                    my $stored_matchstr = $matchstr;
+                    detaint_natural($matchstr) 
+                        || ThrowUserError('illegal_user_id', {userid => $stored_matchstr});
+                }
+                $expr = "profiles.userid";
+            } elsif ($matchvalue eq 'realname') {
+                $expr = "profiles.realname";
+            } else {
+                $expr = "profiles.login_name";
+            }
             if ($matchtype eq 'regexp') {
                 $query .= $dbh->sql_regexp($expr, '?');
                 $matchstr = '.' unless $matchstr;
@@ -752,7 +766,7 @@ sub check_user {
 # Copy incoming list selection values from CGI params to template variables.
 sub mirrorListSelectionValues {
     if (defined($cgi->param('matchtype'))) {
-        foreach ('matchstr', 'matchtype', 'grouprestrict', 'groupid') {
+        foreach ('matchvalue', 'matchstr', 'matchtype', 'grouprestrict', 'groupid') {
             $vars->{'listselectionvalues'}{$_} = $cgi->param($_);
         }
     }

template/en/default/admin/users/search.html.tmpl

@@ -12,6 +12,7 @@
   # The Original Code is the Bugzilla Bug Tracking System.
   #
   # Contributor(s): Marc Schumann <wurblzap@gmail.com>
+  #                 David Lawrence <dkl@redhat.com>
   #%]
 
 [%# INTERFACE:
@@ -35,7 +36,13 @@
 
 <form name="f" method="get" action="editusers.cgi">
 <input type="hidden" name="action" value="list" />
-<p><label for="matchstr">List users with login name matching</label>
+<p><label for="matchvalue">List users with</label>
+<select id="matchvalue" name="matchvalue">
+  <option value="login_name">login name</option>
+  <option value="realname">real name</option>
+  <option value="userid">user id</option>
+</select>
+<label for="matchstr">matching</label>
 <input size="32" name="matchstr" id="matchstr" />
 <select name="matchtype">
   <option value="substr" selected="selected">case-insensitive substring</option>

template/en/default/global/user-error.html.tmpl

@@ -1256,6 +1256,10 @@
     [% title = "File Is Empty" %]
     The file you are trying to attach is empty!
 
+  [% ELSIF error == "illegal_user_id" %]
+    [% title = "Illegal User ID" %]
+    User ID '[% userid FILTER html %]' is not valid integer.
+
   [% ELSE %]
 
     [%# Try to find hooked error messages %]