summaryrefslogtreecommitdiff
path: root/modules/user/user.module
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/user.module')
-rw-r--r--modules/user/user.module8
1 files changed, 5 insertions, 3 deletions
diff --git a/modules/user/user.module b/modules/user/user.module
index 02950de3c..c33aa0982 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -958,6 +958,8 @@ function user_search_access() {
*/
function user_search_execute($keys = NULL, $conditions = NULL) {
$find = array();
+ // Escape for LIKE matching.
+ $keys = db_like($keys);
// Replace wildcards with MySQL/PostgreSQL wildcards.
$keys = preg_replace('!\*+!', '%', $keys);
$query = db_select('users')->extend('PagerDefault');
@@ -967,13 +969,13 @@ function user_search_execute($keys = NULL, $conditions = NULL) {
// and they don't need to be restricted to only active users.
$query->fields('users', array('mail'));
$query->condition(db_or()->
- condition('name', '%' . db_like($keys) . '%', 'LIKE')->
- condition('mail', '%' . db_like($keys) . '%', 'LIKE'));
+ condition('name', '%' . $keys . '%', 'LIKE')->
+ condition('mail', '%' . $keys . '%', 'LIKE'));
}
else {
// Regular users can only search via usernames, and we do not show them
// blocked accounts.
- $query->condition('name', '%' . db_like($keys) . '%', 'LIKE')
+ $query->condition('name', '%' . $keys . '%', 'LIKE')
->condition('status', 1);
}
$uids = $query
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 15:03:52 +0000