From f0b44bd9934251f383a0dc14920b71a52b40bec6 Mon Sep 17 00:00:00 2001
From: David Rothstein <drothstein@gmail.com>
Date: Mon, 1 Feb 2016 10:48:47 -0500
Subject: Issue #2251019 by PietM, jhodgdon, mgifford: User wildcard search
 doesn't work

---
 modules/user/user.module |  8 +++++---
 modules/user/user.test   | 14 ++++++++++++++
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/modules/user/user.module b/modules/user/user.module
index 02950de3c..c33aa0982 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -958,6 +958,8 @@ function user_search_access() {
  */
 function user_search_execute($keys = NULL, $conditions = NULL) {
   $find = array();
+  // Escape for LIKE matching.
+  $keys = db_like($keys);
   // Replace wildcards with MySQL/PostgreSQL wildcards.
   $keys = preg_replace('!\*+!', '%', $keys);
   $query = db_select('users')->extend('PagerDefault');
@@ -967,13 +969,13 @@ function user_search_execute($keys = NULL, $conditions = NULL) {
     // and they don't need to be restricted to only active users.
     $query->fields('users', array('mail'));
     $query->condition(db_or()->
-      condition('name', '%' . db_like($keys) . '%', 'LIKE')->
-      condition('mail', '%' . db_like($keys) . '%', 'LIKE'));
+      condition('name', '%' . $keys . '%', 'LIKE')->
+      condition('mail', '%' . $keys . '%', 'LIKE'));
   }
   else {
     // Regular users can only search via usernames, and we do not show them
     // blocked accounts.
-    $query->condition('name', '%' . db_like($keys) . '%', 'LIKE')
+    $query->condition('name', '%' . $keys . '%', 'LIKE')
       ->condition('status', 1);
   }
   $uids = $query
diff --git a/modules/user/user.test b/modules/user/user.test
index 97d23b44c..b9729c507 100644
--- a/modules/user/user.test
+++ b/modules/user/user.test
@@ -2230,6 +2230,20 @@ class UserUserSearchTestCase extends DrupalWebTestCase {
     $this->drupalPost('search/user/', $edit, t('Search'));
     $this->assertText($keys);
 
+    // Verify that wildcard search works.
+    $keys = $user1->name;
+    $keys = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
+    $edit = array('keys' => $keys);
+    $this->drupalPost('search/user/', $edit, t('Search'));
+    $this->assertText($user1->name, 'Search for username wildcard resulted in user name on page for administrative user.');
+
+    // Verify that wildcard search works for email.
+    $keys = $user1->mail;
+    $keys = substr($keys, 0, 2) . '*' . substr($keys, 4, 2);
+    $edit = array('keys' => $keys);
+    $this->drupalPost('search/user/', $edit, t('Search'));
+    $this->assertText($user1->name, 'Search for email wildcard resulted in user name on page for administrative user.');
+
     // Create a blocked user.
     $blocked_user = $this->drupalCreateUser();
     $edit = array('status' => 0);
-- 
cgit v1.2.3