From f0b44bd9934251f383a0dc14920b71a52b40bec6 Mon Sep 17 00:00:00 2001
From: David Rothstein <drothstein@gmail.com>
Date: Mon, 1 Feb 2016 10:48:47 -0500
Subject: Issue #2251019 by PietM, jhodgdon, mgifford: User wildcard search
 doesn't work

---
 modules/user/user.module | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'modules/user/user.module')

diff --git a/modules/user/user.module b/modules/user/user.module
index 02950de3c..c33aa0982 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -958,6 +958,8 @@ function user_search_access() {
  */
 function user_search_execute($keys = NULL, $conditions = NULL) {
   $find = array();
+  // Escape for LIKE matching.
+  $keys = db_like($keys);
   // Replace wildcards with MySQL/PostgreSQL wildcards.
   $keys = preg_replace('!\*+!', '%', $keys);
   $query = db_select('users')->extend('PagerDefault');
@@ -967,13 +969,13 @@ function user_search_execute($keys = NULL, $conditions = NULL) {
     // and they don't need to be restricted to only active users.
     $query->fields('users', array('mail'));
     $query->condition(db_or()->
-      condition('name', '%' . db_like($keys) . '%', 'LIKE')->
-      condition('mail', '%' . db_like($keys) . '%', 'LIKE'));
+      condition('name', '%' . $keys . '%', 'LIKE')->
+      condition('mail', '%' . $keys . '%', 'LIKE'));
   }
   else {
     // Regular users can only search via usernames, and we do not show them
     // blocked accounts.
-    $query->condition('name', '%' . db_like($keys) . '%', 'LIKE')
+    $query->condition('name', '%' . $keys . '%', 'LIKE')
       ->condition('status', 1);
   }
   $uids = $query
-- 
cgit v1.2.3