Bug 292718: LOCATE is not ANSI SQL (prevents user account creation)

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=joel, a=justdave
2024-10-12 21:05:36 +00:00 · 2005-05-21 07:30:50 +00:00 · 2005-05-21 07:30:50 +00:00 · 996ac784af
commit 996ac784af
parent 9aae66357d
1 changed files with 8 additions and 5 deletions
--- a/webtools/bugzilla/Bugzilla/User.pm
+++ b/webtools/bugzilla/Bugzilla/User.pm
@ -1091,8 +1091,9 @@ sub insert_new_user ($$;$$) {

    # Insert the new user record into the database.
    $dbh->do("INSERT INTO profiles 
-                          (login_name, realname, cryptpassword, disabledtext) 
-                   VALUES (?, ?, ?, ?)",
+                          (login_name, realname, cryptpassword, disabledtext,
+                           refreshed_when) 
+                   VALUES (?, ?, ?, ?, '1901-01-01 00:00:00')",
             undef, 
             ($username, $realname, $cryptpassword, $disabledtext));

@ -1133,12 +1134,14 @@ sub is_available_username ($;$) {
    #
    # substring/locate stuff: bug 165221; this used to use regexes, but that
    # was unsafe and required weird escaping; using substring to pull out
-    # the new/old email addresses and locate() to find the delimeter (':')
+    # the new/old email addresses and sql_position() to find the delimiter (':')
    # is cleaner/safer
    my $sth = $dbh->prepare(
        "SELECT eventdata FROM tokens WHERE tokentype = 'emailold'
-        AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = ?
-        OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = ?");
+        AND SUBSTRING(eventdata, 1, (" 
+        . $dbh->sql_position(q{':'}, 'eventdata') . "-  1)) = ?
+        OR SUBSTRING(eventdata, (" 
+        . $dbh->sql_position(q{':'}, 'eventdata') . "+ 1)) = ?");
    $sth->execute($username, $username);

    if (my ($eventdata) = $sth->fetchrow_array()) {