From ada6b97873dbca0a0972d9a3bde24c9e10c3c70a Mon Sep 17 00:00:00 2001 From: Albert Santoni Date: Fri, 5 Jun 2015 12:34:51 -0400 Subject: [PATCH] CC-6050: User management bugfix --- airtime_mvc/application/controllers/UserController.php | 1 - airtime_mvc/application/models/User.php | 10 ++-------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/airtime_mvc/application/controllers/UserController.php b/airtime_mvc/application/controllers/UserController.php index 4c3168f80..45005fc9a 100644 --- a/airtime_mvc/application/controllers/UserController.php +++ b/airtime_mvc/application/controllers/UserController.php @@ -102,7 +102,6 @@ class UserController extends Zend_Controller_Action public function getHostsAction() { $search = $this->_getParam('term'); - $res = Application_Model_User::getHosts($search); $this->view->hosts = Application_Model_User::getHosts($search); } diff --git a/airtime_mvc/application/models/User.php b/airtime_mvc/application/models/User.php index ac428fefc..76e563155 100644 --- a/airtime_mvc/application/models/User.php +++ b/airtime_mvc/application/models/User.php @@ -282,7 +282,6 @@ class Application_Model_User $con = Propel::getConnection(); $sql_gen = "SELECT login AS value, login AS label, id as index FROM cc_subjs "; - $sql = $sql_gen; $types = array(); $params = array(); @@ -296,13 +295,8 @@ class Application_Model_User $sql = $sql_gen ." WHERE (". $sql_type.") "; - if (!is_null($search)) { - //need to use addslashes for 'LIKE' values - $search = addslashes($search); - $like = "login ILIKE '%{$search}%'"; - - $sql = $sql . " AND ".$like; - } + $sql .= " AND login ILIKE :search"; + $params[":search"] = "%$search%"; $sql = $sql ." ORDER BY login";