From b5b3d96b48b6f829ef157e79a7308e5743efff19 Mon Sep 17 00:00:00 2001 From: Albert Santoni Date: Fri, 5 Jun 2015 12:34:15 -0400 Subject: [PATCH] CC-6050: User management bugfix --- airtime_mvc/application/controllers/UserController.php | 1 - airtime_mvc/application/models/User.php | 10 ++-------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/airtime_mvc/application/controllers/UserController.php b/airtime_mvc/application/controllers/UserController.php index c75e2b49e..c2cc9f0a6 100644 --- a/airtime_mvc/application/controllers/UserController.php +++ b/airtime_mvc/application/controllers/UserController.php @@ -95,7 +95,6 @@ class UserController extends Zend_Controller_Action public function getHostsAction() { $search = $this->_getParam('term'); - $res = Application_Model_User::getHosts($search); $this->view->hosts = Application_Model_User::getHosts($search); } diff --git a/airtime_mvc/application/models/User.php b/airtime_mvc/application/models/User.php index 8a1008577..8b97fef22 100644 --- a/airtime_mvc/application/models/User.php +++ b/airtime_mvc/application/models/User.php @@ -263,7 +263,6 @@ class Application_Model_User $con = Propel::getConnection(); $sql_gen = "SELECT login AS value, login AS label, id as index FROM cc_subjs "; - $sql = $sql_gen; $types = array(); $params = array(); @@ -277,13 +276,8 @@ class Application_Model_User $sql = $sql_gen ." WHERE (". $sql_type.") "; - if (!is_null($search)) { - //need to use addslashes for 'LIKE' values - $search = addslashes($search); - $like = "login ILIKE '%{$search}%'"; - - $sql = $sql . " AND ".$like; - } + $sql .= " AND login ILIKE :search"; + $params[":search"] = "%$search%"; $sql = $sql ." ORDER BY login";