org.jivesoftware.wildfire.user.DefaultUserProvider - findUsers()
The other findUsers() method is not used, but one could change also there the code. Or even better rewrite both methods so we don’'t see duplicate code.
As a diff looks very evil I just post the new method:
final String sqlescape = “x”; should be final String sqlescape = “<”; but the code tag has a problem with <
public Collection<User> findUsers(Set<String> fields, String query)
throws UnsupportedOperationException
{
if (fields.isEmpty()) {
return Collections.emptyList();
}
if (!getSearchFields().containsAll(fields)) {
throw new IllegalArgumentException("Search fields " + fields + " are not valid.");
}
if (query == null || "".equals(query)) {
return Collections.emptyList();
}
// SQL LIKE queries don''t map directly into a keyword/wildcard search like we want.
// Therefore, we do a best approximiation by replacing ''*'' with ''%'' and then
// surrounding the whole query with two ''%''. This will return more data than desired,
// but is better than returning less data than desired.
/* LG: with these replacements one can not search for ''*'' or ''?'' within the name,
* as they are used as wildcards */
final String sqlescape = "x";
query = "*" + query + "*";
query = query.replaceAll("%", sqlescape + "%"); /* one can search for ''%'' within the name */
query = query.replaceAll("_", sqlescape + "_"); /* one can search for ''_'' within the name */
query = query.replaceAll("\\*+", "%"); /* replace ''*'' or ''***'' with ''%'' (match any characters) */
query = query.replaceAll("\\?+", "_"); /* replace ''?'' with ''_'' (match one character) */
List<String> usernames = new ArrayList<String>(50);
Connection con = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
con = DbConnectionManager.getConnection();
StringBuilder sql = new StringBuilder(100);
sql.append("SELECT username FROM jiveUser WHERE");
int first = 0;
if (fields.contains("Username")) {
sql.append(" username LIKE ?");
first++;
}
if (fields.contains("Name")) {
if (first > 0) {
sql.append(" AND");
}
sql.append(" name LIKE ?");
first++;
}
if (fields.contains("Email")) {
if (first > 0) {
sql.append(" AND");
}
sql.append(" email LIKE ?");
first++;
}
sql.append(" ESCAPE ''"+ sqlescape +"''");
Log.debug("Searching: "+ sql.toString() +" . "+ query +" . "+ first);
pstmt = con.prepareStatement(sql.toString());
for (int i = 1; i<=first; i++)
{
pstmt.setString(i,query);
}
rs = pstmt.executeQuery();
while (rs.next()) {
usernames.add(rs.getString(1));
}
}
catch (SQLException e) {
Log.error(e);
}
finally {
DbConnectionManager.closeConnection(rs, pstmt, con);
} return new UserCollection(usernames.toArray(new String[usernames.size()]));
}