Commit 2f82ef79 authored by Tony Butler's avatar Tony Butler
Browse files

Prevent searching by username if 'nousernames' is enabled (Bug #1353516)

Change-Id: Iabae07ea9ca90510064311e0947ef4ad84a67b14
parent bd02e40b
......@@ -390,7 +390,7 @@ $string['searchplugin'] = 'Search plugin';
$string['searchplugindescription'] = 'Search plugin to use';
$string['searchconfigerror1'] = 'The configuration settings for the search plugin "%s" are incorrect. Please check the configuration settings under "Extensions" → "Plugin type: search". You may need to hit the search\'s \'reset\' button when done.';
$string['searchusernames'] = 'Search usernames';
$string['searchusernamesdescription'] = 'If checked, allow usernames to be searched on as part of "Search users".';
$string['searchusernamesdescription'] = 'If checked, allow usernames to be searched on as part of "Search users". This setting has no effect if "Never display usernames" above is enforced. Site administrators and staff members are always able to search by username.';
$string['searchuserspublic'] = 'Show users in public search';
$string['searchuserspublicdescription'] = 'Allow users\' names to appear in public search results. This needs to have \'publicsearchallowed\' set to true and be using a search plugin that allows public search, e.g. Elasticsearch. Changing this setting will require search re-indexing.';
$string['sessionlifetime'] = 'Session lifetime';
......
......@@ -3978,7 +3978,7 @@ class View {
OR c.name $like '%' || ? || '%' OR c.description $like '%' || ? || '%' ";
array_push($whereparams, $query, $query);
}
if (get_config('searchusernames')) {
if ($admin || $USER->get('staff') || (get_config('searchusernames') && !get_config('nousernames'))) {
// If the site setting 'Search usernames' is enabled, allow searching by username.
$where .= "
OR qu.username $like '%' || ? || '%' ";
......
......@@ -201,6 +201,7 @@ class PluginSearchInternal extends PluginSearch {
* names match the terms in a given query string.
*/
function name_search_sql($query_string, $usralias='u', $usrprefalias='h') {
global $USER;
safe_require('artefact', 'internal');
......@@ -217,7 +218,7 @@ class PluginSearchInternal extends PluginSearch {
$querydata = self::split_query_string(strtolower(trim($query_string)));
$hidenameallowed = get_config('userscanhiderealnames') ? 'TRUE' : 'FALSE';
$searchusernamesallowed = get_config('searchusernames') ? 'TRUE' : 'FALSE';
$searchusernamesallowed = $USER->get('admin') || $USER->get('staff') || (get_config('searchusernames') && !get_config('nousernames')) ? 'TRUE' : 'FALSE';
$termsql = "$matches->preferredname
OR (
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment