From eee1b5153987865a4bf7feb086fbf442d9b5dd7d Mon Sep 17 00:00:00 2001 From: Frederic Massart Date: Fri, 14 Dec 2012 14:39:52 +0800 Subject: [PATCH] MDL-37164 message: Searching for users does not return guest --- message/lib.php | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/message/lib.php b/message/lib.php index 4dd3abd..6f640ad 100644 --- a/message/lib.php +++ b/message/lib.php @@ -1439,7 +1439,7 @@ function message_history_link($userid1, $userid2, $return=false, $keywords='', $ * @param int|array $courseids Course ID or array of course IDs. * @param string $searchtext the text to search for. * @param string $sort the column name to order by. - * @param string $exceptions comma separated list of user IDs to exclude + * @param string|array $exceptions comma separated list or array of user IDs to exclude. * @return array An array of {@link $USER} records. */ function message_search_users($courseids, $searchtext, $sort='', $exceptions='') { @@ -1451,13 +1451,26 @@ function message_search_users($courseids, $searchtext, $sort='', $exceptions='') } $fullname = $DB->sql_fullname(); + $params = array( + 'userid' => $USER->id, + 'query' => "%$searchtext%" + ); - if (!empty($exceptions)) { - $except = ' AND u.id NOT IN ('. $exceptions .') '; + if (!empty($exceptions) && is_string($exceptions)) { + $exceptions = explode(',', $exceptions); } else { - $except = ''; + $exceptions = array(); } + // Ignore self and guest account. + $exceptions[] = $USER->id; + $exceptions[] = $CFG->siteguest; + + // Remove exceptions. + list($except, $params_except) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'param', false); + $except = ' AND u.id ' . $except; + $params = array_merge($params_except, $params); + if (!empty($sort)) { $order = ' ORDER BY '. $sort; } else { @@ -1474,18 +1487,16 @@ function message_search_users($courseids, $searchtext, $sort='', $exceptions='') if ($sitelevelsearch) { // Search on site level. - $params = array($USER->id, "%$searchtext%"); return $DB->get_records_sql("SELECT $ufields, mc.id as contactlistid, mc.blocked FROM {user} u LEFT JOIN {message_contacts} mc - ON mc.contactid = u.id AND mc.userid = ? + ON mc.contactid = u.id AND mc.userid = :userid WHERE u.deleted = '0' AND u.confirmed = '1' - AND (".$DB->sql_like($fullname, '?', false).") + AND (".$DB->sql_like($fullname, ':query', false).") $except $order", $params); } else { // Search in courses. - $params = array($USER->id, "%$searchtext%"); // TODO: add enabled enrolment join here (skodak) $contextlist = array(); foreach ($courseids as $courseid) { @@ -1499,10 +1510,10 @@ function message_search_users($courseids, $searchtext, $sort='', $exceptions='') FROM {user} u JOIN {role_assignments} ra ON ra.userid = u.id LEFT JOIN {message_contacts} mc - ON mc.contactid = u.id AND mc.userid = ? + ON mc.contactid = u.id AND mc.userid = :userid WHERE u.deleted = '0' AND u.confirmed = '1' AND $contextwhere - AND (".$DB->sql_like($fullname, '?', false).") + AND (".$DB->sql_like($fullname, ':query', false).") $except $order", $params); -- 1.7.9.5