Re: svn commit: r443451 - /incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java

[David E Jones]

Hmmm... Maybe we should back this one out...
The problem is: with this in there, how can you search for a partial  
email address or find all emails for a certain domain?

Also, is it so bad that you get additional results in a search?

-David


On Sep 14, 2006, at 1:53 PM, [EMAIL PROTECTED] wrote:

Author: jleroux
Date: Thu Sep 14 12:53:41 2006
New Revision: 443451

URL: http://svn.apache.org/viewvc?view=rev&rev=443451
Log:
getPartyFromEmail does dangerous matching (http:// 
jira.undersunconsulting.com/browse/OFBIZ-534?page=all)

Ean Schuessler :
getPartyByEmail does a '%EMAIL_ADDRESS%' match when you search for  
an email.
This means that you can get back [EMAIL PROTECTED] when you search for  
[EMAIL PROTECTED]
I can't really see the point of the current implementation and it  
can have dangerous
and suprising side effects if you are going to mail personal  
information.
I'd suggest doing a direct but case-insensitive match. The case  
insensitivity is a good feature.

I have suppressed the 2 SQL jokers


Modified:
    incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/ 
party/PartyServices.java

Modified: incubator/ofbiz/trunk/applications/party/src/org/ofbiz/ 
party/party/PartyServices.java
URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/ 
applications/party/src/org/ofbiz/party/party/PartyServices.java? 
view=diff&rev=443451&r1=443450&r2=443451
====================================================================== 
========
--- incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/ 
party/PartyServices.java (original)
+++ incubator/ofbiz/trunk/applications/party/src/org/ofbiz/party/ 
party/PartyServices.java Thu Sep 14 12:53:41 2006
@@ -663,7 +663,7 @@
         try {
             List exprs = new LinkedList();

-            exprs.add(new EntityExpr(new EntityFunction.UPPER(new  
EntityFieldValue("infoString")), EntityOperator.LIKE, new  
EntityFunction.UPPER("%" + email.toUpperCase() + "%")));
+            exprs.add(new EntityExpr(new EntityFunction.UPPER(new  
EntityFieldValue("infoString")), EntityOperator.LIKE, new  
EntityFunction.UPPER(email.toUpperCase())));
             List c = EntityUtil.filterByDate(delegator.findByAnd 
("PartyAndContactMech", exprs, UtilMisc.toList("infoString")), true);

             if (Debug.verboseOn()) Debug.logVerbose("List: " + c,  
module);