users: fix find_by_name for names with special characters.

`User.find_by_name` used `where_ilike` to do a case-insensitve name search, but it didn't escape `*` or `\` characters first, so it didn't handle names containing these characters properly.
2019-09-23 00:03:11 -05:00
parent dcc2c793f9
commit 09972477cd
3 changed files with 15 additions and 1 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -142,7 +142,7 @@ class User < ApplicationRecord

      # XXX downcasing is the wrong way to do case-insensitive comparison for unicode (should use casefolding).
      def find_by_name(name)
-        where_ilike(:name, normalize_name(name)).first
+        where_iequals(:name, normalize_name(name)).first
      end

      def normalize_name(name)