Index: drupal-6.x-dev/includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.198
diff -u -p -r1.198 bootstrap.inc
--- drupal-6.x-dev/includes/bootstrap.inc 25 Oct 2007 15:38:24 -0000 1.198
+++ drupal-6.x-dev/includes/bootstrap.inc 10 Nov 2007 17:24:27 -0000
@@ -831,7 +831,7 @@ function drupal_is_denied($type, $mask)
// these, we return 1 (denied). If no matching records or only ones
// with status = 1, we get no return from db_result, so we return
// (bool)NULL = 0 (allowed).
- return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
+ return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE mask AND status = 0", $type, $mask, 0, 1));
}
/**
Index: drupal-6.x-dev/modules/user/user.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.admin.inc,v
retrieving revision 1.9
diff -u -p -r1.9 user.admin.inc
--- drupal-6.x-dev/modules/user/user.admin.inc 10 Nov 2007 10:15:21 -0000 1.9
+++ drupal-6.x-dev/modules/user/user.admin.inc 10 Nov 2007 17:24:31 -0000
@@ -722,7 +722,7 @@ function user_admin_access_add($mask = N
form_set_error('mask', t('You must enter a mask.'));
}
else {
- db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $edit['mask'], $edit['type'], $edit['status']);
+ db_query("INSERT INTO {access} (mask, type, status) VALUES (LOWER('%s'), '%s', %d)", $edit['mask'], $edit['type'], $edit['status']);
$aid = db_last_insert_id('access', 'aid');
drupal_set_message(t('The access rule has been added.'));
drupal_goto('admin/user/rules');
@@ -744,7 +744,7 @@ function user_admin_access_edit($aid = 0
form_set_error('mask', t('You must enter a mask.'));
}
else {
- db_query("UPDATE {access} SET mask = '%s', type = '%s', status = '%s' WHERE aid = %d", $edit['mask'], $edit['type'], $edit['status'], $aid);
+ db_query("UPDATE {access} SET mask = LOWER('%s'), type = '%s', status = '%s' WHERE aid = %d", $edit['mask'], $edit['type'], $edit['status'], $aid);
drupal_set_message(t('The access rule has been saved.'));
drupal_goto('admin/user/rules');
}
Index: drupal-6.x-dev/modules/user/user.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.install,v
retrieving revision 1.3
diff -u -p -r1.3 user.install
--- drupal-6.x-dev/modules/user/user.install 4 Nov 2007 14:33:07 -0000 1.3
+++ drupal-6.x-dev/modules/user/user.install 10 Nov 2007 17:24:31 -0000
@@ -36,6 +36,10 @@ function user_schema() {
),
),
'primary key' => array('aid'),
+ 'indexes' => array(
+ 'mask' => array('mask'),
+ 'type' => array('type')
+ ),
);
$schema['authmap'] = array(
@@ -282,3 +286,13 @@ function user_schema() {
return $schema;
}
+/**
+ * Add an index to access table and convert all stored masks to lower case.
+ */
+function user_update_6000() {
+ $ret = array();
+ db_add_index($ret, 'access', 'mask', array('mask'));
+ db_add_index($ret, 'access', 'type', array('type'));
+ $ret[] = update_sql('UPDATE {access} SET mask = LOWER(mask)');
+ return $ret;
+}
Index: drupal-6.x-dev/modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.862
diff -u -p -r1.862 user.module
--- drupal-6.x-dev/modules/user/user.module 6 Nov 2007 12:20:14 -0000 1.862
+++ drupal-6.x-dev/modules/user/user.module 10 Nov 2007 17:24:36 -0000
@@ -1713,7 +1713,7 @@ function user_help($path, $arg) {
case 'admin/user/user/account/create':
return ''. t('This web page allows the administrators to register new users by hand. Note that you cannot have a user where either the e-mail address or the username match another user in the system.') .'
';
case 'admin/user/rules':
- return ''. t('Set up username and e-mail address access rules for new and existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations.') .'
';
+ return ''. t('Set up username and e-mail address access rules for new and existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations. For performance reasons, Drupal stores access rules in lower case.') .'
';
case 'admin/user/permissions':
return ''. t('Permissions let you control what users can do on your site. Each user role (defined on the user roles page) has its own set of permissions. For example, you could give users classified as "Administrators" permission to "administer nodes" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.', array('@role' => url('admin/user/roles'))) .'
';
case 'admin/user/roles':
@@ -2075,7 +2075,7 @@ function user_block_user_action(&$object
*/
function user_block_ip_action() {
$ip = ip_address();
- db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $ip, 'host', 0);
+ db_query("INSERT INTO {access} (mask, type, status) VALUES (LOWER('%s'), '%s', %d)", $ip, 'host', 0);
watchdog('action', 'Banned IP address %ip', array('%ip' => $ip));
}