When searching for the user by a case-insensitive field (email address
is the only one supported now), the performance may be very poor as the
DB cannot use the index due to the LOWER() operation and the full
sequential scan of all the user records is performed. On some DBs such
as MySQL, this can be significantly improved by pre-filtering the users
with accent-insensitive search.
So we first perform accent-insensitive search for potential candidates
in a subselect, which can use the index. Only then we perform the
additional accent-sensitive search on this limited set or records.
When searching for other users with the same email address, we perform
the case-insensitive and accent-sensitive search. That may be expensive
as some DBs such as MySQL cannot use the index in that case. Instead,
sequential scan of all the user records is performed and the comparison
uses the LOWER function to filter the matching records. This leads to
significant performance heavy queries which in turn represent a surface
for DoS attacks.
For that reason, we first perform accent-insensitive search for
potential candidates in a subselect, which can use the index. Only then
we perform the additional accent-sensitive search on this limited set or
records.
When searching for the user matching the given email address, we perform
the case-insensitive and accent-sensitive search. That may be expensive
as some DBs such as MySQL cannot use the index in that case. Instead,
sequential scan of all the user records is performed and the comparison
uses the LOWER function to filter the matching records. This leads to
significant performance heavy queries which in turn represent a surface
for DoS attacks.
For that reason, we first perform accent-insensitive search for
potential candidates, which can use the index. Only then we perform the
additional accent-sensitive search on this limited set or records.
span is not a valid content wrapper tag.
Moreover, according to W3C validation service report, it is not valid to
have div elements as children of a span element.
We can safely replace span with div here because the element's css class
is .action and display of .action is set to flex in both boost and
classic themes.
Only generate the non-ajax controls in cases where we know we need
them. Otherwise, only generate the new link style control. This patch
includes a behat check as many of our tests use the 'I add "Page" to
section "1"' syntax, which runs without JS.
