MyBB Community Forums

MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > Searching for members with underscores in their name via memberlist.php fails
Full Version: Searching for members with underscores in their name via memberlist.php fails
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Laird

2021-03-10, 05:01 AM
As reported by Cloud on Discord.

The problem is line #225 of memberlist.php, which uses the variable $username_like_query, which has been escaped for a LIKE condition, whereas we need it to be escaped as an ordinary string.

A fix is to change that line from:
            $search_query .= " AND u.username='{$username_like_query}'";

to:
			$username_esc = $db->escape_string($search_username); 
			$search_query .= " AND u.username='{$username_esc}'";

effone

2021-03-10, 06:04 AM
Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/4294

Thanks for contributing to MyBB!

Regards,
The MyBB Group
MyBB Community Forums > Development > MyBB 1.8 Development > 1.8 Bugs and Issues > Pushed > Searching for members with underscores in their name via memberlist.php fails