MyBB Community Forums

Full Version: Searching for members with underscores in their name via memberlist.php fails
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
As reported by Cloud on Discord.

The problem is line #225 of memberlist.php, which uses the variable $username_like_query, which has been escaped for a LIKE condition, whereas we need it to be escaped as an ordinary string.

A fix is to change that line from:
            $search_query .= " AND u.username='{$username_like_query}'";

			$username_esc = $db->escape_string($search_username); 
			$search_query .= " AND u.username='{$username_esc}'";

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github:

Thanks for contributing to MyBB!

The MyBB Group