MyBB Community Forums
[Pushed] Searching for members with underscores in their name via memberlist.php fails - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Development (https://community.mybb.com/forum-161.html)
+--- Forum: MyBB 1.8 Development (https://community.mybb.com/forum-165.html)
+---- Forum: 1.8 Bugs and Issues (https://community.mybb.com/forum-157.html)
+----- Forum: Pushed (https://community.mybb.com/forum-183.html)
+----- Thread: [Pushed] Searching for members with underscores in their name via memberlist.php fails (/thread-231647.html)



Searching for members with underscores in their name via memberlist.php fails - Laird - 2021-03-10

As reported by Cloud on Discord.

The problem is line #225 of memberlist.php, which uses the variable $username_like_query, which has been escaped for a LIKE condition, whereas we need it to be escaped as an ordinary string.

A fix is to change that line from:
            $search_query .= " AND u.username='{$username_like_query}'";

to:
			$username_esc = $db->escape_string($search_username); 
			$search_query .= " AND u.username='{$username_esc}'";



RE: Searching for members with underscores in their name via memberlist.php fails - effone - 2021-03-10

Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/4294

Thanks for contributing to MyBB!

Regards,
The MyBB Group