[Pushed] Searching for members with underscores in their name via memberlist.php fails
#1
As reported by Cloud on Discord.

The problem is line #225 of memberlist.php, which uses the variable $username_like_query, which has been escaped for a LIKE condition, whereas we need it to be escaped as an ordinary string.

A fix is to change that line from:
            $search_query .= " AND u.username='{$username_like_query}'";

to:
			$username_esc = $db->escape_string($search_username); 
			$search_query .= " AND u.username='{$username_esc}'";
Reply


Messages In This Thread
Searching for members with underscores in their name via memberlist.php fails - by Laird - 2021-03-10, 05:01 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)