diff options
| author | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-25 11:20:06 +0100 |
|---|---|---|
| committer | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-25 11:20:06 +0100 |
| commit | 2168cb7f8e5a54c4676edddfb5804e1441baf179 (patch) | |
| tree | fc6d3b365004b338a412fbef6c7ca8fb5871c621 | |
| parent | 53a9131db68d17de092fe2b6bf04b411226a1134 (diff) | |
| parent | f77142c0b67acf4cf102035ec521f8cec395b43e (diff) | |
| download | forums-2168cb7f8e5a54c4676edddfb5804e1441baf179.tar forums-2168cb7f8e5a54c4676edddfb5804e1441baf179.tar.gz forums-2168cb7f8e5a54c4676edddfb5804e1441baf179.tar.bz2 forums-2168cb7f8e5a54c4676edddfb5804e1441baf179.tar.xz forums-2168cb7f8e5a54c4676edddfb5804e1441baf179.zip | |
Merge pull request #4231 from Senky/ticket/13630
[ticket/13630] Prevent empty parameter select_single
* Senky/ticket/13630:
[ticket/13630] Prevent empty parameter select_single
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 2 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 8b7d42e9c9..aae80b0c06 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -154,7 +154,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'S_SHOW_PM_BOX' => true, 'S_ALLOW_MASS_PM' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false, 'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '', - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=$select_single"), + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=" . (int) $select_single), )); } diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 7cf39f4eb7..70e834b682 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1277,7 +1277,8 @@ switch ($mode) } $param = call_user_func_array('request_var', $call); - $param = urlencode($key) . '=' . ((is_string($param)) ? urlencode($param) : $param); + // Encode strings, convert everything else to int in order to prevent empty parameters. + $param = urlencode($key) . '=' . ((is_string($param)) ? urlencode($param) : (int) $param); $params[] = $param; if ($key != 'first_char') |