diff options
| author | Jakub Senko <jakubsenko@gmail.com> | 2016-03-18 12:30:16 +0100 |
|---|---|---|
| committer | Jakub Senko <jakubsenko@gmail.com> | 2016-03-20 16:58:35 +0100 |
| commit | f77142c0b67acf4cf102035ec521f8cec395b43e (patch) | |
| tree | 418bd596999c65f06496766c011ccf00003fed05 | |
| parent | 0194c78d19425a0d54b690bed210eebf34cd9007 (diff) | |
| download | forums-f77142c0b67acf4cf102035ec521f8cec395b43e.tar forums-f77142c0b67acf4cf102035ec521f8cec395b43e.tar.gz forums-f77142c0b67acf4cf102035ec521f8cec395b43e.tar.bz2 forums-f77142c0b67acf4cf102035ec521f8cec395b43e.tar.xz forums-f77142c0b67acf4cf102035ec521f8cec395b43e.zip | |
[ticket/13630] Prevent empty parameter select_single
PHPBB3-13630
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 2 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 8b7d42e9c9..aae80b0c06 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -154,7 +154,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'S_SHOW_PM_BOX' => true, 'S_ALLOW_MASS_PM' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false, 'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '', - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=$select_single"), + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=" . (int) $select_single), )); } diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 7cf39f4eb7..70e834b682 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1277,7 +1277,8 @@ switch ($mode) } $param = call_user_func_array('request_var', $call); - $param = urlencode($key) . '=' . ((is_string($param)) ? urlencode($param) : $param); + // Encode strings, convert everything else to int in order to prevent empty parameters. + $param = urlencode($key) . '=' . ((is_string($param)) ? urlencode($param) : (int) $param); $params[] = $param; if ($key != 'first_char') |