diff options
author | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-25 11:20:56 +0100 |
---|---|---|
committer | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-25 11:20:56 +0100 |
commit | f29ebb1846caadc9622cad69098e5638f6c9f155 (patch) | |
tree | 0b1be718b65e877e5dfe8f3e1d8717eaee07e156 /phpBB | |
parent | 28f0c3457c48205ee6b7a62b878418f797f8649f (diff) | |
parent | 2168cb7f8e5a54c4676edddfb5804e1441baf179 (diff) | |
download | forums-f29ebb1846caadc9622cad69098e5638f6c9f155.tar forums-f29ebb1846caadc9622cad69098e5638f6c9f155.tar.gz forums-f29ebb1846caadc9622cad69098e5638f6c9f155.tar.bz2 forums-f29ebb1846caadc9622cad69098e5638f6c9f155.tar.xz forums-f29ebb1846caadc9622cad69098e5638f6c9f155.zip |
Merge branch '3.1.x' into 3.2.x
* 3.1.x:
[ticket/13630] Prevent empty parameter select_single
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 2 | ||||
-rw-r--r-- | phpBB/memberlist.php | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index e707c251fe..1132271689 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -157,7 +157,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'S_SHOW_PM_BOX' => true, 'S_ALLOW_MASS_PM' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false, 'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '', - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=$select_single"), + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=" . (int) $select_single), )); } diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 759a899de1..146ded0929 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1279,7 +1279,8 @@ switch ($mode) } $param = call_user_func_array(array($request, 'variable'), $call); - $param = urlencode($key) . '=' . ((is_string($param)) ? urlencode($param) : $param); + // Encode strings, convert everything else to int in order to prevent empty parameters. + $param = urlencode($key) . '=' . ((is_string($param)) ? urlencode($param) : (int) $param); $params[] = $param; if ($key != 'first_char') |