diff options
Diffstat (limited to 'phpBB/includes/mcp/mcp_warn.php')
| -rwxr-xr-x | phpBB/includes/mcp/mcp_warn.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 02eb316ed8..da76dc8b58 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -310,11 +310,11 @@ function mcp_warn_user_view($id, $mode, $action) global $template, $db, $user, $auth; $user_id = request_var('u', 0); - $username = request_var('username', ''); + $username = request_var('username', '', true); $notify = (isset($_REQUEST['notify_user'])) ? true : false; $warning = request_var('warning', '', true); - $sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'"; + $sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $sql = 'SELECT * FROM ' . USERS_TABLE . ' |