From f4da66a9328d12a3a5cb3a36feb184a4686ca2f3 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Fri, 20 Oct 2006 13:48:44 +0000
Subject: - adjust unread query a bit to cope with large topics (thanks bart!)
 - fixing some bugs - more username_clean work

git-svn-id: file:///svn/phpbb/trunk@6513 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/mcp/mcp_notes.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'phpBB/includes/mcp/mcp_notes.php')

diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php
index 0a6beb60e2..302ace9755 100755
--- a/phpBB/includes/mcp/mcp_notes.php
+++ b/phpBB/includes/mcp/mcp_notes.php
@@ -68,13 +68,13 @@ class mcp_notes
 		global $template, $db, $user, $auth;
 
 		$user_id = request_var('u', 0);
-		$username = request_var('username', '');
+		$username = request_var('username', '', true);
 		$start = request_var('start', 0);
 		$st	= request_var('st', 0);
 		$sk	= request_var('sk', 'b');
 		$sd	= request_var('sd', 'd');
 
-		$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
+		$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
-- 
cgit v1.2.1