- adjust unread query a bit to cope with large topics (thanks bart!)

- fixing some bugs - more username_clean work git-svn-id: file:///svn/phpbb/trunk@6513 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Meik Sievertsen <acydburn@phpbb.com> 2006-10-20 13:48:44 +0000
committer: Meik Sievertsen <acydburn@phpbb.com> 2006-10-20 13:48:44 +0000
commit: f4da66a9328d12a3a5cb3a36feb184a4686ca2f3 (patch)
tree: 85fe8abffa4507ce66c4a52e241a58bc5f454353 /phpBB/includes/mcp
parent: b572e0db8f18d36d71c7ad645839bb9b0cdb5f38 (diff)
download: forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.gz
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.bz2
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.xz
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.zip
3 files changed, 6 insertions, 6 deletions
diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php
index 0a6beb60e2..302ace9755 100755
--- a/phpBB/includes/mcp/mcp_notes.php
+++ b/phpBB/includes/mcp/mcp_notes.php
@@ -68,13 +68,13 @@ class mcp_notes
 		global $template, $db, $user, $auth;
 
 		$user_id = request_var('u', 0);
-		$username = request_var('username', '');
+		$username = request_var('username', '', true);
 		$start = request_var('start', 0);
 		$st	= request_var('st', 0);
 		$sk	= request_var('sk', 'b');
 		$sd	= request_var('sd', 'd');
 
-		$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
+		$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php
index d2b66871d4..30cbf918e8 100644
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@@ -59,8 +59,8 @@ function mcp_post_details($id, $mode, $action)
 
 			if ($action == 'chgposter')
 			{
-				$username = request_var('username', '');
-				$sql_where = "username = '" . $db->sql_escape($username) . "'";
+				$username = request_var('username', '', true);
+				$sql_where = "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 			}
 			else
 			{
diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php
index 02eb316ed8..da76dc8b58 100755
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@@ -310,11 +310,11 @@ function mcp_warn_user_view($id, $mode, $action)
 	global $template, $db, $user, $auth;
 
 	$user_id = request_var('u', 0);
-	$username = request_var('username', '');
+	$username = request_var('username', '', true);
 	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
 	$warning = request_var('warning', '', true);
 
-	$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
+	$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 
 	$sql = 'SELECT *
 		FROM ' . USERS_TABLE . '
author	Meik Sievertsen <acydburn@phpbb.com>	2006-10-20 13:48:44 +0000
committer	Meik Sievertsen <acydburn@phpbb.com>	2006-10-20 13:48:44 +0000
commit	f4da66a9328d12a3a5cb3a36feb184a4686ca2f3 (patch)
tree	85fe8abffa4507ce66c4a52e241a58bc5f454353 /phpBB/includes/mcp
parent	b572e0db8f18d36d71c7ad645839bb9b0cdb5f38 (diff)
download	forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.gz forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.bz2 forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.xz forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.zip