Addresses FS#9582 and FS#21600.
Signed-off-by: Lukas Fleischer <[email protected]>
---
web/html/account.php | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/web/html/account.php b/web/html/account.php
index 339316b..f17ba48 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -75,7 +75,11 @@ if (isset($_COOKIE["AURSID"])) {
$q = "SELECT Users.*, AccountTypes.AccountType ";
$q.= "FROM Users, AccountTypes ";
$q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
- $q.= "AND Users.ID = ".intval(in_request("ID"));
+ if (isset($_REQUEST["ID"])) {
+ $q.= "AND Users.ID = ".intval(in_request("ID"));
+ } else {
+ $q.= "AND Users.Username =
'".db_escape_string(in_request("U")) . "'";
+ }
$result = db_query($q, $dbh);
if (!mysql_num_rows($result)) {
print __("Could not retrieve information for the
specified user.");
--
1.7.9.4
