Bugtracker #5196 - send PM to user with apostrophe in display name

2025-08-06 14:46:56 +02:00 · 2011-04-18 17:43:25 +00:00
parent 321a6d1b95
commit 8a9843450d
1 changed files with 3 additions and 2 deletions
--- a/e107_plugins/pm/pm_class.php
+++ b/e107_plugins/pm/pm_class.php
@@ -515,8 +515,9 @@ class private_message
 	 */
 	function pm_getuid($var)
 	{
-		$var = trim($var);
-		if($this->e107->sql->db_Select('user', 'user_id, user_name, user_class, user_email', "user_name LIKE '".$this->e107->sql -> escape(trim($var), TRUE)."'"))
+		$var = strip_if_magic($var);
+		$var = str_replace("'", '&#039;', trim($var));		// Display name uses entities for apostrophe
+		if($this->e107->sql->db_Select('user', 'user_id, user_name, user_class, user_email', "user_name LIKE '".$this->e107->sql -> escape($var, FALSE)."'"))
 		{
 			$row = $this->e107->sql->db_Fetch();
 			return $row;