fixed get_userdata to be now really compatible with id and username (note: used intval check against 0 because of php3 compatibility)

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3533 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-05 15:16:16 +02:00 · 2003-02-25 23:28:30 +00:00 · 2003-02-25 23:28:30 +00:00 · 81b3672c87
commit 81b3672c87
parent eca9470cd4
3 changed files with 5 additions and 3 deletions
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@ -716,7 +716,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
 		}
 		else
 		{
-			$this_userdata = get_userdata(htmlspecialchars($HTTP_POST_VARS['username']));
+			$this_userdata = get_userdata($HTTP_POST_VARS['username']);
 			if( !$this_userdata )
 			{
 				message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -78,10 +78,12 @@ function get_userdata($user)
 {
 	global $db;

+	$user = ( intval($user) == 0) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
+
 	$sql = "SELECT *
 		FROM " . USERS_TABLE . " 
 		WHERE ";
-	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
+	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  $user . "'" ) . " AND user_id <> " . ANONYMOUS;
 	if ( !($result = $db->sql_query($sql)) )
 	{
 		message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
--- a/phpBB/includes/usercp_viewprofile.php
+++ b/phpBB/includes/usercp_viewprofile.php
@ -31,7 +31,7 @@ if ( empty($HTTP_GET_VARS[POST_USERS_URL]) || $HTTP_GET_VARS[POST_USERS_URL] ==
 {
 	message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
 }
-$profiledata = get_userdata(intval($HTTP_GET_VARS[POST_USERS_URL]));
+$profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]);

 $sql = "SELECT *
 	FROM " . RANKS_TABLE . "