aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2013-09-20 21:02:30 -0400
committerSteve Clay <steve@mrclay.org>2013-09-20 21:02:30 -0400
commitee2b6351f5a759b6e713d3992c3b0c348850fecf (patch)
tree2dbc0ead72df0b8d3614613d956b750723966d22
parent283106afa1fb6ff9984341b8911f90c5d4e4c4a2 (diff)
downloadelgg-ee2b6351f5a759b6e713d3992c3b0c348850fecf.tar.gz
elgg-ee2b6351f5a759b6e713d3992c3b0c348850fecf.tar.bz2
Adds comment to explain URL decoding in get_user_by_username
-rw-r--r--engine/lib/users.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 0b4608034..bccfb8b03 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -553,7 +553,12 @@ function get_user($guid) {
function get_user_by_username($username) {
global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE;
- $username = sanitise_string(rawurldecode($username));
+ // Fixes #6052. Username is frequently sniffed from the path info, which,
+ // unlike $_GET, is not URL decoded. If the username was not URL encoded,
+ // this is harmless.
+ $username = rawurldecode($username);
+
+ $username = sanitise_string($username);
$access = get_access_sql_suffix('e');
// Caching