diff options
| author | Steve Clay <steve@mrclay.org> | 2013-09-20 21:21:12 -0400 |
|---|---|---|
| committer | Steve Clay <steve@mrclay.org> | 2013-09-20 21:21:12 -0400 |
| commit | 7a9bdd3f5f0e9f9f26a32f91418a53cd36e7e2fe (patch) | |
| tree | 06952194c6d9589f761319ec9463239928171093 /engine/lib/users.php | |
| parent | 5b361f8b2b00d85282bb827f5bd83cf0e44fe4df (diff) | |
| parent | 49ab3a17173aedb8b5e3a2a228cc6cfd0a510e49 (diff) | |
| download | elgg-7a9bdd3f5f0e9f9f26a32f91418a53cd36e7e2fe.tar.gz elgg-7a9bdd3f5f0e9f9f26a32f91418a53cd36e7e2fe.tar.bz2 | |
Merge branch 'sembrestels-patch-2' into 1.8
Diffstat (limited to 'engine/lib/users.php')
| -rw-r--r-- | engine/lib/users.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php index a3813e6a8..a8fb9121c 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -553,6 +553,11 @@ function get_user($guid) { function get_user_by_username($username) { global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE; + // Fixes #6052. Username is frequently sniffed from the path info, which, + // unlike $_GET, is not URL decoded. If the username was not URL encoded, + // this is harmless. + $username = rawurldecode($username); + $username = sanitise_string($username); $access = get_access_sql_suffix('e'); |