Merge branch 'master' of github.com:brettp/Elgg

2 files changed, 4 insertions, 5 deletions

diff --git a/mod/members/pages/members/index.php b/mod/members/pages/members/index.php
index 4f23c6322..330ef66bf 100644
--- a/mod/members/pages/members/index.php
+++ b/mod/members/pages/members/index.php
@@ -28,7 +28,6 @@ $params = array(
 	'content' => $content,
 	'sidebar' => elgg_view('members/sidebar'),
 	'title' => $title . " ($num_members)",
-	'buttons' => '',
 	'filter_override' => elgg_view('members/nav', array('selected' => $vars['page'])),
 );
 
diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php
index 39b54990e..94127768a 100644
--- a/mod/members/pages/members/search.php
+++ b/mod/members/pages/members/search.php
@@ -19,16 +19,16 @@ if ($vars['search_type'] == 'tag') {
 	$users = $results['entities'];
 	$content = elgg_view_entity_list($users, $count, $offset, $limit, false, false, true);
 } else {
-	$name = get_input('name');
+	$name = sanitize_string(get_input('name'));
 
 	$title = elgg_echo('members:title:searchname', array($name));
 
-	global $CONFIG;
+	$db_prefix = elgg_get_config('dbprefix');
 	$params = array(
 		'type' => 'user',
 		'full_view' => false,
-		'joins' => array("join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid"),
-		'wheres' => array("(u.name like \"%{$name}%\" or u.username like \"%{$name}%\")"),
+		'joins' => array("JOIN {$db_prefix}users_entity u ON e.guid=u.guid"),
+		'wheres' => array("(u.name LIKE \"%{$name}%\" OR u.username LIKE \"%{$name}%\")"),
 	);
 	$content .= elgg_list_entities($params);
 }