diff options
Diffstat (limited to 'engine/lib/users.php')
| -rw-r--r-- | engine/lib/users.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php index a3813e6a8..a8fb9121c 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -553,6 +553,11 @@ function get_user($guid) { function get_user_by_username($username) { global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE; + // Fixes #6052. Username is frequently sniffed from the path info, which, + // unlike $_GET, is not URL decoded. If the username was not URL encoded, + // this is harmless. + $username = rawurldecode($username); + $username = sanitise_string($username); $access = get_access_sql_suffix('e'); |