[aur-dev] [PATCH 2/2] Allow canonical links to accounts (fixes FS#21600, FS#9582).
Lukas Fleischer
archlinux at cryptocrack.de
Sat Nov 6 20:48:52 CET 2010
---
web/html/account.php | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/web/html/account.php b/web/html/account.php
index e8a3218..bf84989 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -69,10 +69,17 @@ if (isset($_COOKIE["AURSID"])) {
} elseif ($_REQUEST["Action"] == "AccountInfo") {
# no editing, just looking up user info
#
- $q = "SELECT Users.*, AccountTypes.AccountType ";
- $q.= "FROM Users, AccountTypes ";
- $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
- $q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
+ if (isset($_REQUEST["ID"])) {
+ $q = "SELECT Users.*, AccountTypes.AccountType ";
+ $q.= "FROM Users, AccountTypes ";
+ $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+ $q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
+ } else {
+ $q = "SELECT Users.*, AccountTypes.AccountType ";
+ $q.= "FROM Users, AccountTypes ";
+ $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+ $q.= "AND Users.Username = '".mysql_real_escape_string($_REQUEST["U"]) . "'";
+ }
$result = db_query($q, $dbh);
if (!mysql_num_rows($result)) {
print __("Could not retrieve information for the specified user.");
--
1.7.3.2
More information about the aur-dev
mailing list