t_a/cavepaintingsFork
1
Fork 0
forked from Cavemanon/cavepaintings
Code Issues Pull Requests Packages Projects Releases Wiki Activity

safety

Browse Source
This commit is contained in:
Shish
2017-09-17 19:11:51 +01:00
parent 5763b77e2b
commit 186ea55348
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ext/user/main.php
View File

@@ -126,7 +126,7 @@ class UserPage extends Extension {
$a["name"] = '%' . $_GET['username'] . '%';
}
if(@$_GET['email']) {
if($user->can('delete_user') && @$_GET['email']) {
$q .= " AND SCORE_STRNORM(name) LIKE SCORE_STRNORM(:email)";
$a["email"] = '%' . $_GET['email'] . '%';
}