summaryrefslogtreecommitdiff
path: root/pages/account
diff options
context:
space:
mode:
authorINOPIAE <inopiae@cacert.org>2014-06-09 13:11:02 +0200
committerINOPIAE <inopiae@cacert.org>2014-06-09 13:11:02 +0200
commitc1720a3bb6dd07af2cf4b359bd85d0ad614c6bab (patch)
tree5516ecb150774cc42874dfd683688d121003d323 /pages/account
parent2affa9c6e9a1f2a7f68ab5fa306374cd037d6227 (diff)
downloadcacert-devel-c1720a3bb6dd07af2cf4b359bd85d0ad614c6bab.tar.gz
cacert-devel-c1720a3bb6dd07af2cf4b359bd85d0ad614c6bab.tar.xz
cacert-devel-c1720a3bb6dd07af2cf4b359bd85d0ad614c6bab.zip
bug 1282: added a better check for id for the search
Diffstat (limited to 'pages/account')
-rw-r--r--pages/account/49.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..1de9952 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -24,9 +24,15 @@
$domainsearch = "%$domain%";
if(preg_match("/^\d+$/",$domain))
$domainsearch = "";
+ //check if request is id if not set search ID to -1
+ $domainid = intval($domain);
+ if($domain !== $domainid){
+ $domainid = -1;
+ }
+
$query = "select `users`.`id` as `id`, `domains`.`domain` as `domain`, `domains`.`id`as `domid` from `users`,`domains`
where `users`.`id`=`domains`.`memid` and
- (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
+ (`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domainid') and
`domains`.`deleted`=0 and `users`.`deleted`=0 and
`users`.`verified`=1
group by `users`.`id` limit 100";
@@ -64,8 +70,7 @@
</tr>
</table><br><br><?
}
-
- $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
+ $query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domainid' limit 100";
$res = mysql_query($query);
if(mysql_num_rows($res) >= 1) { ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">