From c1720a3bb6dd07af2cf4b359bd85d0ad614c6bab Mon Sep 17 00:00:00 2001
From: INOPIAE <inopiae@cacert.org>
Date: Mon, 9 Jun 2014 13:11:02 +0200
Subject: bug 1282: added a better check for id for the search

---
 pages/account/49.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'pages')

diff --git a/pages/account/49.php b/pages/account/49.php
index 0218fa0..1de9952 100644
--- a/pages/account/49.php
+++ b/pages/account/49.php
@@ -24,9 +24,15 @@
 			$domainsearch = "%$domain%";
 		if(preg_match("/^\d+$/",$domain))
 			$domainsearch = "";
+		//check if request is id if not set search ID to -1
+		$domainid = intval($domain);
+		if($domain !== $domainid){
+			$domainid = -1;
+		}
+
 		$query = "select `users`.`id` as `id`, `domains`.`domain` as `domain`, `domains`.`id`as `domid` from `users`,`domains`
 				where `users`.`id`=`domains`.`memid` and
-				(`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domain') and
+				(`domains`.`domain` like '$domainsearch' or `domains`.`id`='$domainid') and
 				`domains`.`deleted`=0 and `users`.`deleted`=0 and
 				`users`.`verified`=1
 				group by `users`.`id` limit 100";
@@ -64,8 +70,7 @@
 			</tr>
 		</table><br><br><?
 		}
-
-		$query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domain' limit 100";
+		$query = "select `orgid`,`domain`,`id` from `orgdomains` where `domain` like '$domainsearch' or `id`='$domainid' limit 100";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) >= 1) { ?>
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
-- 
cgit v1.2.1