diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-03-22 15:15:57 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-03-24 10:34:35 +0100 |
commit | e9d8e9b8c074421d15103fd66112dea78800e72a (patch) | |
tree | 422792fb697f78e554dc93d682f364cf559a2508 | |
parent | cf2f66751238a5c956c69d3852df74c8e9bbbe52 (diff) | |
download | aurweb-e9d8e9b8c074421d15103fd66112dea78800e72a.tar.xz |
Support canonical links to accounts
Addresses FS#9582 and FS#21600.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/html/account.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/web/html/account.php b/web/html/account.php index 339316b..f17ba48 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -75,7 +75,11 @@ if (isset($_COOKIE["AURSID"])) { $q = "SELECT Users.*, AccountTypes.AccountType "; $q.= "FROM Users, AccountTypes "; $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; - $q.= "AND Users.ID = ".intval(in_request("ID")); + if (isset($_REQUEST["ID"])) { + $q.= "AND Users.ID = ".intval(in_request("ID")); + } else { + $q.= "AND Users.Username = '".db_escape_string(in_request("U")) . "'"; + } $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { print __("Could not retrieve information for the specified user."); |