uid_from_username() returns a non-integer value when the user does not exist. This results in a broken SQL query when searching for a nonexistent submitter. Fix this by explicitly converting the result of uid_from_username() to an integer.
Fixes FS#40625. Signed-off-by: Lukas Fleischer <[email protected]> --- web/lib/pkgfuncs.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index fed7c03..c736051 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -586,7 +586,7 @@ function pkg_search_page($SID="") { } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") { /* Search by submitter. */ - $q_where .= "AND SubmitterUID = ".uid_from_username($_GET['K'])." "; + $q_where .= "AND SubmitterUID = " . intval(uid_from_username($_GET['K'])) . " "; } elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") { /* Search by name. */ -- 2.0.0
