torrentpier/torrentpier-lts
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier-lts.git synced 2025-02-28 15:10:54 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated

Browse Source
This commit is contained in:
Roman Kelesidis 2024-01-24 00:48:09 +07:00
parent 70546feb1e
commit f650e59d75
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/includes/functions.php
View File

@ -1183,7 +1183,7 @@ function get_username ($user_id)
}
else
{
$row = DB()->fetch_row("SELECT username FROM ". BB_USERS ." WHERE user_id = $user_id LIMIT 1");
$row = DB()->fetch_row("SELECT username FROM ". BB_USERS ." WHERE user_id = '". DB()->escape($user_id) ."' LIMIT 1");
return $row['username'];
}
}

14
library/includes/ucp/topic_watch.php
View File

@ -18,14 +18,16 @@ $page_cfg['include_bbcode_js'] = true;
$tracking_topics = get_tracks('topic');
$user_id = $userdata['user_id'];
if (isset($_GET['uid']) && get_username($_GET['uid'])) {
if ($_GET['uid'] == $userdata['user_id'] || IS_ADMIN) {
$user_id = DB()->escape($_GET['uid']);
if (isset($_GET['uid'])) {
if (get_username($_GET['uid'])) {
if ($_GET['uid'] == $userdata['user_id'] || IS_ADMIN) {
$user_id = DB()->escape($_GET['uid']);
} else {
bb_die($lang['NOT_AUTHORISED']);
}
} else {
bb_die($lang['NOT_AUTHORISED']);
bb_die($lang['USER_NOT_EXIST']);
}
} else {
bb_die($lang['USER_NOT_EXIST']);
}
$start = isset($_GET['start']) ? abs(intval($_GET['start'])) : 0;
$per_page = $bb_cfg['topics_per_page'];