Updated

library/includes/functions.php

@@ -1183,7 +1183,7 @@ function get_username ($user_id)
 	}
 	else
 	{
-		$row = DB()->fetch_row("SELECT username FROM ". BB_USERS ." WHERE user_id = $user_id LIMIT 1");
+		$row = DB()->fetch_row("SELECT username FROM ". BB_USERS ." WHERE user_id = '". DB()->escape($user_id) ."' LIMIT 1");
 		return $row['username'];
 	}
 }

library/includes/ucp/topic_watch.php

@@ -18,7 +18,8 @@ $page_cfg['include_bbcode_js'] = true;
 $tracking_topics = get_tracks('topic');
 
 $user_id = $userdata['user_id'];
-if (isset($_GET['uid']) && get_username($_GET['uid'])) {
+if (isset($_GET['uid'])) {
+	if (get_username($_GET['uid'])) {
 		if ($_GET['uid'] == $userdata['user_id'] || IS_ADMIN) {
 			$user_id = DB()->escape($_GET['uid']);
 		} else {
@@ -27,6 +28,7 @@ if (isset($_GET['uid']) && get_username($_GET['uid'])) {
 	} else {
 		bb_die($lang['USER_NOT_EXIST']);
 	}
+}
 $start = isset($_GET['start']) ? abs(intval($_GET['start'])) : 0;
 $per_page = $bb_cfg['topics_per_page'];