diff options
| -rw-r--r-- | includes/common.inc | 2 | ||||
| -rw-r--r-- | modules/user.module | 2 | ||||
| -rw-r--r-- | modules/user/user.module | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/includes/common.inc b/includes/common.inc index 341f1da2b..64c536b43 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -391,7 +391,7 @@ function search_data($keys = NULL) { if (isset($keys)) { foreach (module_list() as $name) { - if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", check_query($keys)))) { + if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) { if ($name == "node" || $name == "comment") { $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>"; } diff --git a/modules/user.module b/modules/user.module index 6248cf16a..48189a39d 100644 --- a/modules/user.module +++ b/modules/user.module @@ -351,7 +351,7 @@ function user_perm() { function user_search($keys) { - $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%$keys%'", 0, 20); + $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%". check_query($keys) ."%'", 0, 20); while ($account = db_fetch_object($result)) { $find[$i++] = array("title" => $account->name, "link" => (strstr(request_uri(), "admin") ? url("admin/user/edit/$account->uid") : url("user/view/$account->uid")), "user" => $account->name); } diff --git a/modules/user/user.module b/modules/user/user.module index 6248cf16a..48189a39d 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -351,7 +351,7 @@ function user_perm() { function user_search($keys) { - $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%$keys%'", 0, 20); + $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%". check_query($keys) ."%'", 0, 20); while ($account = db_fetch_object($result)) { $find[$i++] = array("title" => $account->name, "link" => (strstr(request_uri(), "admin") ? url("admin/user/edit/$account->uid") : url("user/view/$account->uid")), "user" => $account->name); } |