From 6090c2ae8b6b33af79cae2ed63ebe5209d0729b3 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Tue, 18 Apr 2017 08:36:29 +0200
Subject: Check query return value in search_results_page()

Instead of unconditionally calling fetch on the return value of query(),
error out early if the value evaluates to false. Also, make sure that
the results array is always initialized, even if the result set is
empty.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 web/lib/acctfuncs.inc.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 3c8f9edb..22b3ca8d 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -495,8 +495,11 @@ function search_results_page($O=0,$SB="",$U="",$T="",
 
 	$result = $dbh->query($q);
 
-	while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
-		$userinfo[] = $row;
+	$userinfo = array();
+	if ($result) {
+		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
+			$userinfo[] = $row;
+		}
 	}
 
 	include("account_search_results.php");
-- 
cgit v1.2.3-24-g4f1b