diff options
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-x | editusers.cgi | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/editusers.cgi b/editusers.cgi index e12fc35b6..f4e3c0841 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -68,7 +68,7 @@ if ($action eq 'search') { my $matchstr = trim($cgi->param('matchstr')); my $matchtype = $cgi->param('matchtype'); my $grouprestrict = $cgi->param('grouprestrict') || '0'; - my $enabled_only = $cgi->param('enabled_only') || '0'; + my $is_enabled = scalar $cgi->param('is_enabled'); my $query = 'SELECT DISTINCT userid, login_name, realname, is_enabled, ' . $dbh->sql_date_format('last_seen_date', '%Y-%m-%d') . ' AS last_seen_date ' . 'FROM profiles'; @@ -160,11 +160,12 @@ if ($action eq 'search') { $query .= " $nextCondition ugm.group_id IN($grouplist) "; } - if ($enabled_only eq '1') { - $query .= " $nextCondition profiles.is_enabled = 1 "; + detaint_natural($is_enabled); + if ($is_enabled == 0 || $is_enabled == 1) { + $query .= " $nextCondition profiles.is_enabled = ?"; $nextCondition = 'AND'; + push(@bindValues, $is_enabled); } - $query .= ' ORDER BY profiles.login_name'; $vars->{'users'} = $dbh->selectall_arrayref($query, |