1 files changed, 5 insertions, 4 deletions

diff --git a/editusers.cgi b/editusers.cgi
index e12fc35b6..f4e3c0841 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -68,7 +68,7 @@ if ($action eq 'search') {
     my $matchstr      = trim($cgi->param('matchstr'));
     my $matchtype     = $cgi->param('matchtype');
     my $grouprestrict = $cgi->param('grouprestrict') || '0';
-    my $enabled_only  = $cgi->param('enabled_only') || '0';
+    my $is_enabled    = scalar $cgi->param('is_enabled');
     my $query = 'SELECT DISTINCT userid, login_name, realname, is_enabled, ' .
                 $dbh->sql_date_format('last_seen_date', '%Y-%m-%d') . ' AS last_seen_date ' .
                 'FROM profiles';
@@ -160,11 +160,12 @@ if ($action eq 'search') {
             $query .= " $nextCondition ugm.group_id IN($grouplist) ";
         }
 
-        if ($enabled_only eq '1') {
-            $query .= " $nextCondition profiles.is_enabled = 1 ";
+        detaint_natural($is_enabled);
+        if ($is_enabled == 0 || $is_enabled == 1) {
+            $query .= " $nextCondition profiles.is_enabled = ?";
             $nextCondition = 'AND';
+            push(@bindValues, $is_enabled);
         }
-
         $query .= ' ORDER BY profiles.login_name';
 
         $vars->{'users'} = $dbh->selectall_arrayref($query,