As a result of a bug, profiles of blocked users are also searched and if matched, are included in the result set.

The bug: there are missing parentheses in the SQL in line 60 -

Change

$sql = "FROM {users} u INNER JOIN {profile_values} pv ON u.uid = pv.uid INNER JOIN {profile_fields} pf ON pv.fid = pf.fid WHERE pv.value LIKE '%%%s%%' OR u.name LIKE '%%%s%%' AND pf.visibility IN (%d, %d) AND u.status = 1";

Into

$sql = "FROM {users} u INNER JOIN {profile_values} pv ON u.uid = pv.uid INNER JOIN {profile_fields} pf ON pv.fid = pf.fid WHERE (pv.value LIKE '%%%s%%' OR u.name LIKE '%%%s%%') AND pf.visibility IN (%d, %d) AND u.status = 1";

The same fix applies also to version 5.

Comments

James Marks’s picture

Version: 6.x-1.1 » 6.x-2.x-dev
Assigned: Unassigned » James Marks
Status: Active » Fixed

Fixed in substantial rewrite of profile_search() function in 6.x-2.x-dev version.

James

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.