Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
As a result of a bug, profiles of blocked users are also searched and if matched, are included in the result set.
The bug: there are missing parentheses in the SQL in line 60 -
Change
$sql = "FROM {users} u INNER JOIN {profile_values} pv ON u.uid = pv.uid INNER JOIN {profile_fields} pf ON pv.fid = pf.fid WHERE pv.value LIKE '%%%s%%' OR u.name LIKE '%%%s%%' AND pf.visibility IN (%d, %d) AND u.status = 1";
Into
$sql = "FROM {users} u INNER JOIN {profile_values} pv ON u.uid = pv.uid INNER JOIN {profile_fields} pf ON pv.fid = pf.fid WHERE (pv.value LIKE '%%%s%%' OR u.name LIKE '%%%s%%') AND pf.visibility IN (%d, %d) AND u.status = 1";
The same fix applies also to version 5.
Comments
Comment #1
James Marks CreditAttribution: James Marks commentedFixed in substantial rewrite of profile_search() function in 6.x-2.x-dev version.
James