From 18e840ac66043cb3f7561d0f016e1c71534b30e6 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 14 Sep 2003 08:57:18 +0000
Subject: [PATCH] - Bugfix: fixed string being check_query()-ed twice. Bug
 #2425.  Patch by   Matt.

---
 includes/common.inc      | 2 +-
 modules/user.module      | 2 +-
 modules/user/user.module | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/includes/common.inc b/includes/common.inc
index 341f1da2bff..64c536b4361 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -391,7 +391,7 @@ function search_data($keys = NULL) {
 
   if (isset($keys)) {
     foreach (module_list() as $name) {
-      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", check_query($keys)))) {
+      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
         if ($name == "node" || $name == "comment") {
           $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
         }
diff --git a/modules/user.module b/modules/user.module
index 6248cf16a29..48189a39dc0 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -351,7 +351,7 @@ function user_perm() {
 
 function user_search($keys) {
 
-  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%$keys%'", 0, 20);
+  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%". check_query($keys) ."%'", 0, 20);
   while ($account = db_fetch_object($result)) {
     $find[$i++] = array("title" => $account->name, "link" => (strstr(request_uri(), "admin") ? url("admin/user/edit/$account->uid") : url("user/view/$account->uid")), "user" => $account->name);
   }
diff --git a/modules/user/user.module b/modules/user/user.module
index 6248cf16a29..48189a39dc0 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -351,7 +351,7 @@ function user_perm() {
 
 function user_search($keys) {
 
-  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%$keys%'", 0, 20);
+  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%". check_query($keys) ."%'", 0, 20);
   while ($account = db_fetch_object($result)) {
     $find[$i++] = array("title" => $account->name, "link" => (strstr(request_uri(), "admin") ? url("admin/user/edit/$account->uid") : url("user/view/$account->uid")), "user" => $account->name);
   }