From 08ae564a482e1887d5e58e50e4bf84d16e64819c Mon Sep 17 00:00:00 2001
From: Sarjuuk <junkdump@gmx.net>
Date: Tue, 27 Jan 2026 14:23:27 +0100
Subject: [PATCH] PageTemplate/Fixup  * escape input username on user page

---
 endpoints/user/user.php | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/endpoints/user/user.php b/endpoints/user/user.php
index 00aff5e8..f286be2f 100644
--- a/endpoints/user/user.php
+++ b/endpoints/user/user.php
@@ -38,14 +38,10 @@ class UserBaseResponse extends TemplateResponse
         if (!$rawParam)
             $this->forwardToSignIn('user');
 
-        if ($user = DB::Aowow()->selectRow('SELECT a.`id`, a.`username`, a.`consecutiveVisits`, a.`userGroups`, a.`avatar`, a.`avatarborder`, a.`wowicon`, a.`title`, a.`description`, a.`joinDate`, a.`prevLogin`, IFNULL(SUM(ar.`amount`), 0) AS "sumRep", a.`prevIP`, a.`email` FROM ?_account a LEFT JOIN ?_account_reputation ar ON a.`id` = ar.`userId` WHERE LOWER(a.`username`) = LOWER(?) GROUP BY a.`id`', $rawParam))
+        if ($user = DB::Aowow()->selectRow('SELECT a.`id`, a.`username`, a.`consecutiveVisits`, a.`userGroups`, a.`avatar`, a.`avatarborder`, a.`wowicon`, a.`title`, a.`description`, a.`joinDate`, a.`prevLogin`, IFNULL(SUM(ar.`amount`), 0) AS "sumRep", a.`prevIP`, a.`email` FROM ?_account a LEFT JOIN ?_account_reputation ar ON a.`id` = ar.`userId` WHERE a.`id` <> 0 AND LOWER(a.`username`) = LOWER(?) GROUP BY a.`id`', $rawParam))
             $this->user = $user;
         else
-            $this->generateNotFound(Lang::user('notFound', [$rawParam]));
-
-        // do not display system account
-        if (!$this->user['id'])
-            $this->generateNotFound(Lang::user('notFound', [$rawParam]));
+            $this->generateNotFound(Lang::user('notFound', [Util::htmlEscape($rawParam)]));
     }
 
     protected function generate() : void