From 76fb1f7e08f73e97156418bf45eeceabf01fdda0 Mon Sep 17 00:00:00 2001
From: "bugreport%peshkin.net" <>
Date: Sat, 10 Jul 2004 14:53:18 +0000
Subject: [PATCH] Bug 244272: Remove editusers 'query' parameter patch by jouni
 r=justdave a=justdave

---
 editgroups.cgi | 5 +++--
 editusers.cgi  | 9 +++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/editgroups.cgi b/editgroups.cgi
index 9c93363c00..b00b508534 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -398,8 +398,9 @@ if ($action eq 'del') {
        print "
 <B>One or more users belong to this group. You cannot delete this group while
 there are users in it.</B><BR>
-<A HREF=\"editusers.cgi?action=list&query=" .
-url_quote("(groupset & $bit) OR (blessgroupset & $bit)") . "\">Show me which users.</A> - <INPUT TYPE=CHECKBOX NAME=\"removeusers\">Remove all users from
+<A HREF=\"editusers.cgi?action=list&amp;group=$bit\">
+Show me which users.</A> - 
+<INPUT TYPE=CHECKBOX NAME=\"removeusers\">Remove all users from
 this group for me<P>
 ";
     }
diff --git a/editusers.cgi b/editusers.cgi
index a6c358d554..be5eca2dec 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -314,9 +314,14 @@ if ($action eq 'list') {
           die "Unknown match type";
       }
       $query .= SqlQuote($matchstr) . " ORDER BY login_name";
-    } elsif (exists $::FORM{'query'}) {
+    } elsif (exists $::FORM{'group'}) {
+      my $group = $::FORM{'group'};
+      detaint_natural($group);
+      die "Invalid group" unless $group;
       $query = "SELECT login_name,realname,disabledtext " .
-          "FROM profiles WHERE " . $::FORM{'query'} . " ORDER BY login_name";
+               "FROM profiles WHERE ((groupset & $group) " .
+               "                     OR (blessgroupset & $group)) " .
+               "ORDER BY login_name";
     } else {
       die "Missing parameters";
     }
-- 
2.47.2