- Bugfix: fixed string being check_query()-ed twice. Bug #2425.  Patch by
  Matt.

includes/common.inc

@@ -391,7 +391,7 @@ function search_data($keys = NULL) {
 
   if (isset($keys)) {
     foreach (module_list() as $name) {
-      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", check_query($keys)))) {
+      if (module_hook($name, "search") && (!$edit["type"] || $edit["type"][$name]) && ($result = module_invoke($name, "search", $keys))) {
         if ($name == "node" || $name == "comment") {
           $output .= "<p><b>". t("Matching ". $name ."s ranked in order of relevance") .":</b></p>";
         }

modules/user.module

@@ -351,7 +351,7 @@ function user_perm() {
 
 function user_search($keys) {
 
-  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%$keys%'", 0, 20);
+  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%". check_query($keys) ."%'", 0, 20);
   while ($account = db_fetch_object($result)) {
     $find[$i++] = array("title" => $account->name, "link" => (strstr(request_uri(), "admin") ? url("admin/user/edit/$account->uid") : url("user/view/$account->uid")), "user" => $account->name);
   }

modules/user/user.module

@@ -351,7 +351,7 @@ function user_perm() {
 
 function user_search($keys) {
 
-  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%$keys%'", 0, 20);
+  $result = db_query_range("SELECT * FROM {users} WHERE name LIKE '%". check_query($keys) ."%'", 0, 20);
   while ($account = db_fetch_object($result)) {
     $find[$i++] = array("title" => $account->name, "link" => (strstr(request_uri(), "admin") ? url("admin/user/edit/$account->uid") : url("user/view/$account->uid")), "user" => $account->name);
   }