<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Messages; use NERDZ\Core\Db; use NERDZ\Core\User; use NERDZ\Core\Config; $messages = new Messages(); $user = new User(); $tplcfg = $user->getTemplateCfg(); $id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false; // intval below $pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false; $action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false); $found = true; if ($id) { $id = intval($id); //intval here, so we can display the user not found message if (false === ($info = $user->getObject($id))) { $username = $user->lang('USER_NOT_FOUND'); $found = false; $post = new stdClass(); $post->message = ''; } else { $username = $info->username; if ($pid && !$user->hasInBlacklist($id)) { if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) { $post = new stdClass(); $post->message = ''; }