From 186ea553483f95d82cee1bec040cb41ac5b798e5 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Sun, 17 Sep 2017 19:11:51 +0100
Subject: [PATCH] safety

---
 ext/user/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/user/main.php b/ext/user/main.php
index 44fdda31..12d279d9 100644
--- a/ext/user/main.php
+++ b/ext/user/main.php
@@ -126,7 +126,7 @@ class UserPage extends Extension {
 					$a["name"] = '%' . $_GET['username'] . '%';
 				}
 
-				if(@$_GET['email']) {
+				if($user->can('delete_user') && @$_GET['email']) {
 					$q .= " AND SCORE_STRNORM(name) LIKE SCORE_STRNORM(:email)";
 					$a["email"] = '%' . $_GET['email'] . '%';
 				}