Index: CHANGELOG.txt
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/drupalvb/CHANGELOG.txt,v
retrieving revision 1.7.4.34
diff -u -p -r1.7.4.34 CHANGELOG.txt
--- CHANGELOG.txt	14 Oct 2008 23:43:45 -0000	1.7.4.34
+++ CHANGELOG.txt	14 Oct 2008 23:53:05 -0000
@@ -6,6 +6,8 @@ Drupal vB x.x-x.x, xxxx-xx-xx
 
 Drupal vB 5.x-2.x, xxxx-xx-xx
 -----------------------------
+#308857 by smk-ka: Fixed usernames containing non-latin1 characters not synced
+  due to missing encoding.
 by sun: Fixed wrong global variable name for $cookie_domain.
 
 
Index: drupalvb.inc.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/drupalvb/drupalvb.inc.php,v
retrieving revision 1.9.4.18
diff -u -p -r1.9.4.18 drupalvb.inc.php
--- drupalvb.inc.php	14 Oct 2008 23:43:45 -0000	1.9.4.18
+++ drupalvb.inc.php	14 Oct 2008 23:47:28 -0000
@@ -106,7 +106,7 @@ function drupalvb_get_ip() {
  */
 function drupalvb_create_user($account, $edit) {
   // Ensure we are not duplicating a user.
-  if (db_num_rows(drupalvb_db_query("SELECT userid FROM {user} WHERE LOWER(username) = LOWER('%s')", $edit['name'])) > 0) {
+  if (db_num_rows(drupalvb_db_query("SELECT userid FROM {user} WHERE LOWER(username) = LOWER('%s')", drupalvb_htmlspecialchars($edit['name']))) > 0) {
     return FALSE;
   }
 
@@ -147,7 +147,7 @@ function drupalvb_create_user($account, 
   $usergroupid = variable_get('drupalvb_default_usergroup', '2');
 
   // Set up the insertion query.
-  $result = drupalvb_db_query("INSERT INTO {user} (username, usergroupid, password, passworddate, usertitle, email, salt, showvbcode, languageid, timezoneoffset, posts, joindate, lastvisit, lastactivity, options) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', 1, 1, '%s', 0, '%s', '%s', '%s', '%s')", $edit['name'], $usergroupid, $passhash, $passdate, $usertitle, $edit['mail'], $salt, $timezone, $joindate, time(), time(), $options);
+  $result = drupalvb_db_query("INSERT INTO {user} (username, usergroupid, password, passworddate, usertitle, email, salt, showvbcode, languageid, timezoneoffset, posts, joindate, lastvisit, lastactivity, options) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', 1, 1, '%s', 0, '%s', '%s', '%s', '%s')", drupalvb_htmlspecialchars($edit['name']), $usergroupid, $passhash, $passdate, $usertitle, $edit['mail'], $salt, $timezone, $joindate, time(), time(), $options);
 
   $userid = db_last_insert_id('user', 'userid');
 
@@ -174,7 +174,7 @@ function drupalvb_update_user($account, 
     switch ($field) {
       case 'name':
         $fields[] = "username = '%s'";
-        $values[] = $value;
+        $values[] = drupalvb_htmlspecialchars($value);
         break;
 
       case 'pass':
@@ -207,12 +207,12 @@ function drupalvb_update_user($account, 
   $values[] = time();
 
   // Use previous case insensitive username to update conflicting names.
-  $values[] = $account->name;
+  $values[] = drupalvb_htmlspecialchars($account->name);
   drupalvb_db_query("UPDATE {user} SET ". implode(', ', $fields) ." WHERE LOWER(username) = LOWER('%s')", $values);
 
   // Ensure this user exists in the mapping table.
   // When integrating an existing installation, the mapping may not yet exist.
-  $userid = db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE username = '%s'", $account->name));
+  $userid = db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($account->name)));
   drupalvb_set_mapping($account->uid, $userid);
 }
 
@@ -244,7 +244,7 @@ function drupalvb_export_drupal_users() 
     if (!drupalvb_create_user($user, (array)$user)) {
       // Username already exists, update email and password only.
       // Case insensitive username is required to detect collisions.
-      $vbuser = db_fetch_array(drupalvb_db_query("SELECT salt FROM {user} WHERE LOWER(username) = LOWER('%s')", $user->name));
+      $vbuser = db_fetch_array(drupalvb_db_query("SELECT salt FROM {user} WHERE LOWER(username) = LOWER('%s')", drupalvb_htmlspecialchars($user->name)));
       drupalvb_update_user($user, array_merge((array)$user, $vbuser));
     }
   }
@@ -350,7 +350,7 @@ function drupalvb_get_recent_posts($scop
   global $user;
 
   // Queries the vB user database to find a matching set of user data.
-  $result = drupalvb_db_query("SELECT userid, username, lastvisit FROM {user} WHERE username = '%s'", $user->name);
+  $result = drupalvb_db_query("SELECT userid, username, lastvisit FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($user->name));
 
   // Make sure a user is logged in to get their last visit and appropriate post
   // count.
@@ -370,3 +370,8 @@ function drupalvb_get_recent_posts($scop
   return $posts;
 }
 
+function drupalvb_htmlspecialchars($text) {
+  $text = preg_replace('/&(?!#[0-9]+|shy;)/si', '&amp;', $text);
+  return str_replace(array('<', '>', '"'), array('&lt;', '&gt;', '&quot;'), $text);
+}
+
Index: drupalvb.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/drupalvb/drupalvb.module,v
retrieving revision 1.11.4.17
diff -u -p -r1.11.4.17 drupalvb.module
--- drupalvb.module	16 Jul 2008 01:11:21 -0000	1.11.4.17
+++ drupalvb.module	14 Oct 2008 23:51:27 -0000
@@ -149,7 +149,7 @@ function drupalvb_auth($username, $passw
   if (!drupalvb_db_is_valid()) {
     return;
   }
-  if ($vbuser = db_fetch_array(drupalvb_db_query("SELECT userid, username, password, salt, email, joindate FROM {user} WHERE username = '%s' LIMIT 1", $username))) {
+  if ($vbuser = db_fetch_array(drupalvb_db_query("SELECT userid, username, password, salt, email, joindate FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($username)))) {
     // Rebuild the password.
     $vbpassword = md5(md5($password) . $vbuser['salt']);
     if ($vbuser['password'] === $vbpassword) {
@@ -236,7 +236,7 @@ function drupalvb_user($op, &$edit, &$ac
  * @see drupalvb_user()
  */
 function drupalvb_user_login($account) {
-  $vbuser = db_fetch_array(drupalvb_db_query("SELECT u.userid, ub.liftdate FROM {user} u LEFT JOIN {userban} ub ON ub.userid = u.userid WHERE u.username = '%s' LIMIT 1", $account->name));
+  $vbuser = db_fetch_array(drupalvb_db_query("SELECT u.userid, ub.liftdate FROM {user} u LEFT JOIN {userban} ub ON ub.userid = u.userid WHERE u.username = '%s'", drupalvb_htmlspecialchars($account->name)));
 
   // Create account in vB if user does not exist.
   if (!$vbuser) {
@@ -271,7 +271,7 @@ function drupalvb_user_login($account) {
  * @see drupalvb_user()
  */
 function drupalvb_user_logout($account) {
-  $vbuser = db_fetch_array(drupalvb_db_query("SELECT userid, username FROM {user} WHERE username = '%s' LIMIT 1", $account->name));
+  $vbuser = db_fetch_array(drupalvb_db_query("SELECT userid, username FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($account->name)));
   if ($vbuser) {
     // Remove all vB cookies for current user.
     drupalvb_clear_cookies($vbuser['userid']);
@@ -286,13 +286,13 @@ function drupalvb_user_validate($uid, &$
   $userid = db_result(db_query("SELECT userid FROM {drupalvb_users} WHERE uid = %d", $uid));
   // Validate the username.
   if (arg(1) == 'register' || user_access('change own username') || user_access('administer users')) {
-    if (db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE userid != %d AND LOWER(username) = LOWER('%s') LIMIT 1", $userid, $edit['name']))) {
+    if (db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE userid != %d AND LOWER(username) = LOWER('%s')", $userid, drupalvb_htmlspecialchars($edit['name']))) > 0) {
       form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
     }
   }
 
   // Validate the e-mail address.
-  if (db_num_rows(drupalvb_db_query("SELECT userid FROM {user} WHERE userid != %d AND LOWER(email) = LOWER('%s') LIMIT 1", $userid, $edit['mail'])) > 0) {
+  if (db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE userid != %d AND LOWER(email) = LOWER('%s')", $userid, drupalvb_htmlspecialchars($edit['mail']))) > 0) {
     form_set_error('mail', t('The e-mail address %email is already registered. <a href="@password">Have you forgotten your password?</a>', array('%email' => $edit['mail'], '@password' => url('user/password'))));
   }
 }
@@ -322,7 +322,7 @@ function drupalvb_user_update($account, 
   global $user;
 
   // Update data if user exists.
-  if ($vbuser = db_fetch_array(drupalvb_db_query("SELECT userid, salt FROM {user} WHERE username = '%s' LIMIT 1", $account->name))) {
+  if ($vbuser = db_fetch_array(drupalvb_db_query("SELECT userid, salt FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($account->name)))) {
     // Merge current username, salt, and finally edited values into one array,
     // so usernames may be altered (if allowed).
     drupalvb_update_user($account, array_merge(array('name' => $account->name), $vbuser, $edit));
@@ -348,7 +348,7 @@ function drupalvb_user_update($account, 
  */
 function drupalvb_user_delete($account) {
   // If vBulletin user exists, delete user account, session and profile data.
-  if ($userid = db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE username = '%s'", $account->name))) {
+  if ($userid = db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($account->name)))) {
     drupalvb_db_query("DELETE FROM {session} WHERE userid = %d", $userid);
     drupalvb_db_query("DELETE FROM {user} WHERE userid = %d", $userid);
     drupalvb_db_query("DELETE FROM {userfield} WHERE userid = %d", $userid);
@@ -673,7 +673,7 @@ function drupalvb_block_info() {
     );
   }
   if ($display['pms']) {
-    $vbuser = db_fetch_array(drupalvb_db_query("SELECT pmtotal, pmunread FROM {user} WHERE username = '%s'", $user->name));
+    $vbuser = db_fetch_array(drupalvb_db_query("SELECT pmtotal, pmunread FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($user->name)));
     $rows[] = array(
       l(t('New private messages'), 'drupalvb/pms'),
       (int)$vbuser['pmunread'],
@@ -765,7 +765,7 @@ function drupalvb_private_messages() {
   $output = '<p>'. "Below is a list of private messages you have received.  You may click on a user's name to see their profile, a message's title to view it, or a reply link to message the user in return." . '</p>';
   $output .= l('View your inbox.', $vb_options['bburl'] .'/private.php');
 
-  $result = drupalvb_db_query("SELECT userid, username FROM {user} WHERE username = '%s'", $user->name);
+  $result = drupalvb_db_query("SELECT userid, username FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($user->name));
 
   // If user exists, then grab and display a list of PMs.
   if ($userinfo = db_fetch_array($result)) {
@@ -890,7 +890,7 @@ function drupalvb_privatemsg($message, $
     case 'sent':
       // Verify that recipient exists in vB.
       $recipient = user_load(array('uid' => $message->recipient));
-      if (!$userid = db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE username = '%s' LIMIT 1", $recipient->name))) {
+      if (!$userid = db_result(drupalvb_db_query("SELECT userid FROM {user} WHERE username = '%s'", drupalvb_htmlspecialchars($recipient->name)))) {
         if (!$userid = drupalvb_create_user($recipient, (array)$recipient)) {
           // Indicates duplicate username (should not happen).
           return;
