From a38422685cb2919a6b587fc773e6c2fc34364034 Mon Sep 17 00:00:00 2001
From: jaswsinc <jas@wsharks.com>
Date: Thu, 4 Jun 2015 16:58:41 -0800
Subject: [PATCH] Security hardending. Prevent empty array search.
 https://github.com/websharks/comment-mail/issues/85

---
 comment-mail-pro/includes/classes/utils-sub.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/comment-mail-pro/includes/classes/utils-sub.php b/comment-mail-pro/includes/classes/utils-sub.php
index fd83f9b..12bbce4 100644
--- a/comment-mail-pro/includes/classes/utils-sub.php
+++ b/comment-mail-pro/includes/classes/utils-sub.php
@@ -697,7 +697,9 @@ public function last_x($x = 0, $post_id = NULL, array $args = array())
 					       ? ($sub_email_or_user_ids // Email or user IDs?
 						       ? " AND (`email` = '".esc_sql($sub_email)."'".
 						         (isset($user_id) ? " OR `user_id` = '".esc_sql($user_id)."'" : '').
-						         "    OR `user_id` IN('".implode("','", array_map('esc_sql', $this->email_user_ids($sub_email, $no_cache)))."'))"
+						         (($_sub_email_user_ids = $this->email_user_ids($sub_email, $no_cache))
+						             ? " OR `user_id` IN('".implode("','", array_map('esc_sql', $_sub_email_user_ids))."')"
+						             : '').')' // ↑ Only if we DO have user IDs to look for.
 						       : " AND `email` = '".esc_sql($sub_email)."'")
 					       : ''). // End `sub_email` check.