diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-11-07 12:37:04 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-11-07 12:37:04 +0000 |
| commit | d510632e9f07cec9ac3de3b5dafc56bd58c81b8a (patch) | |
| tree | b4944ea6ceed3a73977f9edeae40f8174a4bab29 /wp-includes/user.php | |
| parent | 74e848ef222ada441de10e1db012988d1904b3ca (diff) | |
| download | wordpress-mu-d510632e9f07cec9ac3de3b5dafc56bd58c81b8a.tar.gz wordpress-mu-d510632e9f07cec9ac3de3b5dafc56bd58c81b8a.tar.xz wordpress-mu-d510632e9f07cec9ac3de3b5dafc56bd58c81b8a.zip | |
WP Merge
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@804 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/user.php')
| -rw-r--r-- | wp-includes/user.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/wp-includes/user.php b/wp-includes/user.php index bdf537d..d5828bb 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -114,9 +114,11 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) { return false; $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key); - if ( is_array($meta_value) || is_object($meta_value) ) - $meta_value = serialize($meta_value); - $meta_value = trim( $meta_value ); + // FIXME: usermeta data is assumed to be already escaped + if ( is_string($meta_value) ) + $meta_value = stripslashes($meta_value); + $meta_value = maybe_serialize($meta_value); + $meta_value = $wpdb->escape($meta_value); if (empty($meta_value)) { return delete_usermeta($user_id, $meta_key); @@ -166,4 +168,4 @@ function setup_userdata($user_id = '') { $user_identity = $user->display_name; } -?>
\ No newline at end of file +?> |