diff options
Diffstat (limited to 'wp-includes/user.php')
| -rw-r--r-- | wp-includes/user.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/wp-includes/user.php b/wp-includes/user.php index bdf537d..d5828bb 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -114,9 +114,11 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) { return false; $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key); - if ( is_array($meta_value) || is_object($meta_value) ) - $meta_value = serialize($meta_value); - $meta_value = trim( $meta_value ); + // FIXME: usermeta data is assumed to be already escaped + if ( is_string($meta_value) ) + $meta_value = stripslashes($meta_value); + $meta_value = maybe_serialize($meta_value); + $meta_value = $wpdb->escape($meta_value); if (empty($meta_value)) { return delete_usermeta($user_id, $meta_key); @@ -166,4 +168,4 @@ function setup_userdata($user_id = '') { $user_identity = $user->display_name; } -?>
\ No newline at end of file +?> |