From d510632e9f07cec9ac3de3b5dafc56bd58c81b8a Mon Sep 17 00:00:00 2001
From: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>
Date: Tue, 7 Nov 2006 12:37:04 +0000
Subject: WP Merge

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@804 7be80a69-a1ef-0310-a953-fb0f7c49ff36
---
 wp-includes/user.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'wp-includes/user.php')

diff --git a/wp-includes/user.php b/wp-includes/user.php
index bdf537d..d5828bb 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -114,9 +114,11 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
 		return false;
 	$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
 
-	if ( is_array($meta_value) || is_object($meta_value) )
-		$meta_value = serialize($meta_value);
-	$meta_value = trim( $meta_value );
+	// FIXME: usermeta data is assumed to be already escaped
+	if ( is_string($meta_value) )
+		$meta_value = stripslashes($meta_value);
+	$meta_value = maybe_serialize($meta_value);
+	$meta_value = $wpdb->escape($meta_value);
 
 	if (empty($meta_value)) {
 		return delete_usermeta($user_id, $meta_key);
@@ -166,4 +168,4 @@ function setup_userdata($user_id = '') {
 	$user_identity	= $user->display_name;
 }
 
-?>
\ No newline at end of file
+?>
-- 
cgit