WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix usermeta escaping. fixes #6750 

git-svn-id: http://svn.automattic.com/wordpress/trunk@7696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-04-16 18:23:48 +00:00
parent a60abc0904
commit 62d5105c5b
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wp-includes/user.php
View File

@ -179,17 +179,16 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
if ( is_string($meta_value) ) if ( is_string($meta_value) )
$meta_value = stripslashes($meta_value); $meta_value = stripslashes($meta_value);
$meta_value = maybe_serialize($meta_value); $meta_value = maybe_serialize($meta_value);
$meta_value = $wpdb->escape($meta_value);
if (empty($meta_value)) { if (empty($meta_value)) {
return delete_usermeta($user_id, $meta_key); return delete_usermeta($user_id, $meta_key);
} }
$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) ); $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
if ( !$cur ) { if ( !$cur ) {
$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
VALUES VALUES
( '$user_id', '$meta_key', '$meta_value' )"); ( %d, %s, %s )", $user_id, $meta_key, $meta_value) );
} else if ( $cur->meta_value != $meta_value ) { } else if ( $cur->meta_value != $meta_value ) {
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
} else { } else {