From c74ec2cca392c14dc38aa13b0e8e29043e467bd8 Mon Sep 17 00:00:00 2001 From: ryan Date: Sun, 27 Jun 2010 19:55:55 +0000 Subject: [PATCH] Use prepare(). Props Ben Ward. git-svn-id: http://svn.automattic.com/wordpress/trunk@15340 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/ms-edit.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index a4c131ed80..832ce7ab4b 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -286,14 +286,14 @@ switch ( $_GET['action'] ) { unset( $_POST['role'] ); $_POST['role'] = $newroles[ $userid ]; if ( $pass != '' ) { - $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" ); + $cap = $wpdb->get_var( $wpdb->prepare( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) ); $userdata = get_userdata($userid); $_POST['pass1'] = $_POST['pass2'] = $pass; $_POST['email'] = $userdata->user_email; $_POST['rich_editing'] = $userdata->rich_editing; edit_user( $userid ); if ( $cap == null ) - $wpdb->query( "DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" ); + $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) ); } } unset( $_POST['role'] );