Use prepare(). Props Ben Ward.

git-svn-id: http://svn.automattic.com/wordpress/trunk@15340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-06-27 19:55:55 +00:00
parent 6b2be08f6b
commit c74ec2cca3
1 changed files with 2 additions and 2 deletions

View File

@ -286,14 +286,14 @@ switch ( $_GET['action'] ) {
unset( $_POST['role'] ); unset( $_POST['role'] );
$_POST['role'] = $newroles[ $userid ]; $_POST['role'] = $newroles[ $userid ];
if ( $pass != '' ) { if ( $pass != '' ) {
$cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" ); $cap = $wpdb->get_var( $wpdb->prepare( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
$userdata = get_userdata($userid); $userdata = get_userdata($userid);
$_POST['pass1'] = $_POST['pass2'] = $pass; $_POST['pass1'] = $_POST['pass2'] = $pass;
$_POST['email'] = $userdata->user_email; $_POST['email'] = $userdata->user_email;
$_POST['rich_editing'] = $userdata->rich_editing; $_POST['rich_editing'] = $userdata->rich_editing;
edit_user( $userid ); edit_user( $userid );
if ( $cap == null ) if ( $cap == null )
$wpdb->query( "DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" ); $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
} }
} }
unset( $_POST['role'] ); unset( $_POST['role'] );