Sanitize only string and numeric fields in the user object. Props filosofo hakre. fixes #11509 for trunk

git-svn-id: https://develop.svn.wordpress.org/trunk@12511 602fd350-edb4-49c9-b593-d223f7449a82
2009-12-23 15:02:06 +00:00 · 2009-12-23 15:02:06 +00:00 · 4aee2f753b
parent af9fafc779
commit 4aee2f753b
1 changed files with 3 additions and 4 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -638,9 +638,8 @@ function sanitize_user_object($user, $context = 'display') {
 		else
 			$vars = get_object_vars($user);
 		foreach ( array_keys($vars) as $field ) {
-			if ( is_array($user->$field) )
-				continue;
-			$user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
+			if ( is_string($user->$field) || is_numeric($user->$field) ) 
+				$user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
 		}
 		$user->filter = $context;
 	} else {
@ -689,7 +688,7 @@ function sanitize_user_field($field, $value, $user_id, $context) {
 	if ( 'raw' == $context )
 		return $value;

-	if ( is_array($value) )
+	if ( !is_string($value) && !is_numeric($value) )
 		return $value;

 	$prefixed = false;