From 4aee2f753b3dd39b3640393707231561450cb4b4 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 23 Dec 2009 15:02:06 +0000
Subject: [PATCH] Sanitize only string and numeric fields in the user object.
 Props filosofo hakre. fixes #11509 for trunk

git-svn-id: https://develop.svn.wordpress.org/trunk@12511 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/user.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/wp-includes/user.php b/wp-includes/user.php
index 749558895d..71fd7a3222 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -638,9 +638,8 @@ function sanitize_user_object($user, $context = 'display') {
 		else
 			$vars = get_object_vars($user);
 		foreach ( array_keys($vars) as $field ) {
-			if ( is_array($user->$field) )
-				continue;
-			$user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
+			if ( is_string($user->$field) || is_numeric($user->$field) ) 
+				$user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
 		}
 		$user->filter = $context;
 	} else {
@@ -689,7 +688,7 @@ function sanitize_user_field($field, $value, $user_id, $context) {
 	if ( 'raw' == $context )
 		return $value;
 
-	if ( is_array($value) )
+	if ( !is_string($value) && !is_numeric($value) )
 		return $value;
 
 	$prefixed = false;