sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use prepare(). Props Ben Ward.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@15340 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2010-06-27 19:55:55 +00:00
parent 494f898c39
commit ceab605169
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/ms-edit.php
View File

@ -286,14 +286,14 @@ switch ( $_GET['action'] ) {
unset( $_POST['role'] ); unset( $_POST['role'] );
$_POST['role'] = $newroles[ $userid ]; $_POST['role'] = $newroles[ $userid ];
if ( $pass != '' ) { if ( $pass != '' ) {
$cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" ); $cap = $wpdb->get_var( $wpdb->prepare( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
$userdata = get_userdata($userid); $userdata = get_userdata($userid);
$_POST['pass1'] = $_POST['pass2'] = $pass; $_POST['pass1'] = $_POST['pass2'] = $pass;
$_POST['email'] = $userdata->user_email; $_POST['email'] = $userdata->user_email;
$_POST['rich_editing'] = $userdata->rich_editing; $_POST['rich_editing'] = $userdata->rich_editing;
edit_user( $userid ); edit_user( $userid );
if ( $cap == null ) if ( $cap == null )
$wpdb->query( "DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" ); $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
} }
} }
unset( $_POST['role'] ); unset( $_POST['role'] );