sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix usermeta escaping. fixes #6750 

git-svn-id: https://develop.svn.wordpress.org/trunk@7696 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2008-04-16 18:23:48 +00:00
parent 860c60d05b
commit de590e4055
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wp-includes/user.php
View File

@ -179,17 +179,16 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
if ( is_string($meta_value) )
$meta_value = stripslashes($meta_value);
$meta_value = maybe_serialize($meta_value);
$meta_value = $wpdb->escape($meta_value);
if (empty($meta_value)) {
return delete_usermeta($user_id, $meta_key);
}
$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
if ( !$cur ) {
$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
VALUES
( '$user_id', '$meta_key', '$meta_value' )");
( %d, %s, %s )", $user_id, $meta_key, $meta_value) );
} else if ( $cur->meta_value != $meta_value ) {
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
} else {