From de590e40553c9a4914eda138d7c4bb4b656f1e2b Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 16 Apr 2008 18:23:48 +0000
Subject: [PATCH] Fix usermeta escaping. fixes #6750

git-svn-id: https://develop.svn.wordpress.org/trunk@7696 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/user.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/wp-includes/user.php b/wp-includes/user.php
index 63b5ec500d..15da2386ac 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -179,17 +179,16 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
 	if ( is_string($meta_value) )
 		$meta_value = stripslashes($meta_value);
 	$meta_value = maybe_serialize($meta_value);
-	$meta_value = $wpdb->escape($meta_value);
 
 	if (empty($meta_value)) {
 		return delete_usermeta($user_id, $meta_key);
 	}
 
-	$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
+	$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
 	if ( !$cur ) {
-		$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
+		$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
 		VALUES
-		( '$user_id', '$meta_key', '$meta_value' )");
+		( %d, %s, %s )", $user_id, $meta_key, $meta_value) );
 	} else if ( $cur->meta_value != $meta_value ) {
 		$wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
 	} else {