Make WordPress Core

Ticket #26805: 26805.diff

File 26805.diff, 854 bytes (added by loganville, 9 years ago)
  • wp-admin/user-edit.php

     
    134134if ( is_multisite() ) {
    135135        $user = get_userdata( $user_id );
    136136
    137         if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) {
     137        if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( wp_unslash( $_POST[ 'email' ] ) ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) {
    138138                $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) );
    139139        }
    140140}