Ticket #26805: 26805.diff
File 26805.diff, 854 bytes (added by , 9 years ago) |
---|
-
wp-admin/user-edit.php
134 134 if ( is_multisite() ) { 135 135 $user = get_userdata( $user_id ); 136 136 137 if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ]) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) {137 if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( wp_unslash( $_POST[ 'email' ] ) ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) { 138 138 $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) ); 139 139 } 140 140 }