Make WordPress Core

Ticket #26805: 26805.fix.diff

File 26805.fix.diff, 1.0 KB (added by boonebgorges, 6 years ago)
  • src/wp-admin/user-edit.php

    diff --git src/wp-admin/user-edit.php src/wp-admin/user-edit.php
    index f1e605bf03..419c62c0b3 100644
    switch ( $action ) { 
    151151                if ( is_multisite() ) {
    152152                        $user = get_userdata( $user_id );
    153153
    154                         if ( $user->user_login && isset( $_POST['email'] ) && is_email( $_POST['email'] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) {
    155                                 $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST['email'], $user_login ) );
     154                        $email = isset( $_POST['email'] ) ? wp_unslash( $_POST['email'] ) : '';
     155                        if ( $user->user_login && $email && is_email( $email ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) {
     156                                $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $email, $user->user_login ) );
    156157                        }
    157158                }
    158159