Make WordPress Core


Ignore:
Timestamp:
07/29/2013 06:16:47 PM (11 years ago)
Author:
duck_
Message:

Fix potential SQLi through improper use of API functions.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ms.php

    r24813 r24875  
    372372        _deprecated_argument( __FUNCTION__, '3.1' );
    373373
    374     $wpdb->update( $wpdb->users, array( $pref => $value ), array( 'ID' => $id ) );
     374    $wpdb->update( $wpdb->users, array( sanitize_key( $pref ) => $value ), array( 'ID' => $id ) );
    375375
    376376    $user = new WP_User( $id );
Note: See TracChangeset for help on using the changeset viewer.