Make WordPress Core


Ignore:
Timestamp:
07/29/2013 06:18:58 PM (11 years ago)
Author:
duck_
Message:

Fix potential SQLi through improper use of API functions. For 3.6.

Location:
branches/3.6
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.6

  • branches/3.6/wp-admin/includes/ms.php

    r24245 r24876  
    372372        _deprecated_argument( __FUNCTION__, '3.1' );
    373373
    374     $wpdb->update( $wpdb->users, array( $pref => $value ), array( 'ID' => $id ) );
     374    $wpdb->update( $wpdb->users, array( sanitize_key( $pref ) => $value ), array( 'ID' => $id ) );
    375375
    376376    $user = new WP_User( $id );
Note: See TracChangeset for help on using the changeset viewer.