Make WordPress Core

Changeset 29339


Ignore:
Timestamp:
08/01/2014 05:09:53 PM (10 years ago)
Author:
wonderboymusic
Message:

Bail on update_user_meta() when $object_id is non-numeric.

Adds unit test.

Props jacklenox, wonderboymusic.
Fixes #28315.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/meta.php

    r28712 r29339  
    138138        return false;
    139139
    140     if ( !$object_id = absint($object_id) )
    141         return false;
     140    if ( ! is_numeric( $object_id ) || ! $object_id = absint( $object_id ) ) {
     141        return false;
     142    }
    142143
    143144    if ( ! $table = _get_meta_table($meta_type) )
  • trunk/tests/phpunit/tests/user.php

    r25440 r29339  
    628628        $this->assertInstanceOf( 'WP_Error', wp_update_user( array( 'ID' => $user_id ) ) );
    629629    }
     630
     631    /**
     632     * @ticket 28315
     633     */
     634    function test_user_meta_error() {
     635        $this->factory->user->create( array( 'user_email' => 'taco@burrito.com' ) );
     636        $id = $this->factory->user->create( array( 'user_email' => 'taco@burrito.com' ) );
     637
     638        $this->assertWPError( $id );
     639        @update_user_meta( $id, 'key', 'value' );
     640
     641        $metas = array_keys( get_user_meta( 1 ) );
     642        $this->assertNotContains( 'key', $metas );
     643    }
    630644}
Note: See TracChangeset for help on using the changeset viewer.