Make WordPress Core


Ignore:
Timestamp:
10/12/2006 11:54:36 PM (17 years ago)
Author:
markjaquith
Message:

Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r4339 r4382  
    7979    if ($metavalues) {
    8080        foreach ( $metavalues as $meta ) {
    81             @ $value = unserialize($meta->meta_value);
    82             if ($value === FALSE)
    83                 $value = $meta->meta_value;
     81            $value = maybe_unserialize($meta->meta_value);
    8482            $user->{$meta->meta_key} = $value;
    8583
     
    132130    if ($metavalues) {
    133131        foreach ( $metavalues as $meta ) {
    134             @ $value = unserialize($meta->meta_value);
    135             if ($value === FALSE)
    136                 $value = $meta->meta_value;
     132            $value = maybe_unserialize($meta->meta_value);
    137133            $user->{$meta->meta_key} = $value;
    138134
Note: See TracChangeset for help on using the changeset viewer.