WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/13/2006 12:24:51 AM (15 years ago)
Author:
markjaquith
Message:

Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-includes/pluggable-functions.php

    r4287 r4384  
    7979    if ($metavalues) {
    8080        foreach ( $metavalues as $meta ) {
    81             @ $value = unserialize($meta->meta_value);
    82             if ($value === FALSE)
    83                 $value = $meta->meta_value;
     81            $value = maybe_unserialize($meta->meta_value);
    8482            $user->{$meta->meta_key} = $value;
    8583
     
    132130    if ($metavalues) {
    133131        foreach ( $metavalues as $meta ) {
    134             @ $value = unserialize($meta->meta_value);
    135             if ($value === FALSE)
    136                 $value = $meta->meta_value;
     132            $value = maybe_unserialize($meta->meta_value);
    137133            $user->{$meta->meta_key} = $value;
    138134
Note: See TracChangeset for help on using the changeset viewer.