WordPress.org

Make WordPress Core

Changeset 7696


Ignore:
Timestamp:
04/16/08 18:23:48 (6 years ago)
Author:
ryan
Message:

Fix usermeta escaping. fixes #6750

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/user.php

    r7692 r7696  
    180180        $meta_value = stripslashes($meta_value); 
    181181    $meta_value = maybe_serialize($meta_value); 
    182     $meta_value = $wpdb->escape($meta_value); 
    183182 
    184183    if (empty($meta_value)) { 
     
    186185    } 
    187186 
    188     $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) ); 
     187    $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 
    189188    if ( !$cur ) { 
    190         $wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) 
     189        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) 
    191190        VALUES 
    192         ( '$user_id', '$meta_key', '$meta_value' )"); 
     191        ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); 
    193192    } else if ( $cur->meta_value != $meta_value ) { 
    194193        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); 
Note: See TracChangeset for help on using the changeset viewer.