WordPress.org

Make WordPress Core

Changeset 7696


Ignore:
Timestamp:
04/16/2008 06:23:48 PM (10 years ago)
Author:
ryan
Message:

Fix usermeta escaping. fixes #6750

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/user.php

    r7692 r7696  
    180180        $meta_value = stripslashes($meta_value);
    181181    $meta_value = maybe_serialize($meta_value);
    182     $meta_value = $wpdb->escape($meta_value);
    183182
    184183    if (empty($meta_value)) {
     
    186185    }
    187186
    188     $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
     187    $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
    189188    if ( !$cur ) {
    190         $wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
     189        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
    191190        VALUES
    192         ( '$user_id', '$meta_key', '$meta_value' )");
     191        ( %d, %s, %s )", $user_id, $meta_key, $meta_value) );
    193192    } else if ( $cur->meta_value != $meta_value ) {
    194193        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
Note: See TracChangeset for help on using the changeset viewer.