id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 11509 sanitize_user_object() throws fatal error on user property objects filosofo ryan "Suppose a plugin has serialized an object and saved it as user-meta data. (I'm not saying this is a good idea, but other people are doing it). {{{get_user_to_edit()}}} gets the user data as an object with that now-unserialized-object as a property of the user object. Then it passes the user object to {{{sanitize_user_object()}}}. {{{sanitize_user_object()}}} currently loops through each property of the user object and if the property is not an array, it attempts to sanitize it. When the property is an object, you get a fatal error trying to cast the object to a string. My patch, rather than excluding arrays, only attempts to sanitize things that are strings or numbers. You're probably thinking, ""if checking for objects is the problem, why not just call {{{is_object()}}}?"" The problem is that if the serialized object is of an object type that is no longer defined, {{{is_object()}}} returns false. This could happen in the case in which a plugin saves the serialized object as user meta data, and then the plugin is deactivated. Then you end up with something that's a {{{__PHP_Incomplete_Class}}}, a non-object object. " defect (bug) closed normal 2.9.1 Users 2.9 normal fixed sanitize_user_object has-patch