[wp-trac] [WordPress Trac] #2490: update_usermeta does not escape
meta data
WordPress Trac
wp-trac at lists.automattic.com
Mon Feb 20 23:01:55 GMT 2006
#2490: update_usermeta does not escape meta data
-----------------------+----------------------------------------------------
Id: 2490 | Status: new
Component: General | Modified: Mon Feb 20 23:01:55 2006
Severity: normal | Milestone:
Priority: normal | Version: 2.0.1
Owner: anonymous | Reporter: kccricket
-----------------------+----------------------------------------------------
update_usermeta does not escape any of the data passed to it.
I ran into this issue while attempting to pass an array that contains a
value that contains an apostrophe to update_usermeta. This raises a WPDB
error. The array is serialized by the function, but the apostrophes are
not properly escaped, malforming the SQL query.
If the data in the array is escaped before being passed to
update_usermeta, the query completes successfully. However, when the
array is retrieved with get_usermeta, it is not unserialized and is
returned as a string instead of an array.
update_option works as expected and does not exhibit this behavior.
--
Ticket URL: <http://trac.wordpress.org/ticket/2490>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list