[wp-trac] Re: [WordPress Trac] #9640: wp_update_user() blindly calls add_magic_quotes(), even on objects

WordPress Trac wp-trac at lists.automattic.com
Sun Apr 26 18:30:50 GMT 2009


#9640: wp_update_user() blindly calls add_magic_quotes(), even on objects
--------------------------+-------------------------------------------------
 Reporter:  misterbisson  |        Owner:          
     Type:  defect (bug)  |       Status:  reopened
 Priority:  normal        |    Milestone:          
Component:  Users         |      Version:          
 Severity:  normal        |   Resolution:          
 Keywords:                |  
--------------------------+-------------------------------------------------
Changes (by misterbisson):

  * status:  closed => reopened
  * resolution:  duplicate =>


Comment:

 Assuming you're considering this a dupe of #9638, I'd argue this ticket
 shouldn't be closed. add_magic_quotes () is indeed returning an error, but
 this behavior in registration.php is wrong:

 {{{
 // First, get all of the original fields
 $user=get_userdata($ID);

 // Escape data pulled from DB.
 $user=add_magic_quotes(get_object_vars($user));
 }}}

 get_userdata() is returning everything unserialized, including arrays and
 objects. Blindly calling add_magic_quotes() on that data is causing the
 problem in #9638, but the call to add_magic_quote() is probably
 unnecessary at this point.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9640#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list