[wp-trac] Re: [WordPress Trac] #9640: wp_update_user() blindly calls
add_magic_quotes(), even on objects
WordPress Trac
wp-trac at lists.automattic.com
Wed Apr 29 23:51:39 GMT 2009
#9640: wp_update_user() blindly calls add_magic_quotes(), even on objects
--------------------------+-------------------------------------------------
Reporter: misterbisson | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 2.8
Component: Users | Version: 2.8
Severity: normal | Resolution:
Keywords: dev-feedback |
--------------------------+-------------------------------------------------
Comment(by Denis-de-Bernardy):
Replying to [comment:11 hakre]:
> well, i would say you are right, but you need to know the circumstances,
this _is_ the way to got for wordpress code:
>
> registration.php (as noted above):
>
> {{{
> // First, get all of the original fields
> $user=get_userdata($ID);
>
> // Escape data pulled from DB.
> $user=add_magic_quotes(get_object_vars($user));
> }}}
this is a $user and not a $user_meta, no? If anything, this means the
above code is wrong too, and needs to be fixed as well -- due to the fact
that the user_meta containing an object will the be smashed by
add_magic_quotes as well.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9640#comment:12>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list