[wp-trac] [WordPress Trac] #5901: Inconsistent user option name sanitization

WordPress Trac wp-trac at lists.automattic.com
Mon Feb 18 18:19:19 GMT 2008


#5901: Inconsistent user option name sanitization
----------------------+-----------------------------------------------------
 Reporter:  filosofo  |       Owner:  anonymous                                                
     Type:  defect    |      Status:  new                                                      
 Priority:  normal    |   Milestone:  2.5                                                      
Component:  General   |     Version:  2.5                                                      
 Severity:  normal    |    Keywords:  update_user_option get_user_option has-patch sanitization
----------------------+-----------------------------------------------------
 {{{update_user_option}}} sanitizes the option name, because it sends the
 option to {{{update_usermeta}}} which does the sanitizing.  However,
 {{{get_user_option}}} doesn't sanitize the option name before checking
 whether the option is among the userdata.  So, if your option name has
 non-kosher characters, you'll never be able to retrieve it using
 {{{get_user_option}}}.

 The attached patch sanitizes the option in {{{get_user_option}}}.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5901>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list