[wp-trac] Re: [WordPress Trac] #9640: wp_update_user() blindly calls
add_magic_quotes(), even on objects
WordPress Trac
wp-trac at lists.automattic.com
Sun Apr 26 18:30:50 GMT 2009
#9640: wp_update_user() blindly calls add_magic_quotes(), even on objects
--------------------------+-------------------------------------------------
Reporter: misterbisson | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Users | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Changes (by misterbisson):
* status: closed => reopened
* resolution: duplicate =>
Comment:
Assuming you're considering this a dupe of #9638, I'd argue this ticket
shouldn't be closed. add_magic_quotes () is indeed returning an error, but
this behavior in registration.php is wrong:
{{{
// First, get all of the original fields
$user=get_userdata($ID);
// Escape data pulled from DB.
$user=add_magic_quotes(get_object_vars($user));
}}}
get_userdata() is returning everything unserialized, including arrays and
objects. Blindly calling add_magic_quotes() on that data is causing the
problem in #9638, but the call to add_magic_quote() is probably
unnecessary at this point.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9640#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list