Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Sanitize only string and numeric fields in the user object. Props fil…

…osofo hakre. fixes #11509 for 2.9

git-svn-id: http://svn.automattic.com/wordpress/branches/2.9@12512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
commit c2d8b7f9b508487277a21598853d35ea6c439960 1 parent c7b4b84
ryan authored
Showing with 3 additions and 4 deletions.
  1. +3 −4 wp-includes/user.php
View
7 wp-includes/user.php
@@ -638,9 +638,8 @@ function sanitize_user_object($user, $context = 'display') {
else
$vars = get_object_vars($user);
foreach ( array_keys($vars) as $field ) {
- if ( is_array($user->$field) )
- continue;
- $user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
+ if ( is_string($user->$field) || is_numeric($user->$field) )
+ $user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
}
$user->filter = $context;
} else {
@@ -689,7 +688,7 @@ function sanitize_user_field($field, $value, $user_id, $context) {
if ( 'raw' == $context )
return $value;
- if ( is_array($value) )
+ if ( !is_string($value) && !is_numeric($value) )
return $value;
$prefixed = false;
Please sign in to comment.
Something went wrong with that request. Please try again.