Permalink
Browse files

Sanitize only string and numeric fields in the user object. Props fil…

…osofo hakre. fixes #11509 for 2.9

git-svn-id: http://svn.automattic.com/wordpress/branches/2.9@12512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent c7b4b84 commit c2d8b7f9b508487277a21598853d35ea6c439960 ryan committed Dec 23, 2009
Showing with 3 additions and 4 deletions.
  1. +3 −4 wp-includes/user.php
View
@@ -638,9 +638,8 @@ function sanitize_user_object($user, $context = 'display') {
else
$vars = get_object_vars($user);
foreach ( array_keys($vars) as $field ) {
- if ( is_array($user->$field) )
- continue;
- $user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
+ if ( is_string($user->$field) || is_numeric($user->$field) )
+ $user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
}
$user->filter = $context;
} else {
@@ -689,7 +688,7 @@ function sanitize_user_field($field, $value, $user_id, $context) {
if ( 'raw' == $context )
return $value;
- if ( is_array($value) )
+ if ( !is_string($value) && !is_numeric($value) )
return $value;
$prefixed = false;

0 comments on commit c2d8b7f

Please sign in to comment.