mirror of
https://github.com/WordPress/WordPress.git
synced 2024-09-28 15:17:42 +02:00
Bail on update_user_meta()
when $object_id
is non-numeric.
Adds unit test. Props jacklenox, wonderboymusic. Fixes #28315. Built from https://develop.svn.wordpress.org/trunk@29339 git-svn-id: http://core.svn.wordpress.org/trunk@29119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
23905f1616
commit
0d2a5c437e
@ -137,8 +137,9 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
|
||||
if ( !$meta_type || !$meta_key )
|
||||
return false;
|
||||
|
||||
if ( !$object_id = absint($object_id) )
|
||||
if ( ! is_numeric( $object_id ) || ! $object_id = absint( $object_id ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ( ! $table = _get_meta_table($meta_type) )
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user