Only run stripslashes() on strings in update_usermeta(). Props stm. fixes #3240

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-28 07:07:38 +02:00 · 2006-10-14 05:35:27 +00:00 · 2006-10-14 05:35:27 +00:00 · 2d8ad48991
commit 2d8ad48991
parent 6651c29d96
1 changed files with 2 additions and 1 deletions
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -2278,7 +2278,8 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
 	$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);

 	// FIXME: usermeta data is assumed to be already escaped
-	$meta_value = stripslashes($meta_value);
+	if ( is_string($meta_value) )
+		$meta_value = stripslashes($meta_value);
 	$meta_value = maybe_serialize($meta_value);
 	$meta_value = $wpdb->escape($meta_value);