Only run stripslashes() on strings in update_usermeta(). Props stm. fixes #3240

git-svn-id: http://svn.automattic.com/wordpress/trunk@4396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-26 06:45:07 +02:00 · 2006-10-14 05:35:50 +00:00 · 2006-10-14 05:35:50 +00:00 · 997b5c7c3b
commit 997b5c7c3b
parent fd5492d87b
1 changed files with 2 additions and 1 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -115,7 +115,8 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
 	$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);

 	// FIXME: usermeta data is assumed to be already escaped
-	$meta_value = stripslashes($meta_value);
+	if ( is_string($meta_value) )
+		$meta_value = stripslashes($meta_value);
 	$meta_value = maybe_serialize($meta_value);
 	$meta_value = $wpdb->escape($meta_value);