Sanitize only string and numeric fields in the user object. Props filosofo hakre. fixes #11509 for trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@12511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-26 23:04:57 +02:00 · 2009-12-23 15:02:06 +00:00 · 2009-12-23 15:02:06 +00:00 · ca9d676eef
commit ca9d676eef
parent 36d9a3677e
1 changed files with 3 additions and 4 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -638,9 +638,8 @@ function sanitize_user_object($user, $context = 'display') {
 		else
 			$vars = get_object_vars($user);
 		foreach ( array_keys($vars) as $field ) {
-			if ( is_array($user->$field) )
-				continue;
-			$user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
+			if ( is_string($user->$field) || is_numeric($user->$field) ) 
+				$user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context);
 		}
 		$user->filter = $context;
 	} else {
@ -689,7 +688,7 @@ function sanitize_user_field($field, $value, $user_id, $context) {
 	if ( 'raw' == $context )
 		return $value;

-	if ( is_array($value) )
+	if ( !is_string($value) && !is_numeric($value) )
 		return $value;

 	$prefixed = false;