[wp-trac] [WordPress Trac] #7928: WP fails if object data is stored
in the usermeta table
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 20 07:02:24 GMT 2008
#7928: WP fails if object data is stored in the usermeta table
----------------------------+-----------------------------------------------
Reporter: markedwards | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.7
Component: Administration | Version: 2.6.1
Severity: normal | Keywords: profiles, users, edit,
----------------------------+-----------------------------------------------
Tested on WP 2.6.2:
When adding custom fields to a user profile page via a plugin, the plugiin
cannot store the data as an object in the usermeta table.
The first time a profile is updated all goes well because the plugin's
object data is not in the database yet when WP loads all the user's data
during an update. But, after updating the profile the first time WP then
fails to during the update process on subsequent profile update attempts.
The reason is that before WP calls any actions attached to the profile
page via plugin WP first loads all the user data from the usermeta table.
That includes any data stored by plugins for the given user. After loading
the data WP then tries to either add magic quotes or add slashes to the
data in the add_magic_quotes function in wp-includes/functions.php as seen
below:
function add_magic_quotes( $array ) {
global $wpdb;
foreach ( $array as $k => $v ) {
if ( is_array( $v ) ) {
$array[$k] = add_magic_quotes( $v );
} else {
$array[$k] = $wpdb->escape( $v );
}
}
return $array;
}
The function is missing a vital check for objects [ which of course cannot
be passed into addslashes via $wpdb->escape() ] oand therefore that
function always causes an error in PHP if a plugin has stored user data as
an object in the usermeta table. The corrected function is seen below,
which works fine and allows plugins to attach object data to a profile and
store the object in the usermeta table.
function add_magic_quotes( $array ) {
global $wpdb;
foreach ( $array as $k => $v ) {
if (is_object($v)) return $array;
if ( is_array( $v ) ) {
$array[$k] = add_magic_quotes( $v );
} else {
$array[$k] = $wpdb->escape( $v );
}
}
return $array;
}
Please fix this in the next version of WP. The code below will probably
demonstrate the problem. Make it a plugin, activate it, then update the
user profile at least twice and WP should fail.
<?php
class myclass() {
var $a;
var $b;
var $c;
}
function so_update_usermeta() {
$d = get_usermeta(1,'so_user_data');
if (!$d) $d = new myclass();
$d->a = 1;
$d->b = 1;
$d->c = 1;
update_usermeta(1,$d);
}
add_action('profile_update','so_update_usermeta');
?>
This bug hampers plugin development since developers have to use strings
or arrays, which leads to more code and processing overhead... one line of
code fixes that problem and saves countless CPU cycles.
--
Ticket URL: <http://trac.wordpress.org/ticket/7928>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list