[wp-hackers] add_magic_quotes fail
mark at simplercomputing.net
Wed Jan 26 21:17:11 UTC 2011
In the WordPress file wp-includes/functions.php, somewhere around line
1460, there is the function add_magic_quotes. That function does the
add_slashes to sanitize data.
However, when handling an array of data that includes objects within
objects, it will crash because the code is written to only expect arrays
For example, if a third-party plugin adds it's own object to the
WordPress user data object, then when a profile is edited the update
process will fail with a fatal error.
So I think add_magic_quotes ought to be modified to check for nested
objects, either that, or the WordPress code that handles updating user
profile data needs to handle it. One way or the other.
See registration.php around line 260, where we find this problem:
// First, get all of the original fields
$user = get_userdata($ID);
// Escape data pulled from DB.
$user = add_magic_quotes(get_object_vars($user));
More information about the wp-hackers