WordPress 3.3.2
[autoinstalls/wordpress.git] / wp-includes / capabilities.php
index 5a8224db877dc5877f7451e659a1f81425f23411..19bdaa48a06803a036f9942d2e5128ded42bb2ab 100644 (file)
@@ -487,10 +487,15 @@ class WP_User {
        static function get_data_by( $field, $value ) {
                global $wpdb;
 
-               if ( 'id' == $field )
+               if ( 'id' == $field ) {
+                       // Make sure the value is numeric to avoid casting objects, for example,
+                       // to int 1.
+                       if ( ! is_numeric( $value ) )
+                               return false;
                        $value = absint( $value );
-               else
+               } else {
                        $value = trim( $value );
+               }
 
                if ( !$value )
                        return false;