X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/5aa86a9053fb0fa15846bb60aac2fb8fdfff524a..bf5c68485ef07868ad0a91168ecd0092af7661ae:/wp-includes/capabilities.php?ds=sidebyside

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index 5a8224db..19bdaa48 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -487,10 +487,15 @@ class WP_User {
 	static function get_data_by( $field, $value ) {
 		global $wpdb;
 
-		if ( 'id' == $field )
+		if ( 'id' == $field ) {
+			// Make sure the value is numeric to avoid casting objects, for example,
+			// to int 1.
+			if ( ! is_numeric( $value ) )
+				return false;
 			$value = absint( $value );
-		else
+		} else {
 			$value = trim( $value );
+		}
 
 		if ( !$value )
 			return false;