Don't write unfiltered POST data to database

[JustThomas]

Hi,

you have those lines in the function user_profile_field_save:

    if ( !isset( $_POST['ja_disable_user'] ) ) {
        $disabled = 0;
    } else {
        $disabled = $_POST['ja_disable_user'];
    }

    update_user_meta( $user_id, 'ja_disable_user', $disabled );

This writes the contents of $_POST['ja_disable_user'] directly to the database. You should avoid this and rather change the else block to

    } else {
        $disabled = 1;
    }

[jaredatch]

Yep, you are definitely right. I'll try to push an update out for this when I get time. Thanks for reporting.