sanitize_user( string $username, bool $strict = false ): string
Sanitizes a username, stripping out unsafe characters.
Description
Removes tags, octets, entities, and if strict is enabled, will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, raw username (the username in the parameter), and the value of $strict as parameters for the ‘sanitize_user’ filter.
Parameters
$usernamestring Required-
The username to be sanitized.
$strictbool Optional-
If set limits $username to specific characters.
Default:
false
Return
string The sanitized username, after passing through filters.
Source
File: wp-includes/formatting.php. View all references
function sanitize_user( $username, $strict = false ) {
$raw_username = $username;
$username = wp_strip_all_tags( $username );
$username = remove_accents( $username );
// Kill octets.
$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
// Kill entities.
$username = preg_replace( '/&.+?;/', '', $username );
// If strict, reduce to ASCII for max portability.
if ( $strict ) {
$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
}
$username = trim( $username );
// Consolidate contiguous whitespace.
$username = preg_replace( '|\s+|', ' ', $username );
/**
* Filters a sanitized username string.
*
* @since 2.0.1
*
* @param string $username Sanitized username.
* @param string $raw_username The username prior to sanitization.
* @param bool $strict Whether to limit the sanitization to specific characters.
*/
return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
}
Hooks
- apply_filters( 'sanitize_user',
string $username ,string $raw_username ,bool $strict ) -
Filters a sanitized username string.
Related
Uses
| Uses | Description |
|---|---|
| wp_strip_all_tags() wp-includes/formatting.php | Properly strips all HTML tags including script and style |
| remove_accents() wp-includes/formatting.php | Converts all accent characters to ASCII characters. |
| apply_filters() wp-includes/plugin.php | Calls the callback functions that have been added to a filter hook. |
Used By
| Used By | Description |
|---|---|
| wp_normalize_site_data() wp-includes/ms-site.php | Normalizes data for a site prior to inserting or updating in the database. |
| display_setup_form() wp-admin/install.php | Displays installer setup form. |
| edit_user() wp-admin/includes/user.php | Edit user settings based on contents of $_POST |
| WP_User::get_data_by() wp-includes/class-wp-user.php | Returns only the main user fields. |
| wp_authenticate() wp-includes/pluggable.php | Authenticates a user, confirming the login credentials are valid. |
| register_new_user() wp-includes/user.php | Handles registering a new user. |
| validate_username() wp-includes/user.php | Checks whether a username is valid. |
| wp_insert_user() wp-includes/user.php | Inserts a user into the database. |
| wpmu_create_user() wp-includes/ms-functions.php | Creates a user. |
| wpmu_validate_user_signup() wp-includes/ms-functions.php | Sanitizes and validates data required for a user sign-up. |
| wpmu_signup_user() wp-includes/ms-functions.php | Records user signup information for future activation. |
Changelog
| Version | Description |
|---|---|
| 2.0.0 | Introduced. |
© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/sanitize_user