Sanitizes a username, stripping out unsafe characters.
Description
Removes tags, percent-encoded characters, HTML entities, and if strict is enabled, will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, raw username (the username in the parameter), and the value of $strict as parameters for the ‘sanitize_user’ filter.
Parameters
$username
stringrequired- The username to be sanitized.
$strict
booloptional- If set to true, limits $username to specific characters.
Default:
false
Source
function sanitize_user( $username, $strict = false ) {
$raw_username = $username;
$username = wp_strip_all_tags( $username );
$username = remove_accents( $username );
// Remove percent-encoded characters.
$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
// Remove HTML entities.
$username = preg_replace( '/&.+?;/', '', $username );
// If strict, reduce to ASCII for max portability.
if ( $strict ) {
$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
}
$username = trim( $username );
// Consolidate contiguous whitespace.
$username = preg_replace( '|\s+|', ' ', $username );
/**
* Filters a sanitized username string.
*
* @since 2.0.1
*
* @param string $username Sanitized username.
* @param string $raw_username The username prior to sanitization.
* @param bool $strict Whether to limit the sanitization to specific characters.
*/
return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
}
Hooks
- apply_filters( ‘sanitize_user’,
string $username ,string $raw_username ,bool $strict ) Filters a sanitized username string.
Changelog
Version | Description |
---|---|
2.0.0 | Introduced. |
Here is the basic example of this function: