Sanitizes user field based on context.
Description
Possible context values are: ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’. The ‘display’ context is used by default. ‘attribute’ and ‘js’ contexts are treated like ‘display’ when calling filters.
Parameters
$fieldstringrequired- The user Object field name.
$valuemixedrequired- The user Object value.
$user_idintrequired- User ID.
$contextstringrequired- How to sanitize user fields. Looks for
'raw','edit','db','display','attribute'and'js'.
Source
$found_selected = false;
$parsed_args['selected'] = (int) $parsed_args['selected'];
foreach ( (array) $users as $user ) {
$user->ID = (int) $user->ID;
if ( $user->ID === $parsed_args['selected'] ) {
$found_selected = true;
}
}
if ( ! $found_selected ) {
$selected_user = get_userdata( $parsed_args['selected'] );
if ( $selected_user ) {
$users[] = $selected_user;
}
}
}
foreach ( (array) $users as $user ) {
if ( 'display_name_with_login' === $show ) {
/* translators: 1: User's display name, 2: User login. */
$display = sprintf( _x( '%1$s (%2$s)', 'user dropdown' ), $user->display_name, $user->user_login );
} elseif ( ! empty( $user->$show ) ) {
$display = $user->$show;
} else {
$display = '(' . $user->user_login . ')';
}
$_selected = selected( $user->ID, $parsed_args['selected'], false );
$output .= "\t<option value='$user->ID'$_selected>" . esc_html( $display ) . "</option>\n";
}
$output .= '</select>';
}
/**
* Filters the wp_dropdown_users() HTML output.
*
* @since 2.3.0
*
* @param string $output HTML output generated by wp_dropdown_users().
*/
$html = apply_filters( 'wp_dropdown_users', $output );
if ( $parsed_args['echo'] ) {
echo $html;
}
return $html;
}
/**
* Sanitizes user field based on context.
*
* Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The
* 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display'
* when calling filters.
*
* @since 2.3.0
*
* @param string $field The user Object field name.
* @param mixed $value The user Object value.
* @param int $user_id User ID.
* @param string $context How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display',
* 'attribute' and 'js'.
* @return mixed Sanitized value.
*/
function sanitize_user_field( $field, $value, $user_id, $context ) {
$int_fields = array( 'ID' );
if ( in_array( $field, $int_fields, true ) ) {
$value = (int) $value;
}
if ( 'raw' === $context ) {
return $value;
}
if ( ! is_string( $value ) && ! is_numeric( $value ) ) {
return $value;
}
$prefixed = str_contains( $field, 'user_' );
if ( 'edit' === $context ) {
if ( $prefixed ) {
/** This filter is documented in wp-includes/post.php */
$value = apply_filters( "edit_{$field}", $value, $user_id );
} else {
/**
* Filters a user field value in the 'edit' context.
*
* The dynamic portion of the hook name, `$field`, refers to the prefixed user
* field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
*
* @since 2.9.0
*
* @param mixed $value Value of the prefixed user field.
* @param int $user_id User ID.
*/
$value = apply_filters( "edit_user_{$field}", $value, $user_id );
Changelog
| Version | Description |
|---|---|
| 2.3.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.