sanitize_user() – Sanitizes a username, stripping out unsafe characters.

Description

Sanitizes a username, stripping out unsafe characters.

Removes tags, octets, entities, and if strict is enabled, will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, raw username (the username in the parameter), and the value of $strict as parameters for the sanitize_user filter.

Usage

$string = sanitize_user( $username, $strict );

Parameters

$username
( string ) required – The username to be sanitized.
$strict
( bool ) optional – Optional. If set limits $username to specific characters. Default false.

Returns

string The sanitized username, after passing through filters.

Source

File name: wordpress/wp-includes/formatting.php
Lines:

1 to 29 of 29
function sanitize_user( $username, $strict = false ) {
  $raw_username = $username;
  $username     = wp_strip_all_tags( $username );
  $username     = remove_accents( $username );
  // Kill octets.
  $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
  // Kill entities.
  $username = preg_replace( '/&.+?;/', '', $username );

  // If strict, reduce to ASCII for max portability.
  if ( $strict ) {
    $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
  }

  $username = trim( $username );
  // Consolidate contiguous whitespace.
  $username = preg_replace( '|\s+|', ' ', $username );

  
/**
 * Filters a sanitized username string.
 *
 * @since 2.0.1
 *
 * @param string $username     Sanitized username.
 * @param string $raw_username The username prior to sanitization.
 * @param bool   $strict       Whether to limit the sanitization to specific characters.
 */
  return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
}
 

 View on GitHub View on Trac

Called by

    Invoked by

      Calls

      Call hooks

      API Letters: ,