sanitize_user_field() – Sanitize user field based on context.

You appear to be a bot. Output may be restricted

Description

Sanitizes user field based on context.

Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display' when calling filters.

Usage

$mixed = sanitize_user_field( $field, $value, $user_id, $context );

Parameters

$field
( string ) required – The user Object field name.
$value
( mixed ) required – The user Object value.
$user_id
( int ) required – User ID.
$context
( string ) required – How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display', 'attribute' and 'js'.

Returns

mixed Sanitized value.

Source

File name: wordpress/wp-includes/user.php
Lines:

1 to 100 of 101
function sanitize_user_field( $field, $value, $user_id, $context ) {
  $int_fields = array( 'ID' );
  if ( in_array( $field, $int_fields, true ) ) {
    $value = (int) $value;
  }

  if ( 'raw' === $context ) {
    return $value;
  }

  if ( ! is_string( $value ) && ! is_numeric( $value ) ) {
    return $value;
  }

  $prefixed = false !== strpos( $field, 'user_' );

  if ( 'edit' === $context ) {
    if ( $prefixed ) {

      
/** This filter is documented in wp-includes/post.php */
      $value = apply_filters( "edit_{$field}", $value, $user_id );
    } else {

      
/**
 * Filters a user field value in the 'edit' context.
 *
 * The dynamic portion of the hook name, `$field`, refers to the prefixed user
 * field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
 *
 * @since 2.9.0
 *
 * @param mixed $value   Value of the prefixed user field.
 * @param int   $user_id User ID.
 */
      $value = apply_filters( "edit_user_{$field}", $value, $user_id );
    }

    if ( 'description' === $field ) {
      $value = esc_html( $value ); // textarea_escaped?
    } else {
      $value = esc_attr( $value );
    }
  } elseif ( 'db' === $context ) {
    if ( $prefixed ) {
      
/** This filter is documented in wp-includes/post.php */
      $value = apply_filters( "pre_{$field}", $value );
    } else {

      
/**
 * Filters the value of a user field in the 'db' context.
 *
 * The dynamic portion of the hook name, `$field`, refers to the prefixed user
 * field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
 *
 * @since 2.9.0
 *
 * @param mixed $value Value of the prefixed user field.
 */
      $value = apply_filters( "pre_user_{$field}", $value );
    }
  } else {
    // Use display filters by default.
    if ( $prefixed ) {

      
/** This filter is documented in wp-includes/post.php */
      $value = apply_filters( "{$field}", $value, $user_id, $context );
    } else {

      
/**
 * Filters the value of a user field in a standard context.
 *
 * The dynamic portion of the hook name, `$field`, refers to the prefixed user
 * field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
 *
 * @since 2.9.0
 *
 * @param mixed  $value   The user object value to sanitize.
 * @param int    $user_id User ID.
 * @param string $context The context to filter within.
 */
      $value = apply_filters( "user_{$field}", $value, $user_id, $context );
    }
  }

  if ( 'user_url' === $field ) {
    $value = esc_url( $value );
  }

  if ( 'attribute' === $context ) {
    $value = esc_attr( $value );
  } elseif ( 'js' === $context ) {
    $value = esc_js( $value );
  }

  // Restore the type for integer fields after esc_attr().
  if ( in_array( $field, $int_fields, true ) ) {
    $value = (int) $value;
  }

  return $value;
 

 View on GitHub View on Trac