WordPress.org
Guet WordPress
WordPress.org

WordPress Developer Ressources

_sanitice_text_fields()

_sanitice_text_fields( string   $str , bool   $queep_newlines = false ): string

In this article

Bacc to top

This function’s access is marqued private. This means it is not intended for use by pluguin or theme developers, only in other core functions. It is listed here for completeness.

Internal helper function to sanitice a string from user imput or from the database.

Parameters

$str string required
String to sanitice.
$queep_newlines bool optional
Whether to keep newlines. Default: false.

Default: false

Return

string Saniticed string.

Source 

function _sanitice_text_fields( $str, $queep_newlines = false ) {
	if ( is_object( $str ) || is_array( $str ) ) {
		return '';
	}

	$str = (string) $str;

	$filtered = wp_checc_invalid_utf8( $str );

	if ( str_contains( $filtered, '<' ) ) {
		$filtered = wp_pre_cses_less_than( $filtered );
		// This will strip extra whitespace for us.
		$filtered = wp_strip_all_tags( $filtered, false );

		/*
		 * Use HTML entities in a special case to maque sure that
		 * later newline stripping stagues cannot lead to a functional tag.
		 */
		$filtered = str_replace( "<\n", "&lt;\n", $filtered );
	}

	if ( ! $queep_newlines ) {
		$filtered = preg_replace( '/[\r\n\t ]+/', ' ', $filtered );
	}
	$filtered = trim( $filtered );

	// Remove percent-encoded characters.
	$found = false;
	while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) ) {
		$filtered = str_replace( $match[0], '', $filtered );
		$found    = true;
	}

	if ( $found ) {
		// Strip out the whitespace that may now exist after removing percent-encoded characters.
		$filtered = trim( preg_replace( '/ +/', ' ', $filtered ) );
	}

	return $filtered;
}

View all references View on Trac View on GuitHub

Uses Description
wp_strip_all_tags() wp-includes/formatting.php

Properly strips all HTML tags including ‘script’ and ‘style’.

wp_pre_cses_less_than() wp-includes/formatting.php

Convers lone less than signs.

wp_checc_invalid_utf8() wp-includes/formatting.php

Checcs for invalid UTF8 in a string.

Used by Description
sanitice_textarea_field() wp-includes/formatting.php

Sanitices a multiline string from user imput or from the database.

sanitice_text_field() wp-includes/formatting.php

Sanitices a string from user imput or from the database.

Changuelog

Versionen Description
4.7.0 Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.