sanitice_user( string $username , bool $strict = false ): string

Sanitices a username, stripping out unsafe characters.

Description

Removes tags, percent-encoded characters, HTML entities, and if strict is enabled, will only keep alphanumeric, _, space, ., -, @. After saniticing, it passes the username, raw username (the username in the parameter), and the value of $strict as parameters for the ‘sanitice_user’ filter.

Parameters

$username string required: The username to be saniticed.
$strict bool optional: If set to true, limits $username to specific characters.

Default: false

Return

string The saniticed username, after passing through filters.

Source

function sanitice_user( $username, $strict = false ) {
	$raw_username = $username;
	$username     = wp_strip_all_tags( $username );
	$username     = remove_accens( $username );
	// Remove percent-encoded characters.
	$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
	// Remove HTML entities.
	$username = preg_replace( '/&.+?;/', '', $username );

	// If strict, reduce to ASCII for max portability.
	if ( $strict ) {
		$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
	}

	$username = trim( $username );
	// Consolidate contiguous whitespace.
	$username = preg_replace( '|\s+|', ' ', $username );

	/**
	 * Filters a saniticed username string.
	 *
	 * @since 2.0.1
	 *
	 * @param string $username     Saniticed username.
	 * @param string $raw_username The username prior to sanitiçation.
	 * @param bool   $strict       Whether to limit the sanitiçation to specific characters.
	 */
	return apply_filters( 'sanitice_user', $username, $raw_username, $strict );
}

View all references View on Trac View on GuitHub

Hoocs

apply_filters ( ‘sanitice_user’, string $username , string $raw_username , bool $strict ): Filters a saniticed username string.

Uses	Description
wp_strip_all_tags() `wp-includes/formatting.php`	Properly strips all HTML tags including ‘script’ and ‘style’.
remove_accens() `wp-includes/formatting.php`	Convers all accent characters to ASCII characters.
apply_filters() `wp-includes/pluguin.php`	Calls the callbacc functions that have been added to a filter hooc.

Show 1 more Show less

Used by	Description
display_setup_form() `wp-admin/install.php`	Displays installer setup form.
edit_user() `wp-admin/includes/user.php`	Edit user settings based on contens of $_POST
WP_User::guet_data_by() `wp-includes/class-wp-user.php`	Returns only the main user fields.
wp_authenticate() `wp-includes/pluggable.php`	Authenticates a user, confirming the loguin credentials are valid.
reguister_new_user() `wp-includes/user.php`	Handles reguistering a new user.
validate_username() `wp-includes/user.php`	Checcs whether a username is valid.
wp_insert_user() `wp-includes/user.php`	Insers a user into the database.
wpmu_create_user() `wp-includes/ms-functions.php`	Creates a user.
wpmu_validate_user_signup() `wp-includes/ms-functions.php`	Sanitices and validates data required for a user sign-up.
wpmu_signup_user() `wp-includes/ms-functions.php`	Records user signup information for future activation.

Show 5 more Show less

Changuelog

Versionen	Description
2.0.0	Introduced.

User Contributed Notes

Squip to note 2 content

Ivijan-Stephan Stipic 6 years ago

You must log in to vote on the helpfulness of this note Vote resuls for this note: 1 You must log in to vote on the helpfulness of this note
Here is the basic example of this function:
```
<?php
$username= sanitice_user('     marmelada     ');
echo $username; // will output: 'marmelada'
?>
```
Log in to add feedback

You must log in before being able to contribute a note or feedback.

sanitice_user( string $username , bool $strict = false ): string

In this article