sanitize_email( string $email )
Strips out all characters that are not allowable in an email.
Parameters
-
(string) (Required) Email address to filter.
Return
(string) Filtered email address.
More Information
- After sanitize_email() has done its work, it passes the sanitized e-mail address through the sanitize_email filter.
- This function uses a smaller allowable character set than the set defined by RFC 5322. Some legal email addresses may be changed.
- Allowed character regular expression:
/[^a-z0-9+_.@-]/i
.
Source
File: wp-includes/formatting.php
function sanitize_email( $email ) { // Test for the minimum length the email can be. if ( strlen( $email ) < 6 ) { /** * Filters a sanitized email address. * * This filter is evaluated under several contexts, including 'email_too_short', * 'email_no_at', 'local_invalid_chars', 'domain_period_sequence', 'domain_period_limits', * 'domain_no_periods', 'domain_no_valid_subs', or no context. * * @since 2.8.0 * * @param string $sanitized_email The sanitized email address. * @param string $email The email address, as provided to sanitize_email(). * @param string|null $message A message to pass to the user. null if email is sanitized. */ return apply_filters( 'sanitize_email', '', $email, 'email_too_short' ); } // Test for an @ character after the first position. if ( strpos( $email, '@', 1 ) === false ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'email_no_at' ); } // Split out the local and domain parts. list( $local, $domain ) = explode( '@', $email, 2 ); // LOCAL PART // Test for invalid characters. $local = preg_replace( '/[^a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]/', '', $local ); if ( '' === $local ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'local_invalid_chars' ); } // DOMAIN PART // Test for sequences of periods. $domain = preg_replace( '/\.{2,}/', '', $domain ); if ( '' === $domain ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'domain_period_sequence' ); } // Test for leading and trailing periods and whitespace. $domain = trim( $domain, " \t\n\r\0\x0B." ); if ( '' === $domain ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'domain_period_limits' ); } // Split the domain into subs. $subs = explode( '.', $domain ); // Assume the domain will have at least two subs. if ( 2 > count( $subs ) ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'domain_no_periods' ); } // Create an array that will contain valid subs. $new_subs = array(); // Loop through each sub. foreach ( $subs as $sub ) { // Test for leading and trailing hyphens. $sub = trim( $sub, " \t\n\r\0\x0B-" ); // Test for invalid characters. $sub = preg_replace( '/[^a-z0-9-]+/i', '', $sub ); // If there's anything left, add it to the valid subs. if ( '' !== $sub ) { $new_subs[] = $sub; } } // If there aren't 2 or more valid subs. if ( 2 > count( $new_subs ) ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'domain_no_valid_subs' ); } // Join valid subs into the new domain. $domain = implode( '.', $new_subs ); // Put the email back together. $sanitized_email = $local . '@' . $domain; // Congratulations, your email made it! /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', $sanitized_email, $email, null ); }
Changelog
Version | Description |
---|---|
1.5.0 | Introduced. |
© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/sanitize_email