sanitize_user_field( string $field, mixed $value, int $user_id, string $context )
Sanitize user field based on context.
Description
Possible context values are: ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’. The ‘display’ context is used by default. ‘attribute’ and ‘js’ contexts are treated like ‘display’ when calling filters.
Parameters
- $field
-
(string) (Required) The user Object field name.
- $value
-
(mixed) (Required) The user Object value.
- $user_id
-
(int) (Required) User ID.
- $context
-
(string) (Required) How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display', 'attribute' and 'js'.
Return
(mixed) Sanitized value.
Source
File: wp-includes/user.php
function sanitize_user_field( $field, $value, $user_id, $context ) { $int_fields = array( 'ID' ); if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } if ( 'raw' === $context ) { return $value; } if ( ! is_string( $value ) && ! is_numeric( $value ) ) { return $value; } $prefixed = false !== strpos( $field, 'user_' ); if ( 'edit' === $context ) { if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "edit_{$field}", $value, $user_id ); } else { /** * Filters a user field value in the 'edit' context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value Value of the prefixed user field. * @param int $user_id User ID. */ $value = apply_filters( "edit_user_{$field}", $value, $user_id ); } if ( 'description' === $field ) { $value = esc_html( $value ); // textarea_escaped? } else { $value = esc_attr( $value ); } } elseif ( 'db' === $context ) { if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "pre_{$field}", $value ); } else { /** * Filters the value of a user field in the 'db' context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value Value of the prefixed user field. */ $value = apply_filters( "pre_user_{$field}", $value ); } } else { // Use display filters by default. if ( $prefixed ) { /** This filter is documented in wp-includes/post.php */ $value = apply_filters( "{$field}", $value, $user_id, $context ); } else { /** * Filters the value of a user field in a standard context. * * The dynamic portion of the hook name, `$field`, refers to the prefixed user * field being filtered, such as 'user_login', 'user_email', 'first_name', etc. * * @since 2.9.0 * * @param mixed $value The user object value to sanitize. * @param int $user_id User ID. * @param string $context The context to filter within. */ $value = apply_filters( "user_{$field}", $value, $user_id, $context ); } } if ( 'user_url' === $field ) { $value = esc_url( $value ); } if ( 'attribute' === $context ) { $value = esc_attr( $value ); } elseif ( 'js' === $context ) { $value = esc_js( $value ); } // Restore the type for integer fields after esc_attr(). if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } return $value; }
Changelog
Version | Description |
---|---|
2.3.0 | Introduced. |
© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/sanitize_user_field