sanitize_user
Sanitizes a username, stripping out unsafe characters.
Description
Removes tags, octets, entities, and if strict is enabled, will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, raw username (the username in the parameter), and the value of $strict
as parameters for the filter.
Returns (string)
The sanitized username, after passing through filters.
Parameters (2)
- 0. $username (string)
- The username to be sanitized.
- 1. $strict — Optional. (bool) =>
false
- If set limits
$username
to specific characters. Default false.
Usage
if ( !function_exists( 'sanitize_user' ) ) { require_once ABSPATH . WPINC . '/formatting.php'; } // The username to be sanitized. $username = ''; // If set limits $username to specific characters. Default false. $strict = false; // NOTICE! Understand what this does before running. $result = sanitize_user($username, $strict);
Defined (1)
The function is defined in the following location(s).
- /wp-includes/formatting.php
- function sanitize_user( $username, $strict = false ) {
- $raw_username = $username;
- $username = wp_strip_all_tags( $username );
- $username = remove_accents( $username );
- // Kill octets
- $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
- $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
- // If strict, reduce to ASCII for max portability.
- if ( $strict )
- $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
- $username = trim( $username );
- // Consolidate contiguous whitespace
- $username = preg_replace( '|\s+|', ' ', $username );
- /**
- * Filters a sanitized username string.
- *
- * @since 2.0.1
- *
- * @param string $username Sanitized username.
- * @param string $raw_username The username prior to sanitization.
- * @param bool $strict Whether to limit the sanitization to specific characters. Default false.
- */
- return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
- }