bbp_sanitize_displayed_user_field

Sanitize displayed user data, when viewing and editing any user.

Description

(string) bbp_sanitize_displayed_user_field( (string) $value = '', (string) $field = '', (string) $context = 'display' ); 

This somewhat monolithic function handles the escaping and sanitization of user data for a bbPress profile. There are two reasons this all happers here:

1. bbPress took a similar approach to WordPress, and funnels all user profile

2. Early versions of bbPress 2.x templates did not escape this data meaning

Returns (string)

Parameters (3)

0. $value — Optional. (string) => ''
The value.
1. $field — Optional. (string) => ''
The field.
2. $context — Optional. (string) => 'display'
The context.

Usage

  1. if ( !function_exists( 'bbp_sanitize_displayed_user_field' ) ) { 
  2. require_once '/includes/users/functions.php'; 
  3.  
  4. // The value. 
  5. $value = ''; 
  6.  
  7. // The field. 
  8. $field = ''; 
  9.  
  10. // The context. 
  11. $context = 'display'; 
  12.  
  13. // NOTICE! Understand what this does before running. 
  14. $result = bbp_sanitize_displayed_user_field($value, $field, $context); 
  15.  

Defined (1)

The function is defined in the following location(s).

/includes/users/functions.php  
  1. function bbp_sanitize_displayed_user_field( $value = '', $field = '', $context = 'display' ) { 
  2.  
  3. // Bail if not editing or displaying (maybe we'll do more here later) 
  4. if ( ! in_array( $context, array( 'edit', 'display' ) ) ) { 
  5. return $value; 
  6.  
  7. // By default, no filter set (consider making this an array later) 
  8. $filter = false; 
  9.  
  10. // Big switch statement to decide which user field we're sanitizing and how 
  11. switch ( $field ) { 
  12.  
  13. // Description is a paragraph 
  14. case 'description' : 
  15. $filter = ( 'edit' === $context ) ? '' : 'wp_kses_data'; 
  16. break; 
  17.  
  18. // Email addresses are sanitized with a specific function 
  19. case 'user_email' : 
  20. $filter = 'sanitize_email'; 
  21. break; 
  22.  
  23. // Name & login fields 
  24. case 'user_login' : 
  25. case 'display_name' : 
  26. case 'first_name' : 
  27. case 'last_name' : 
  28. case 'nick_name' : 
  29. $filter = ( 'edit' === $context ) ? 'esc_attr' : 'esc_html'; 
  30. break; 
  31.  
  32. // wp-includes/default-filters.php escapes this for us via esc_url() 
  33. case 'user_url' : 
  34. break; 
  35.  
  36. // Run any applicable filters on the value 
  37. if ( ! empty( $filter ) ) { 
  38. $value = call_user_func( $filter, $value ); 
  39.  
  40. return $value;