sanitize_user_field() WP 2.3.0
Sanitize user field based on context.
Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display' when calling filters.
Return
Mixed. Sanitized value.
Usage
sanitize_user_field( $field, $value, $user_id, $context );
- $field(string) (required)
- The user Object field name.
- $value(mixed) (required)
- The user Object value.
- $user_id(int) (required)
- User ID.
- $context(string) (required)
- How to sanitize user fields. Looks for
'raw', 'edit', 'db', 'display', 'attribute' and 'js'.
Changelog
<?php
function sanitize_user_field( $field, $value, $user_id, $context ) {
$int_fields = array( 'ID' );
if ( in_array( $field, $int_fields ) ) {
$value = (int) $value;
}
if ( 'raw' == $context ) {
return $value;
}
if ( ! is_string( $value ) && ! is_numeric( $value ) ) {
return $value;
}
$prefixed = false !== strpos( $field, 'user_' );
if ( 'edit' == $context ) {
if ( $prefixed ) {
/** This filter is documented in wp-includes/post.php */
$value = apply_filters( "edit_{$field}", $value, $user_id );
} else {
/**
* Filters a user field value in the 'edit' context.
*
* The dynamic portion of the hook name, `$field`, refers to the prefixed user
* field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
*
* @since 2.9.0
*
* @param mixed $value Value of the prefixed user field.
* @param int $user_id User ID.
*/
$value = apply_filters( "edit_user_{$field}", $value, $user_id );
}
if ( 'description' == $field ) {
$value = esc_html( $value ); // textarea_escaped?
} else {
$value = esc_attr( $value );
}
} elseif ( 'db' == $context ) {
if ( $prefixed ) {
/** This filter is documented in wp-includes/post.php */
$value = apply_filters( "pre_{$field}", $value );
} else {
/**
* Filters the value of a user field in the 'db' context.
*
* The dynamic portion of the hook name, `$field`, refers to the prefixed user
* field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
*
* @since 2.9.0
*
* @param mixed $value Value of the prefixed user field.
*/
$value = apply_filters( "pre_user_{$field}", $value );
}
} else {
// Use display filters by default.
if ( $prefixed ) {
/** This filter is documented in wp-includes/post.php */
$value = apply_filters( "{$field}", $value, $user_id, $context );
} else {
/**
* Filters the value of a user field in a standard context.
*
* The dynamic portion of the hook name, `$field`, refers to the prefixed user
* field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
*
* @since 2.9.0
*
* @param mixed $value The user object value to sanitize.
* @param int $user_id User ID.
* @param string $context The context to filter within.
*/
$value = apply_filters( "user_{$field}", $value, $user_id, $context );
}
}
if ( 'user_url' == $field ) {
$value = esc_url( $value );
}
if ( 'attribute' == $context ) {
$value = esc_attr( $value );
} elseif ( 'js' == $context ) {
$value = esc_js( $value );
}
return $value;
}