清理用户名,删除不安全的字符。

原型

sanitize_user( string $username, bool $strict = false )

描述

删除标签,八位字节,实体,如果启用了strict,则只保留字母数字,_,空格,。, - ,@。清理后,它会传递用户名,原始用户名(参数中的用户名)以及$ strict的值作为’sanitize_user’过滤器的参数。

参数

$username (string) (Required) 要清理的用户名。

$strict (bool) (Optional) 如果将$ username限制为特定字符。

返回值

(string)  通过过滤器后,已清理的用户名。

源文件

路径:wp-includes/formatting.php

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<?php
...
function sanitize_user( $username, $strict = false ) {
	$raw_username = $username;
	$username = wp_strip_all_tags( $username );
	$username = remove_accents( $username );
	// Kill octets
	$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
	$username = preg_replace( '/&.+?;/', '', $username ); // Kill entities

	// If strict, reduce to ASCII for max portability.
	if ( $strict )
		$username = preg_replace( '|[^a-z0-9 _.\[email protected]]|i', '', $username );

	$username = trim( $username );
	// Consolidate contiguous whitespace
	$username = preg_replace( '|\s+|', ' ', $username );

	/**
	 * Filters a sanitized username string.
	 *
	 * @since 2.0.1
	 *
	 * @param string $username     Sanitized username.
	 * @param string $raw_username The username prior to sanitization.
	 * @param bool   $strict       Whether to limit the sanitization to specific characters. Default false.
	 */
	return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
}

...
?>

其他

英文文档:https://developer.wordpress.org/reference/functions/sanitize_user/