sanitize_user()清理用户名,去掉所有不安全的字符

目录

描述

译文

消除用户名中的不安全字符。

若$strict参数为true,则返回添加了_, space, ., -, *, 以及 @的字母数字式字符。

该函数删除所有标签,XX以及实体,如果$strict参数被激活,该函数删除所有非ASCII字符。清理用户名后,该函数将用户名、原始用户名(参数中的用户名)以及$strict参数作为过滤器参数。

原文

删除 HTML 标签,8进制,HTML 体,如果 $strict 参数设置为 true,将删除所有非 ASCII 字符,只保留数字字母_空格.-@

sanitize_user() 描述

用法

<?php sanitize_user$username$strict ?>

sanitize_user() 用法

参数

$username

(string) (必填) 要清理的用  

 认值: None

$strict

(boolean) (可选) 如果   true,限制 $username 为数字,字母,_,空格,.,-,@。

默认值: false

sanitize_user() 参数

返回值

(string) 

 理后的用户 

sanitize_user() 返回值

注意

  • 函数最后调用 'sanitize_user' 过滤器,三个参数:username,raw username(未处理之前的原始用户   $strict 参数。
  • sanitize_user() 注意

    历史

    sanitize_user() 历史

    源文件

    sanitize_user() 函数的代码位于 wp-includes/formatting.php.

    /* ----------------------------------
     * wordpress之魂 © http://wphun.com
     * ---------------------------------- */
    /**
     * Sanitizes a username, stripping out unsafe characters.
     *
     * Removes tags, octets, entities, and if strict is enabled, will only keep
     * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
     * raw username (the username in the parameter), and the value of $strict as
     * parameters for the 'sanitize_user' filter.
     *
     * @since 2.0.0
     *
     * @param string $username The username to be sanitized.
     * @param bool   $strict   If set limits $username to specific characters. Default false.
     * @return string The sanitized username, after passing through filters.
     */
    function sanitize_user( $username, $strict = false ) {
    	$raw_username = $username;
    	$username = wp_strip_all_tags( $username );
    	$username = remove_accents( $username );
    	// Kill octets
    	$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
    	$username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
    
    	// If strict, reduce to ASCII for max portability.
    	if ( $strict )
    		$username = preg_replace( '|[^a-z0-9 _.-@]|i', '', $username );
    
    	$username = trim( $username );
    	// Consolidate contiguous whitespace
    	$username = preg_replace( '|s+|', ' ', $username );
    
    	/**
    	 * Filter a sanitized username string.
    	 *
    	 * @since 2.0.1
    	 *
    	 * @param string $username     Sanitized username.
    	 * @param string $raw_username The username prior to sanitization.
    	 * @param bool   $strict       Whether to limit the sanitization to specific characters. Default false.
    	 */
    	return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
    }
    
    

    sanitize_user() 源文件

    相关