W3cubDocs

/WordPress

sanitize_user( string $username, bool $strict = false )

Sanitizes a username, stripping out unsafe characters.

Description

Removes tags, octets, entities, and if strict is enabled, will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, raw username (the username in the parameter), and the value of $strict as parameters for the ‘sanitize_user’ filter.

Parameters

$username

(string) (Required) The username to be sanitized.

$strict

(bool) (Optional) If set limits $username to specific characters.

Default value: false

Return

(string) The sanitized username, after passing through filters.

Source

File: wp-includes/formatting.php 

function sanitize_user( $username, $strict = false ) {
	$raw_username = $username;
	$username     = wp_strip_all_tags( $username );
	$username     = remove_accents( $username );
	// Kill octets.
	$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
	// Kill entities.
	$username = preg_replace( '/&.+?;/', '', $username );

	// If strict, reduce to ASCII for max portability.
	if ( $strict ) {
		$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
	}

	$username = trim( $username );
	// Consolidate contiguous whitespace.
	$username = preg_replace( '|\s+|', ' ', $username );

	/**
	 * Filters a sanitized username string.
	 *
	 * @since 2.0.1
	 *
	 * @param string $username     Sanitized username.
	 * @param string $raw_username The username prior to sanitization.
	 * @param bool   $strict       Whether to limit the sanitization to specific characters.
	 */
	return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
}

Uses

Uses Description
wp-includes/formatting.php: wp_strip_all_tags()

Properly strip all HTML tags including script and style
wp-includes/formatting.php: sanitize_user

Filters a sanitized username string.
wp-includes/formatting.php: remove_accents()

Converts all accent characters to ASCII characters.
wp-includes/plugin.php: apply_filters()

Calls the callback functions that have been added to a filter hook.

Used By

Used By Description
wp-includes/ms-site.php: wp_normalize_site_data()

Normalizes data for a site prior to inserting or updating in the database.
wp-admin/install.php: display_setup_form()

Display installer setup form.
wp-admin/includes/user.php: edit_user()

Edit user settings based on contents of $_POST
wp-includes/class-wp-user.php: WP_User::get_data_by()

Return only the main user fields
wp-includes/pluggable.php: wp_authenticate()

Authenticate a user, confirming the login credentials are valid.
wp-includes/user.php: register_new_user()

Handles registering a new user.
wp-includes/user.php: validate_username()

Checks whether a username is valid.
wp-includes/user.php: wp_insert_user()

Insert a user into the database.
wp-includes/ms-functions.php: wpmu_create_user()

Create a user.
wp-includes/ms-functions.php: wpmu_validate_user_signup()

Sanitize and validate data required for a user sign-up.
wp-includes/ms-functions.php: wpmu_signup_user()

Record user signup information for future activation.

Changelog

Version Description
2.0.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/sanitize_user