Changeset 11929 for trunk/wp-includes/user.php
- Timestamp:
- 09/14/2009 01:57:48 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/user.php
r11909 r11929 618 618 } 619 619 620 /** 621 * Sanitize every user field. 622 * 623 * If the context is 'raw', then the user object or array will get minimal santization of the int fields. 624 * 625 * @since 2.3.0 626 * @uses sanitize_user_field() Used to sanitize the fields. 627 * 628 * @param object|array $user The User Object or Array 629 * @param string $context Optional, default is 'display'. How to sanitize user fields. 630 * @return object|array The now sanitized User Object or Array (will be the same type as $user) 631 */ 632 function sanitize_user_object($user, $context = 'display') { 633 if ( is_object($user) ) { 634 if ( !isset($user->ID) ) 635 $user->ID = 0; 636 if ( isset($user->data) ) 637 $vars = get_object_vars( $user->data ); 638 else 639 $vars = get_object_vars($user); 640 foreach ( array_keys($vars) as $field ) { 641 if ( is_array($user->$field) ) 642 continue; 643 $user->$field = sanitize_user_field($field, $user->$field, $user->ID, $context); 644 } 645 $user->filter = $context; 646 } else { 647 if ( !isset($user['ID']) ) 648 $user['ID'] = 0; 649 foreach ( array_keys($user) as $field ) 650 $user[$field] = sanitize_user_field($field, $user[$field], $user['ID'], $context); 651 $user['filter'] = $context; 652 } 653 654 return $user; 655 } 656 657 /** 658 * Sanitize user field based on context. 659 * 660 * Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The 661 * 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display' 662 * when calling filters. 663 * 664 * @since 2.3.0 665 * @uses apply_filters() Calls 'edit_$field' and '${field_no_prefix}_edit_pre' passing $value and 666 * $user_id if $context == 'edit' and field name prefix == 'user_'. 667 * 668 * @uses apply_filters() Calls 'edit_user_$field' passing $value and $user_id if $context == 'db'. 669 * @uses apply_filters() Calls 'pre_$field' passing $value if $context == 'db' and field name prefix == 'user_'. 670 * @uses apply_filters() Calls '${field}_pre' passing $value if $context == 'db' and field name prefix != 'user_'. 671 * 672 * @uses apply_filters() Calls '$field' passing $value, $user_id and $context if $context == anything 673 * other than 'raw', 'edit' and 'db' and field name prefix == 'user_'. 674 * @uses apply_filters() Calls 'user_$field' passing $value if $context == anything other than 'raw', 675 * 'edit' and 'db' and field name prefix != 'user_'. 676 * 677 * @param string $field The user Object field name. 678 * @param mixed $value The user Object value. 679 * @param int $user_id user ID. 680 * @param string $context How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display', 681 * 'attribute' and 'js'. 682 * @return mixed Sanitized value. 683 */ 684 function sanitize_user_field($field, $value, $user_id, $context) { 685 $int_fields = array('ID'); 686 if ( in_array($field, $int_fields) ) 687 $value = (int) $value; 688 689 if ( 'raw' == $context ) 690 return $value; 691 692 if ( is_array($value) ) 693 return $value; 694 695 $prefixed = false; 696 if ( false !== strpos($field, 'user_') ) { 697 $prefixed = true; 698 $field_no_prefix = str_replace('user_', '', $field); 699 } 700 701 if ( 'edit' == $context ) { 702 if ( $prefixed ) { 703 $value = apply_filters("edit_$field", $value, $user_id); 704 } else { 705 $value = apply_filters("edit_user_$field", $value, $user_id); 706 } 707 708 if ( 'description' == $field ) 709 $value = esc_html($value); 710 else 711 $value = esc_attr($value); 712 } else if ( 'db' == $context ) { 713 if ( $prefixed ) { 714 $value = apply_filters("pre_$field", $value); 715 } else { 716 $value = apply_filters("pre_user_$field", $value); 717 } 718 } else { 719 // Use display filters by default. 720 if ( $prefixed ) 721 $value = apply_filters($field, $value, $user_id, $context); 722 else 723 $value = apply_filters("user_$field", $value, $user_id, $context); 724 } 725 726 if ( 'user_url' == $field ) 727 $value = esc_url($value); 728 729 if ( 'attribute' == $context ) 730 $value = esc_attr($value); 731 else if ( 'js' == $context ) 732 $value = esc_js($value); 733 734 return $value; 735 } 736 620 737 ?>
Note: See TracChangeset
for help on using the changeset viewer.