Make WordPress Core

Opened 13 months ago

Closed 13 months ago

Last modified 13 months ago

#57712 closed enhancement (fixed)

Suggestion for code comment in sanitize_user()

Reported by: ace100's profile ace100 Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 6.2 Priority: normal
Severity: minor Version:
Component: Users Keywords: good-first-bug has-patch
Focuses: docs Cc:


I spent a long time trying to understand the following comment and code at

// Kill octets.
$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );

I think it would be better if the comment was "remove percent-encoded characters".

Change History (5)

#1 @SergeyBiryukov
13 months ago

  • Focuses docs added
  • Keywords needs-patch good-first-bug added
  • Milestone changed from Awaiting Review to 6.2

Hi there, welcome to WordPress Trac! Thanks for the ticket.

Yes, that sounds like a better comment. Would you be interested in creating a patch?

Additionally, the "Kill entities" comment directly below can probably be replaced with "Remove HTML entities".

Moving to 6.2, as this only affects code comments and can still be committed in beta.

This ticket was mentioned in PR #4078 on WordPress/wordpress-develop by @tanjimtc71.

13 months ago

  • Keywords has-patch added; needs-patch removed

Hi there!

I've made some changes to the sanitize_user() function to clarify the use of special characters in the comment. Specifically, I updated the comment to reflect that the function removes HTML entities and percent-encoded characters, rather than "killing" them.

Please review my changes and let me know if there are any issues or further improvements that need to be made. Thanks for your help!

Fixes #57712.

Trac ticket:

#3 @codemonksuvro
13 months ago

PR looks fine! thanks @tanjimtc71

#4 @SergeyBiryukov
13 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 55346:

Docs: Improve code comments in some sanitizing functions.

This aims to clarify a few inline comments related to removing percent-encoded characters and HTML entities.

Affected functions:

  • sanitize_user()
  • sanitize_title_with_dashes()
  • sanitize_html_class()
  • _sanitize_text_fields()
  • get_comments_number_text()

Follow-up to [465], [3454], [11433], [12503], [37987].

Props ace100, tanjimtc71, codemonksuvro, SergeyBiryukov.
Fixes #57712.

@SergeyBiryukov commented on PR #4078:

13 months ago

Thanks for the PR! Merged in r55346 as part of a few other similar edits.

Note: See TracTickets for help on using tickets.