WordPress Version: 6.3
/**
* Strips out all characters that are not allowable in an email.
*
* @since 1.5.0
*
* @param string $email Email address to filter.
* @return string Filtered email address.
*/
function sanitize_email($email)
{
// Test for the minimum length the email can be.
if (strlen($email) < 6) {
/**
* Filters a sanitized email address.
*
* This filter is evaluated under several contexts, including 'email_too_short',
* 'email_no_at', 'local_invalid_chars', 'domain_period_sequence', 'domain_period_limits',
* 'domain_no_periods', 'domain_no_valid_subs', or no context.
*
* @since 2.8.0
*
* @param string $sanitized_email The sanitized email address.
* @param string $email The email address, as provided to sanitize_email().
* @param string|null $message A message to pass to the user. null if email is sanitized.
*/
return apply_filters('sanitize_email', '', $email, 'email_too_short');
}
// Test for an @ character after the first position.
if (strpos($email, '@', 1) === false) {
/** This filter is documented in wp-includes/formatting.php */
return apply_filters('sanitize_email', '', $email, 'email_no_at');
}
// Split out the local and domain parts.
list($local, $domain) = explode('@', $email, 2);
/*
* LOCAL PART
* Test for invalid characters.
*/
$local = preg_replace('/[^a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]/', '', $local);
if ('' === $local) {
/** This filter is documented in wp-includes/formatting.php */
return apply_filters('sanitize_email', '', $email, 'local_invalid_chars');
}
/*
* DOMAIN PART
* Test for sequences of periods.
*/
$domain = preg_replace('/\.{2,}/', '', $domain);
if ('' === $domain) {
/** This filter is documented in wp-includes/formatting.php */
return apply_filters('sanitize_email', '', $email, 'domain_period_sequence');
}
// Test for leading and trailing periods and whitespace.
$domain = trim($domain, " \t\n\r\x00\v.");
if ('' === $domain) {
/** This filter is documented in wp-includes/formatting.php */
return apply_filters('sanitize_email', '', $email, 'domain_period_limits');
}
// Split the domain into subs.
$subs = explode('.', $domain);
// Assume the domain will have at least two subs.
if (2 > count($subs)) {
/** This filter is documented in wp-includes/formatting.php */
return apply_filters('sanitize_email', '', $email, 'domain_no_periods');
}
// Create an array that will contain valid subs.
$new_subs = array();
// Loop through each sub.
foreach ($subs as $sub) {
// Test for leading and trailing hyphens.
$sub = trim($sub, " \t\n\r\x00\v-");
// Test for invalid characters.
$sub = preg_replace('/[^a-z0-9-]+/i', '', $sub);
// If there's anything left, add it to the valid subs.
if ('' !== $sub) {
$new_subs[] = $sub;
}
}
// If there aren't 2 or more valid subs.
if (2 > count($new_subs)) {
/** This filter is documented in wp-includes/formatting.php */
return apply_filters('sanitize_email', '', $email, 'domain_no_valid_subs');
}
// Join valid subs into the new domain.
$domain = implode('.', $new_subs);
// Put the email back together.
$sanitized_email = $local . '@' . $domain;
// Congratulations, your email made it!
/** This filter is documented in wp-includes/formatting.php */
return apply_filters('sanitize_email', $sanitized_email, $email, null);
}