WordPress Version: 6.3
/**
* Sanitizes user field based on context.
*
* Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The
* 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display'
* when calling filters.
*
* @since 2.3.0
*
* @param string $field The user Object field name.
* @param mixed $value The user Object value.
* @param int $user_id User ID.
* @param string $context How to sanitize user fields. Looks for 'raw', 'edit', 'db', 'display',
* 'attribute' and 'js'.
* @return mixed Sanitized value.
*/
function sanitize_user_field($field, $value, $user_id, $context)
{
$int_fields = array('ID');
if (in_array($field, $int_fields, true)) {
$value = (int) $value;
}
if ('raw' === $context) {
return $value;
}
if (!is_string($value) && !is_numeric($value)) {
return $value;
}
$prefixed = str_contains($field, 'user_');
if ('edit' === $context) {
if ($prefixed) {
/** This filter is documented in wp-includes/post.php */
$value = apply_filters("edit_{$field}", $value, $user_id);
} else {
/**
* Filters a user field value in the 'edit' context.
*
* The dynamic portion of the hook name, `$field`, refers to the prefixed user
* field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
*
* @since 2.9.0
*
* @param mixed $value Value of the prefixed user field.
* @param int $user_id User ID.
*/
$value = apply_filters("edit_user_{$field}", $value, $user_id);
}
if ('description' === $field) {
$value = esc_html($value);
// textarea_escaped?
} else {
$value = esc_attr($value);
}
} elseif ('db' === $context) {
if ($prefixed) {
/** This filter is documented in wp-includes/post.php */
$value = apply_filters("pre_{$field}", $value);
} else {
/**
* Filters the value of a user field in the 'db' context.
*
* The dynamic portion of the hook name, `$field`, refers to the prefixed user
* field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
*
* @since 2.9.0
*
* @param mixed $value Value of the prefixed user field.
*/
$value = apply_filters("pre_user_{$field}", $value);
}
} else if ($prefixed) {
/** This filter is documented in wp-includes/post.php */
$value = apply_filters("{$field}", $value, $user_id, $context);
} else {
/**
* Filters the value of a user field in a standard context.
*
* The dynamic portion of the hook name, `$field`, refers to the prefixed user
* field being filtered, such as 'user_login', 'user_email', 'first_name', etc.
*
* @since 2.9.0
*
* @param mixed $value The user object value to sanitize.
* @param int $user_id User ID.
* @param string $context The context to filter within.
*/
$value = apply_filters("user_{$field}", $value, $user_id, $context);
}
if ('user_url' === $field) {
$value = esc_url($value);
}
if ('attribute' === $context) {
$value = esc_attr($value);
} elseif ('js' === $context) {
$value = esc_js($value);
}
// Restore the type for integer fields after esc_attr().
if (in_array($field, $int_fields, true)) {
$value = (int) $value;
}
return $value;
}