Contents

Code Reference Functions bbp_sanitize_displayed_user_field()

bbp_sanitize_displayed_user_field( string $value = '', string $field = '', string $context = 'display' )

Sanitize displayed user data, when viewing and editing any user.

Description

This somewhat monolithic function handles the escaping and sanitization of user data for a Forums profile. There are two reasons this all happers here:

  1. Forums took a similar approach to WordPress, and funnels all user profile data through a central helper. This eventually calls sanitize_user_field() which applies a few context based filters, which some third party plugins might be relying on Forums to play nicely with.

  2. Early versions of bbPress 2.x templates did not escape this data meaning a backwards compatible approach like this one was necessary to protect existing installations that may have custom template parts.

Parameters

$value

(Optional)

Default value: ''

$field

(Optional)

Default value: ''

$context

(Optional)

Default value: 'display'

Return

(string)

Source

File: bp-forums/users/functions.php 

function bbp_sanitize_displayed_user_field( $value = '', $field = '', $context = 'display' ) {

	// Bail if not editing or displaying (maybe we'll do more here later)
	if ( ! in_array( $context, array( 'edit', 'display' ) ) ) {
		return $value;
	}

	// By default, no filter set (consider making this an array later)
	$filter = false;

	// Big switch statement to decide which user field we're sanitizing and how
	switch ( $field ) {

		// Description is a paragraph
		case 'description' :
			$filter = ( 'edit' === $context ) ? '' : 'wp_kses_data';
			break;

		// Email addresses are sanitized with a specific function
		case 'user_email'  :
			$filter = 'sanitize_email';
			break;

		// Name & login fields
		case 'user_login'   :
		case 'display_name' :
		case 'first_name'   :
		case 'last_name'    :
		case 'nick_name'    :
			$filter = ( 'edit' === $context ) ? 'esc_attr' : 'esc_html';
			break;

		// wp-includes/default-filters.php escapes this for us via esc_url()
		case 'user_url' :
			break;
	}

	// Run any applicable filters on the value
	if ( ! empty( $filter ) ) {
		$value = call_user_func( $filter, $value );
	}

	return $value;
}

Expand full source code Collapse full source code

Changelog

Changelog
Version Description
bbPress (r5368) Introduced.

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.