Contents

Code Reference Functions bbp_sanitize_displayed_user_field()

bbp_sanitize_displayed_user_field( string $value = '', string $field = '', string $context = 'display' )

Sanitize displayed user data, when viewing and editing any user.

Description

This somewhat monolithic function handles the escaping and sanitization of user data for a Forums profile. There are two reasons this all happers here:

  1. Forums took a similar approach to WordPress, and funnels all user profile data through a central helper. This eventually calls sanitize_user_field() which applies a few context based filters, which some third party plugins might be relying on Forums to play nicely with.

  2. Early versions of bbPress 2.x templates did not escape this data meaning a backwards compatible approach like this one was necessary to protect existing installations that may have custom template parts.

Parameters

$value

(Optional)

Default value: ''

$field

(Optional)

Default value: ''

$context

(Optional)

Default value: 'display'

Return

(string)

Source

File: bp-forums/users/functions.php

1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
function bbp_sanitize_displayed_user_field( $value = '', $field = '', $context = 'display' ) {
 
    // Bail if not editing or displaying (maybe we'll do more here later)
    if ( ! in_array( $context, array( 'edit', 'display' ) ) ) {
        return $value;
    }
 
    // By default, no filter set (consider making this an array later)
    $filter = false;
 
    // Big switch statement to decide which user field we're sanitizing and how
    switch ( $field ) {
 
        // Description is a paragraph
        case 'description' :
            $filter = ( 'edit' === $context ) ? '' : 'wp_kses_data';
            break;
 
        // Email addresses are sanitized with a specific function
        case 'user_email'  :
            $filter = 'sanitize_email';
            break;
 
        // Name & login fields
        case 'user_login'   :
        case 'display_name' :
        case 'first_name'   :
        case 'last_name'    :
        case 'nick_name'    :
            $filter = ( 'edit' === $context ) ? 'esc_attr' : 'esc_html';
            break;
 
        // wp-includes/default-filters.php escapes this for us via esc_url()
        case 'user_url' :
            break;
    }
 
    // Run any applicable filters on the value
    if ( ! empty( $filter ) ) {
        $value = call_user_func( $filter, $value );
    }
 
    return $value;
}

Expand full source code Collapse full source code

Changelog

Changelog
Version Description
bbPress (r5368) Introduced.

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.