This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.
_sanitize_text_fields( string $str, bool $keep_newlines = false )
Internal helper function to sanitize a string from user input or from the db
Parameters
- $str
-
(Required) String to sanitize.
- $keep_newlines
-
(Optional) Whether to keep newlines. Default: false.
Default value: false
Return
(string) Sanitized string.
Source
File: wp-includes/formatting.php
function _sanitize_text_fields( $str, $keep_newlines = false ) {
$filtered = wp_check_invalid_utf8( $str );
if ( strpos($filtered, '<') !== false ) {
$filtered = wp_pre_kses_less_than( $filtered );
// This will strip extra whitespace for us.
$filtered = wp_strip_all_tags( $filtered, false );
// Use html entities in a special case to make sure no later
// newline stripping stage could lead to a functional tag
$filtered = str_replace("<\n", "<\n", $filtered);
}
if ( ! $keep_newlines ) {
$filtered = preg_replace( '/[\r\n\t ]+/', ' ', $filtered );
}
$filtered = trim( $filtered );
$found = false;
while ( preg_match('/%[a-f0-9]{2}/i', $filtered, $match) ) {
$filtered = str_replace($match[0], '', $filtered);
$found = true;
}
if ( $found ) {
// Strip out the whitespace that may now exist after removing the octets.
$filtered = trim( preg_replace('/ +/', ' ', $filtered) );
}
return $filtered;
}
Changelog
Version | Description |
---|---|
WP-4.7.0 | Introduced. |