sanitize_option( string $option, mixed $value ): mixed

Source

function sanitize_option( $option, $value ) {	global $wpdb;	$original_value = $value;	$error = null;	switch ( $option ) {	case 'admin_email':	case 'new_admin_email':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	$value = sanitize_email( $value );	if ( ! is_email( $value ) ) {	$error = __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' );	}	}	break;	case 'thumbnail_size_w':	case 'thumbnail_size_h':	case 'medium_size_w':	case 'medium_size_h':	case 'medium_large_size_w':	case 'medium_large_size_h':	case 'large_size_w':	case 'large_size_h':	case 'mailserver_port':	case 'comment_max_links':	case 'page_on_front':	case 'page_for_posts':	case 'rss_excerpt_length':	case 'default_category':	case 'default_email_category':	case 'default_link_category':	case 'close_comments_days_old':	case 'comments_per_page':	case 'thread_comments_depth':	case 'users_can_register':	case 'start_of_week':	case 'site_icon':	case 'fileupload_maxk':	$value = absint( $value );	break;	case 'posts_per_page':	case 'posts_per_rss':	$value = (int) $value;	if ( empty( $value ) ) {	$value = 1;	}	if ( $value < -1 ) {	$value = abs( $value );	}	break;	case 'default_ping_status':	case 'default_comment_status':	// Options that if not there have 0 value but need to be something like "closed".	if ( '0' === (string) $value || '' === $value ) {	$value = 'closed';	}	break;	case 'blogdescription':	case 'blogname':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( $value !== $original_value ) {	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', wp_encode_emoji( $original_value ) );	}	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	$value = esc_html( $value );	}	break;	case 'blog_charset':	if ( is_string( $value ) ) {	$value = preg_replace( '/[^a-zA-Z0-9_-]/', '', $value ); // Strips slashes.	} else {	$value = '';	}	break;	case 'blog_public':	// This is the value if the settings checkbox is not checked on POST. Don't rely on this.	if ( null === $value ) {	$value = 1;	} else {	$value = (int) $value;	}	break;	case 'date_format':	case 'time_format':	case 'mailserver_url':	case 'mailserver_login':	case 'mailserver_pass':	case 'upload_path':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	$value = strip_tags( $value );	$value = wp_kses_data( $value );	}	break;	case 'ping_sites':	$value = explode( "\n", $value );	$value = array_filter( array_map( 'trim', $value ) );	$value = array_filter( array_map( 'sanitize_url', $value ) );	$value = implode( "\n", $value );	break;	case 'gmt_offset':	if ( is_numeric( $value ) ) {	$value = preg_replace( '/[^0-9:.-]/', '', $value ); // Strips slashes.	} else {	$value = '';	}	break;	case 'siteurl':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {	$value = sanitize_url( $value );	} else {	$error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' );	}	}	break;	case 'home':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {	$value = sanitize_url( $value );	} else {	$error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );	}	}	break;	case 'WPLANG':	$allowed = get_available_languages();	if ( ! is_multisite() && defined( 'WPLANG' ) && '' !== WPLANG && 'en_US' !== WPLANG ) {	$allowed[] = WPLANG;	}	if ( ! in_array( $value, $allowed, true ) && ! empty( $value ) ) {	$value = get_option( $option );	}	break;	case 'illegal_names':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	if ( ! is_array( $value ) ) {	$value = explode( ' ', $value );	}	$value = array_values( array_filter( array_map( 'trim', $value ) ) );	if ( ! $value ) {	$value = '';	}	}	break;	case 'limited_email_domains':	case 'banned_email_domains':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	if ( ! is_array( $value ) ) {	$value = explode( "\n", $value );	}	$domains = array_values( array_filter( array_map( 'trim', $value ) ) );	$value = array();	foreach ( $domains as $domain ) {	if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) {	$value[] = $domain;	}	}	if ( ! $value ) {	$value = '';	}	}	break;	case 'timezone_string':	$allowed_zones = timezone_identifiers_list( DateTimeZone::ALL_WITH_BC );	if ( ! in_array( $value, $allowed_zones, true ) && ! empty( $value ) ) {	$error = __( 'The timezone you have entered is not valid. Please select a valid timezone.' );	}	break;	case 'permalink_structure':	case 'category_base':	case 'tag_base':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	$value = sanitize_url( $value );	$value = str_replace( 'http://', '', $value );	}	if ( 'permalink_structure' === $option && null === $error	&& '' !== $value && ! preg_match( '/%[^\/%]+%/', $value )	) {	$error = sprintf(	/* translators: %s: Documentation URL. */	__( 'A structure tag is required when using custom permalinks. <a href="%s">Learn more</a>' ),	__( 'https://wordpress.org/documentation/article/customize-permalinks/#choosing-your-permalink-structure' )	);	}	break;	case 'default_role':	if ( ! get_role( $value ) && get_role( 'subscriber' ) ) {	$value = 'subscriber';	}	break;	case 'moderation_keys':	case 'disallowed_keys':	$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );	if ( is_wp_error( $value ) ) {	$error = $value->get_error_message();	} else {	$value = explode( "\n", $value );	$value = array_filter( array_map( 'trim', $value ) );	$value = array_unique( $value );	$value = implode( "\n", $value );	}	break;	}	if ( null !== $error ) {	if ( '' === $error && is_wp_error( $value ) ) {	/* translators: 1: Option name, 2: Error code. */	$error = sprintf( __( 'Could not sanitize the %1$s option. Error code: %2$s' ), $option, $value->get_error_code() );	}	$value = get_option( $option );	if ( function_exists( 'add_settings_error' ) ) {	add_settings_error( $option, "invalid_{$option}", $error );	}	}	/** * Filters an option value following sanitization. * * @since 2.3.0 * @since 4.3.0 Added the `$original_value` parameter. * * @param mixed $value The sanitized option value. * @param string $option The option name. * @param mixed $original_value The original value passed to the function. */	return apply_filters( "sanitize_option_{$option}", $value, $option, $original_value ); } 

View all references View on Trac View on GitHub