Question

Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

_sanitize_text_fields( string $str,  bool $keep_newlines = false )

Internal helper function to sanitize a string from user input or from the db

---

description

---

参数

$str

(string) (Required) String to sanitize.

$keep_newlines

(bool) (Optional) Whether to keep newlines. Default: false.

Default value: false

---

返回值

(string) Sanitized string.

---

源代码

File: wp-includes/formatting.php

function _sanitize_text_fields( $str, $keep_newlines = false ) {
	$filtered = wp_check_invalid_utf8( $str );

	if ( strpos($filtered, '<') !== false ) {
		$filtered = wp_pre_kses_less_than( $filtered );
		// This will strip extra whitespace for us.
		$filtered = wp_strip_all_tags( $filtered, false );

		// Use html entities in a special case to make sure no later
		// newline stripping stage could lead to a functional tag
		$filtered = str_replace("<\n", "&lt;\n", $filtered);
	}

	if ( ! $keep_newlines ) {
		$filtered = preg_replace( '/[\r\n\t ]+/', ' ', $filtered );
	}
	$filtered = trim( $filtered );

	$found = false;
	while ( preg_match('/%[a-f0-9]{2}/i', $filtered, $match) ) {
		$filtered = str_replace($match[0], '', $filtered);
		$found = true;
	}

	if ( $found ) {
		// Strip out the whitespace that may now exist after removing the octets.
		$filtered = trim( preg_replace('/ +/', ' ', $filtered) );
	}

	return $filtered;
}

---

更新日志

Version	description
4.7.0	Introduced.

---

相关函数

Uses

• wp-includes/formatting.php: wp_strip_all_tags()
• wp-includes/formatting.php: wp_pre_kses_less_than()
• wp-includes/formatting.php: wp_check_invalid_utf8()

---

Used By

• wp-includes/formatting.php: sanitize_textarea_field()
• wp-includes/formatting.php: sanitize_text_field()

---

User Contributed Notes