Get WordPress

Make WordPress Core

Opened 9 months ago

Closed 9 months ago

#59961 closed enhancement (duplicate)

Replace `sanitize_text_field` with `sanitize_email`

Reported by: hellosatya's profile hellosatya Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Users Keywords:
Focuses: Cc:

Description

Patch - https://github.com/WordPress/wordpress-develop/compare/trunk...askhellosatya:wordpress-develop:patch-1

The current code segment, last updated 9 years ago by @boone, utilizes sanitize_text_field to handle email input:

if ( isset( $_POST['email'] ) ) {
    $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) );
}

For enhanced security and precision, it's recommended to update it as follows, utilizing sanitize_email specifically for email inputs:

if ( isset( $_POST['email'] ) ) {
    $user->user_email = sanitize_email( wp_unslash( $_POST['email'] ) );
}

This change ensures the proper sanitization of the email input, promoting better code practices and improved data handling.

Change History (2)

#1 @hellosatya
9 months ago

  • Summary changed from Enhancement Suggestion for Code Improvement - Patch is attached. to Replace `sanitize_text_field` with `sanitize_email`

#2 @sabernhardt
9 months ago

  • Focuses coding-standards php-compatibility removed
  • Keywords needs-refresh has-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version trunk deleted

Hi and welcome to WordPress Core Trac!

The sanitize_email() function is already a part of the patch on #45714, so I'll close as a duplicate. If you would like to add anything to the conversation, please comment there.

Note: See TracTickets for help on using tickets.