[英]How to sanitize user password information in WordPress?
I'm capturing username, email and password in a custom registration form on my WordPress site.我正在我的 WordPress 网站上的自定义注册表单中获取用户名、电子邮件和密码。 I'm sanitising the username using
sanitize_user()
and sanitize_email()
sanitises the email address.我正在使用
sanitize_user()
sanitize_email()
用户名, sanitize_user()
sanitize_email()
电子邮件地址。
For example:例如:
$username = sanitize_user( $username );
$email = sanitize_email( $email );
How should I sanitise the password entered by the user?我应该如何清理用户输入的密码? All I can think of is
sanitize_text_field( $pass )
but I'm sure that isn't the right way to do it.我能想到的只是
sanitize_text_field( $pass )
但我确定这不是正确的方法。
Ref:参考:
Sanitizing won't necessarily protect you from injection.消毒不一定能保护您免受注射。 To protect against that you need to use prepared statements - or in the case of WordPress, use the $wpdb class .
为了防止这种情况,您需要使用准备好的语句 - 或者在 WordPress 的情况下,使用$wpdb 类。
Sanitization simply strips invalid characters, in the cases you've given above, it removes characters not allowed in usernames, or are not allowed in a valid email address.清理只是去除无效字符,在您上面给出的情况下,它会删除用户名中不允许的字符,或有效电子邮件地址中不允许的字符。 Passwords allow lots of different character types because that's what makes them 'strong' so you don't want to strip them out.
密码允许使用许多不同的字符类型,因为这就是它们“强大”的原因,因此您不想将它们删除。
If you're using wp_insert_user()
to create a WP User, then you don't need to sanitize any of it anyway, the function will take care of it all for you.如果您使用
wp_insert_user()
创建一个 WP 用户,那么您无论如何都不需要对其进行清理,该函数将为您处理所有这些。
As mentioned you can use the sanitize_text_field()
function.如前所述,您可以使用
sanitize_text_field()
函数。 It may cause some issues on some crazy passwords with special characters etc.它可能会导致一些带有特殊字符等的疯狂密码出现问题。
But it should be okay.不过应该没问题。
wp_insert_user()
state of sanitization and filters as off (2021) WordPress 5.7
wp_insert_user()
消毒状态和过滤器关闭 (2021) WordPress 5.7
wp_insert_user()
and user_pass
by default: wp_insert_user()
和user_pass
默认:
user_pass
via wp_hash_password()
.wp_hash_password()
散列user_pass
。Should NOT be sanitized.
不应消毒。
wp_insert_user()
and user_login
by default: wp_insert_user()
和user_login
默认:
user_login
via sanitize_user()
.sanitize_user()
清理user_login
。user_login
via empty()
.empty()
过滤user_login
。user_login
via mb_strlen
.mb_strlen
过滤user_login
。 (60 characters maximum). user_login
via username_exists()
to users.username_exists()
将user_login
与用户进行比较。user_login
via illegal_user_logins
to illegal user logins.user_login
通过illegal_user_logins
非法用户登录。 wp_insert_user()
and user_nicename
by default: wp_insert_user()
和user_nicename
默认情况下:
user_nicename
via sanitize_user()
.sanitize_user()
清理user_nicename
。user_nicename
via mb_strlen
.user_nicename
通过mb_strlen
。 (50 characters maximum). user_nicename
via sanitize_title()
.sanitize_title()
清理user_nicename
。 wp_insert_user()
and user_email
by default: wp_insert_user()
和user_email
默认情况下:
user_email
via empty()
.empty()
过滤user_email
。user_email
via strcasecmp
to old.strcasecmp
将user_email
与旧的进行比较。user_email
via email_exists()
to old.user_email
通过email_exists()
到老。 wp_insert_user()
and user_url
, display_name
, nickname
, first_name
, last_name
, last_name
, description
, by default: wp_insert_user()
和user_url
, display_name
, nickname
, first_name
, last_name
, last_name
, description
,默认情况下:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.