carlmaundu

I want to validate the user profile input <firstname & lastname> so that I can sanitize what the user saves as their firstname and lastname in their profiles to avoid saving them with phishing links, and then use WHMCS to spam user invite emails. I have tried to use the ClientDetailsValidation hook but it is triggered when the client details are updated in the Client Area or Admin Area. The changes in the profile details are not validated using this hook. This is the sample code for ClientDetailsValidation. <?php add_hook('ClientDetailsValidation', 1, function($vars) { $input = $vars['firstname'] . ' ' . $vars['lastname'] . ' ' . $vars['companyname']; // pattern of phishing links or any other malicious content $pattern = '/(http|https):\/\/[^\s]*/i'; if (preg_match($pattern, $input)) { // If the input contains a URL, return an error message return array('The first name, last name, and company name cannot contain URLs.'); } }); The other closest available option, is to use UserEdit hook, but it triggers after the user details have been edited, which might be too late for preventing harmful data from being saved. This is the sample code for UserEdit hook. <?php add_hook('UserEdit', 1, function($vars) { $input = $vars['firstname'] . ' ' . $vars['lastname'] . ' ' . $vars['email']; $pattern = '/(http|https):\/\/[^\s]*/i'; if (preg_match($pattern, $input)) { logActivity('The first name, last name, and email cannot contain URLs.', $vars['user_id']); } }); The logActivity function can be used to log the error in activity log, which can be viewed in the Admin Area. However, it won't prevent the changes from being saved or notify the user of the error. I am reaching out to this community in the hope that someone might have encountered a similar challenge or have insights into how I can validate user profile details before they are saved. Any suggestions, advice, or shared experiences would be greatly appreciated.