wp_safe_redirect() – Performs a safe (local) redirect, using wp_redirect().

You appear to be a bot. Output may be restricted

Description

Performs a safe (local) redirect, using wp_redirect().

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list. If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places. Note: wp_safe_redirect() does not exit automatically, and should almost always be followed by a call to `exit;`:

  • wp_safe_redirect( $url );
  • exit;

Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional in conjunction with the wp_redirect and wp_redirect_location filters:

  • if ( wp_safe_redirect( $url ) ) {
  • exit;
  • }

Usage

$bool = wp_safe_redirect( $location, $status, $x_redirect_by );

Parameters

$location
( string ) required – The path or URL to redirect to.
$status
( int ) optional default: 302 – Optional. HTTP response status code to use. Default '302' (Moved Temporarily).
$x_redirect_by
( string ) optional default: WordPress – Optional. The application doing the redirect. Default 'WordPress'.

Returns

bool False if the redirect was cancelled, true otherwise.

Source

File name: wordpress/wp-includes/pluggable.php
Lines:

1 to 17 of 17
  function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {

    // Need to look at the URL the way it will end up in wp_redirect().
    $location = wp_sanitize_redirect( $location );

    
/**
 * Filters the redirect fallback URL for when the provided redirect is not safe (local).
 *
 * @since 4.3.0
 *
 * @param string $fallback_url The fallback URL to use by default.
 * @param int    $status       The HTTP response status code to use.
 */
    $location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) );

    return wp_redirect( $location, $status, $x_redirect_by );
  }
 

 View on GitHub View on Trac