A WordPress-centric search engine for devs and theme authors



wp_safe_redirect ›

Since2.3.0
Deprecatedn/a
wp_safe_redirect ( $location, $status = 302, $x_redirect_by = 'WordPress' )
Parameters: (3)
  • (string) $location The path or URL to redirect to.
    Required: Yes
  • (int) $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily).
    Required: No
    Default: 302
  • (string) $x_redirect_by Optional. The application doing the redirect. Default 'WordPress'.
    Required: No
    Default: 'WordPress'
Returns:
  • (bool) False if the redirect was cancelled, true otherwise.
Defined at:
Codex:
Change Log:
  • 5.1.0

Performs a safe (local) redirect, using wp_redirect().

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list. If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places. Note: wp_safe_redirect() does not exit automatically, and should almost always be followed by a call to exit;: wp_safe_redirect( $url ); exit; Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional in conjunction with the Array and Array filters: if ( wp_safe_redirect( $url ) ) { exit; }


Source

function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {

		// Need to look at the URL the way it will end up in wp_redirect().
		$location = wp_sanitize_redirect( $location );

		/**
		 * Filters the redirect fallback URL for when the provided redirect is not safe (local).
		 *
		 * @since 4.3.0
		 *
		 * @param string $fallback_url The fallback URL to use by default.
		 * @param int    $status       The HTTP response status code to use.
		 */
		$location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) );

		return wp_redirect( $location, $status, $x_redirect_by );
	}
endif;

if ( ! function_exists( 'wp_validate_redirect' ) ) :
	/**
	 * Validates a URL for use in a redirect.
	 *
	 * Checks whether the $location is using an allowed host, if it has an absolute
	 * path. A plugin can therefore set or remove allowed host(s) to or from the
	 * list.
	 *
	 * If the host is not allowed, then the redirect is to $default supplied
	 *
	 * @since 2.8.1
	 *
	 * @param string $location The redirect to validate
	 * @param string $default  The value to return if $location is not allowed
	 * @return string redirect-sanitized URL
	 */