wp_safe_redirect( string $location, int $status = 302, string $x_redirect_by = 'WordPress' )
Performs a safe (local) redirect, using wp_redirect().
Description Description
Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.
If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places.
Note: wp_safe_redirect() does not exit automatically, and should almost always be followed by a call to exit;
:
wp_safe_redirect( $url );
exit;
Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional
in conjunction with the ‘wp_redirect’ and ‘wp_redirect_location’ filters:
if ( wp_safe_redirect( $url ) ) {
exit;
}
Parameters Parameters
- $location
-
(string) (Required) The path or URL to redirect to.
- $status
-
(int) (Optional) HTTP response status code to use. Default '302' (Moved Temporarily).
Default value: 302
- $x_redirect_by
-
(string) (Optional) The application doing the redirect.
Default value: 'WordPress'
Return Return
(bool) $redirect False if the redirect was cancelled, true otherwise.
Source Source
File: wp-includes/pluggable.php
function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) { // Need to look at the URL the way it will end up in wp_redirect() $location = wp_sanitize_redirect( $location ); /** * Filters the redirect fallback URL for when the provided redirect is not safe (local). * * @since 4.3.0 * * @param string $fallback_url The fallback URL to use by default. * @param int $status The HTTP response status code to use. */ $location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) ); return wp_redirect( $location, $status, $x_redirect_by ); }
Expand full source code Collapse full source code View on Trac
Changelog Changelog
Version | Description |
---|---|
5.1.0 | The return value from wp_redirect() is now passed on, and the $x_redirect_by parameter was added. |
2.3.0 | Introduced. |