wp_safe_redirect( string $location, int $status = 302, string $x_redirect_by = 'WordPress' ): bool
Performs a safe (local) redirect, using wp_redirect() .
Description
Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.
If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places.
Note: wp_safe_redirect() does not exit automatically, and should almost always be followed by a call to exit;:
wp_safe_redirect( $url );
exit;Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional
in conjunction with the ‘wp_redirect’ and ‘wp_redirect_location’ filters:
if ( wp_safe_redirect( $url ) ) {
exit;
}Parameters
$locationstring Required-
The path or URL to redirect to.
$statusint Optional-
HTTP response status code to use. Default
'302'(Moved Temporarily).Default:
302 $x_redirect_bystring Optional-
The application doing the redirect. Default
'WordPress'.Default:
'WordPress'
Return
bool False if the redirect was cancelled, true otherwise.
Source
File: wp-includes/pluggable.php. View all references
function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {
// Need to look at the URL the way it will end up in wp_redirect().
$location = wp_sanitize_redirect( $location );
/**
* Filters the redirect fallback URL for when the provided redirect is not safe (local).
*
* @since 4.3.0
*
* @param string $fallback_url The fallback URL to use by default.
* @param int $status The HTTP response status code to use.
*/
$location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) );
return wp_redirect( $location, $status, $x_redirect_by );
}
Hooks
- apply_filters( 'wp_safe_redirect_fallback',
string $fallback_url ,int $status ) -
Filters the redirect fallback URL for when the provided redirect is not safe (local).
Related
Uses
| Uses | Description |
|---|---|
| wp_sanitize_redirect() wp-includes/pluggable.php | Sanitizes a URL for use in a redirect. |
| wp_validate_redirect() wp-includes/pluggable.php | Validates a URL for use in a redirect. |
| wp_redirect() wp-includes/pluggable.php | Redirects to another page. |
| admin_url() wp-includes/link-template.php | Retrieves the URL to the admin area for the current site. |
| apply_filters() wp-includes/plugin.php | Calls the callback functions that have been added to a filter hook. |
Used By
| Used By | Description |
|---|---|
| WP_Sitemaps::redirect_sitemapxml() wp-includes/sitemaps/class-wp-sitemaps.php | Redirects a URL to the wp-sitemap.xml |
| WP_Recovery_Mode::redirect_protected() wp-includes/class-wp-recovery-mode.php | Redirects the current request to allow recovering multiple errors in one go. |
| WP_Recovery_Mode::handle_exit_recovery_mode() wp-includes/class-wp-recovery-mode.php | Handles a request to exit Recovery Mode. |
| set_screen_options() wp-admin/includes/misc.php | Saves option for number of rows when listing posts, pages, comments, etc. |
| Custom_Background::take_action() wp-admin/includes/class-custom-background.php | Executes custom background modification. |
Changelog
| Version | Description |
|---|---|
| 5.1.0 | The return value from wp_redirect() is now passed on, and the $x_redirect_by parameter was added. |
| 2.3.0 | Introduced. |
© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_safe_redirect