wp_sanitize_redirect( string $location ): string
Sanitizes a URL for use in a redirect.
Parameters
$locationstring Required-
The path to redirect to.
Return
string Redirect-sanitized URL.
Source
File: wp-includes/pluggable.php. View all references
function wp_sanitize_redirect( $location ) {
// Encode spaces.
$location = str_replace( ' ', '%20', $location );
$regex = '/
(
(?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx
| \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2
| [\xE1-\xEC][\x80-\xBF]{2}
| \xED[\x80-\x9F][\x80-\xBF]
| [\xEE-\xEF][\x80-\xBF]{2}
| \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3
| [\xF1-\xF3][\x80-\xBF]{3}
| \xF4[\x80-\x8F][\x80-\xBF]{2}
){1,40} # ...one or more times
)/x';
$location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
$location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location );
$location = wp_kses_no_null( $location );
// Remove %0D and %0A from location.
$strip = array( '%0d', '%0a', '%0D', '%0A' );
return _deep_replace( $strip, $location );
}
Related
Uses
| Uses | Description |
|---|---|
| _deep_replace() wp-includes/formatting.php | Performs a deep string replace operation to ensure the values in $search are no longer present. |
| wp_kses_no_null() wp-includes/kses.php | Removes any invalid control characters in a text string. |
Used By
| Used By | Description |
|---|---|
| wp_redirect() wp-includes/pluggable.php | Redirects to another page. |
| wp_safe_redirect() wp-includes/pluggable.php | Performs a safe (local) redirect, using wp_redirect() . |
| wp_validate_redirect() wp-includes/pluggable.php | Validates a URL for use in a redirect. |
Changelog
| Version | Description |
|---|---|
| 2.3.0 | Introduced. |
© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_sanitize_redirect