wp_safe_redirect( string $location, int $status = 302 )

Performs a safe (local) redirect, using wp_redirect().


Description

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places.


Parameters

$location

(string) (Required) The path to redirect to.

$status

(int) (Optional) Status code to use.

Default value: 302


Source

File: wp-includes/pluggable.php

function wp_safe_redirect($location, $status = 302) {

	// Need to look at the URL the way it will end up in wp_redirect()
	$location = wp_sanitize_redirect($location);

	/**
	 * Filters the redirect fallback URL for when the provided redirect is not safe (local).
	 *
	 * @since WP-4.3.0
	 *
	 * @param string $fallback_url The fallback URL to use by default.
	 * @param int    $status       The redirect status.
	 */
	$location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) );

	wp_redirect($location, $status);
}


Changelog

Changelog
Version Description
WP-2.3.0 Introduced.