wp_safe_redirect

Performs a safe (local) redirect, using wp_redirect().

Description

wp_safe_redirect( (string) $location, (int) $status = 302 ); 

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places.

Parameters (2)

0. $location (string)
The path to redirect to.
1. $status — Optional. (int) => 302
Status code to use.

Usage

  1. if ( !function_exists( 'wp_safe_redirect' ) ) { 
  2. require_once ABSPATH . WPINC . '/pluggable.php'; 
  3.  
  4. // The path to redirect to. 
  5. $location = ''; 
  6.  
  7. // Status code to use. 
  8. $status = 302; 
  9.  
  10. // NOTICE! Understand what this does before running. 
  11. $result = wp_safe_redirect($location, $status); 
  12.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/pluggable.php  
  1. function wp_safe_redirect($location, $status = 302) { 
  2.  
  3. // Need to look at the URL the way it will end up in wp_redirect() 
  4. $location = wp_sanitize_redirect($location); 
  5.  
  6. /** 
  7. * Filters the redirect fallback URL for when the provided redirect is not safe (local). 
  8. * @since 4.3.0 
  9. * @param string $fallback_url The fallback URL to use by default. 
  10. * @param int $status The redirect status. 
  11. */ 
  12. $location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) ); 
  13.  
  14. wp_redirect($location, $status);