wp_safe_redirect

Performs a safe (local) redirect, using wp_redirect().

Description

wp_safe_redirect( (string) $location, (int) $status = 302 ); 

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places.

Parameters (2)

0. $location (string)
The path to redirect to.
1. $status — Optional. (int) => 302
Status code to use.

Usage

  1. if ( !function_exists( 'wp_safe_redirect' ) ) { 
  2.     require_once ABSPATH . WPINC . '/pluggable.php'; 
  4.   
  5. // The path to redirect to. 
  6. $location = ''; 
  7.   
  8. // Status code to use. 
  9. $status = 302; 
  10.   
  11. // NOTICE! Understand what this does before running. 
  12. $result = wp_safe_redirect($location, $status); 
  13.     

Defined (1)

The function is defined in the following location(s).

/wp-includes/pluggable.php  
  1. function wp_safe_redirect($location, $status = 302) { 
  2.  
  3.     // Need to look at the URL the way it will end up in wp_redirect() 
  4.     $location = wp_sanitize_redirect($location); 
  5.  
  6.     /** 
  7.      * Filters the redirect fallback URL for when the provided redirect is not safe (local). 
  9.      * @since 4.3.0 
  11.      * @param string $fallback_url The fallback URL to use by default. 
  12.      * @param int    $status       The redirect status. 
  13.      */ 
  14.     $location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) ); 
  15.  
  16.     wp_redirect($location, $status);