bb_safe_redirect

Performs a safe (local) redirect, using wp_redirect().

Description

bb_safe_redirect( $location, (int) $status = 302 ); 

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

If the host is not allowed, then the redirect is to the site url instead. This prevents malicious redirects which redirect to another host, but only used in a few places.

Parameters (2)

0. $location
The location.
1. $status — Optional. (int) => 302
The status.

Usage

  1. if ( !function_exists( 'bb_safe_redirect' ) ) { 
  2. require_once ABSPATH . PLUGINDIR . 'buddypress/bp-forums/bbpress/bb-includes/functions.bb-pluggable.php'; 
  3.  
  4. // The location. 
  5. $location = null; 
  6.  
  7. // The status. 
  8. $status = 302; 
  9.  
  10. // NOTICE! Understand what this does before running. 
  11. $result = bb_safe_redirect($location, $status); 
  12.  

Defined (1)

The function is defined in the following location(s).

/bp-forums/bbpress/bb-includes/functions.bb-pluggable.php  
  1. function bb_safe_redirect( $location, $status = 302 ) { 
  2.  
  3. // Need to look at the URL the way it will end up in wp_redirect() 
  4. $location = wp_sanitize_redirect($location); 
  5.  
  6. // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//' 
  7. if ( substr($location, 0, 2) == '//' ) 
  8. $location = 'http:' . $location; 
  9.  
  10. // In php 5 parse_url may fail if the URL query part contains http://, bug #38143 
  11. $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location; 
  12.  
  13. $lp = parse_url($test); 
  14. $bp = parse_url(bb_get_uri()); 
  15.  
  16. $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($bp['host']), isset($lp['host']) ? $lp['host'] : ''); 
  17.  
  18. if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($bp['host'])) ) 
  19. $location = bb_get_uri(null, null, BB_URI_CONTEXT_HEADER); 
  20.  
  21. return wp_redirect($location, $status);