wp_safe_redirect() WordPress Function

The wp_safe_redirect() function is a safe way to redirect a user to a URL. It does this by checking the URL for valid characters and then making sure that it is not a malicious URL. This function is particularly useful when redirecting a user after a successful form submission.

wp_safe_redirect( string $location, int $status = 302, string $x_redirect_by = 'WordPress' ) #

Performs a safe (local) redirect, using wp_redirect().

Contents

Description

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

If the host is not allowed, then the redirect defaults to wp-admin on the siteurl instead. This prevents malicious redirects which redirect to another host, but only used in a few places.

Note: wp_safe_redirect() does not exit automatically, and should almost always be followed by a call to exit;:

wp_safe_redirect( $url );
exit;

Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional
in conjunction with the ‘wp_redirect’ and ‘wp_redirect_location’ filters:

if ( wp_safe_redirect( $url ) ) {
    exit;
}

Top ↑

Parameters

$location

(string)(Required)The path or URL to redirect to.

$status

(int)(Optional) HTTP response status code to use. Default '302' (Moved Temporarily).

Default value: 302

$x_redirect_by

(string)(Optional) The application doing the redirect.

Default value: 'WordPress'

Top ↑

Return

(bool) False if the redirect was cancelled, true otherwise.

Top ↑

Source

File: wp-includes/pluggable.php

	function wp_safe_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {

		// Need to look at the URL the way it will end up in wp_redirect().
		$location = wp_sanitize_redirect( $location );

		/**
		 * Filters the redirect fallback URL for when the provided redirect is not safe (local).
		 *
		 * @since 4.3.0
		 *
		 * @param string $fallback_url The fallback URL to use by default.
		 * @param int    $status       The HTTP response status code to use.
		 */
		$location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) );

		return wp_redirect( $location, $status, $x_redirect_by );
	}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/pluggable.php:wp_safe_redirect_fallback

Filters the redirect fallback URL for when the provided redirect is not safe (local).

wp-includes/pluggable.php:wp_sanitize_redirect()

Sanitizes a URL for use in a redirect.

wp-includes/pluggable.php:wp_validate_redirect()

Validates a URL for use in a redirect.

wp-includes/pluggable.php:wp_redirect()

Redirects to another page.

wp-includes/link-template.php:admin_url()

Retrieves the URL to the admin area for the current site.

wp-includes/plugin.php:apply_filters()

Calls the callback functions that have been added to a filter hook.

Show 1 more useHide more uses

Top ↑

Used By

Used By
Used ByDescription
wp-includes/sitemaps/class-wp-sitemaps.php:WP_Sitemaps::redirect_sitemapxml()

Redirects a URL to the wp-sitemap.xml

wp-includes/class-wp-recovery-mode.php:WP_Recovery_Mode::redirect_protected()

Redirects the current request to allow recovering multiple errors in one go.

wp-includes/class-wp-recovery-mode.php:WP_Recovery_Mode::handle_exit_recovery_mode()

Handles a request to exit Recovery Mode.

wp-admin/includes/misc.php:set_screen_options()

Saves option for number of rows when listing posts, pages, comments, etc.

wp-admin/includes/class-custom-background.php:Custom_Background::take_action()

Execute custom background modification.

Top ↑

Changelog

Changelog
VersionDescription
5.1.0The return value from wp_redirect() is now passed on, and the $x_redirect_by parameter was added.
2.3.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.

Show More