February 12, 2011 
Definition:
function wp_validate_redirect($location, $default = '') {}
Validates a URL for use in a redirect.
Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.
Parameters
- string $location: The redirect to validate
- string $default: The value to return is $location is not allowed
Return values
returns:redirect-sanitized URL
Defined filters
- allowed_redirect_hosts
apply_filters('allowed_redirect_hosts', array($wpp['host'])
Source code
function wp_validate_redirect($location, $default = '') {
// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
if ( substr($location, 0, 2) == '//' )
$location = 'http:' . $location;
// In php 5 parse_url may fail if the URL query part contains http://, bug #38143
$test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location;
$lp = parse_url($test);
// Give up if malformed URL
if ( false === $lp )
return $default;
// Allow only http and https schemes. No data:, etc.
if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )
return $default;
// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
if ( isset($lp['scheme']) && !isset($lp['host']) )
return $default;
$wpp = parse_url(home_url());
$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
$location = $default;
return $location;
}
4257
A HitchHackers guide through WordPress 
No comments yet... Be the first to leave a reply!