wp_validate_redirect

Definition:
function wp_validate_redirect($location, $default = '') {}

Validates a URL for use in a redirect.
Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

Parameters

  • string $location: The redirect to validate
  • string $default: The value to return is $location is not allowed

Return values

returns:redirect-sanitized URL

Defined filters

  • allowed_redirect_hosts
    apply_filters('allowed_redirect_hosts', array($wpp['host'])

Source code

function wp_validate_redirect($location, $default = '') {

	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'

	if ( substr($location, 0, 2) == '//' )

		$location = 'http:' . $location;



	// In php 5 parse_url may fail if the URL query part contains http://, bug #38143

	$test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location;



	$lp  = parse_url($test);



	// Give up if malformed URL

	if ( false === $lp )

		return $default;



	// Allow only http and https schemes. No data:, etc.

	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )

		return $default;



	// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.

	if ( isset($lp['scheme'])  && !isset($lp['host']) )

		return $default;



	$wpp = parse_url(home_url());



	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');



	if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )

		$location = $default;



	return $location;

}

4257

Advertisements

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: