wp_sanitize_redirect()
Sanitizes a URL for use in a redirect.
Pluggable function — this function can be replaced from a plugin. It means that this function is defined (works) only after all plugins are loaded (included), but before this moment this function has not defined. Therefore, you cannot call this and all functions depended on this function directly from a plugin code. They need to be called on plugins_loaded hook or later, for example on init hook.
Function replacement (override) — in must-use or regular plugin you can create a function with the same name, then it will replace this function.
Uses: wp_kses_no_null()
Used By: wp_safe_redirect()
1 time — 0.000309 sec (fast) | 50000 times — 0.20 sec (very fast) | PHP 7.1.5, WP 4.8.2
No Hooks.
Return
String
. Redirect-sanitized URL.
Usage
wp_sanitize_redirect( $location );
- $location(string) (required)
- The path to redirect to.
Examples
#1 Example of cleaning a malicious URL
$url = 'http://test.example.com/redirect.php?page=%0d%0aContent-Type: text/html%0d%0aHTTP/1.1 200 OK%0d%0aContent-Type: text/html%0d%0aContent- Length:%206%0d%0a%0d%0a%3Chtml%3EHACKED%3C/html%3E.'; echo wp_sanitize_redirect( $url ); //> http://test.example.com/~arpit/redirect.php?page=Content-Type:text/htmlHTTP/1.1200OKContent-Type:text/htmlContent-Length:%206%3Chtml%3EHACKED%3C/html%3E.
#2 Note - the function removes spaces
$url = '/inventory/certified new used/'; echo wp_sanitize_redirect( $url ); // /inventory/certifiednewused/
Changelog
Since 2.3.0 | Introduced. |