wpseek.com
Eine auf WordPress spezialiserte Suchmaschine für Entwickler und Theme-Autoren
wp_sanitize_redirect › WordPress Function
Seit2.3.0
Veraltetn/v
› wp_sanitize_redirect ( $location )
Parameter: |
|
Gibt zurück: |
|
Definiert in: |
|
Codex: |
Sanitizes a URL for use in a redirect.
Ähnliche Funktionen: wp_safe_redirect, wp_validate_redirect, wp_redirect, sanitize_user_object, sanitize_meta
Quellcode
function wp_sanitize_redirect( $location ) { // Encode spaces. $location = str_replace( ' ', '%20', $location ); $regex = '/ ( (?: [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2} | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} ){1,40} # ...one or more times )/x'; $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location ); $location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location ); $location = wp_kses_no_null( $location ); // Remove %0D and %0A from location. $strip = array( '%0d', '%0a', '%0D', '%0A' ); return _deep_replace( $strip, $location ); } /** * URL encodes UTF-8 characters in a URL. * * @ignore * @since 4.2.0 * @access private * * @see wp_sanitize_redirect() * * @param array $matches RegEx matches against the redirect location. * @return string URL-encoded version of the first RegEx match. */ function _wp_sanitize_utf8_in_redirect( $matches ) { return urlencode( $matches[0] ); } endif; if ( ! function_exists( 'wp_safe_redirect' ) ) : /** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * Note: wp_safe_redirect() does not exit automatically, and should almost always be * followed by a call to `exit;`: * * wp_safe_redirect( $url ); * exit; * * Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_status'} filters: * * if ( wp_safe_redirect( $url ) ) { * exit; * } * * @since 2.3.0 * @since 5.1.0 The return value from wp_redirect() is now passed on, and the `$x_redirect_by` parameter was added. * * @param string $location The path or URL to redirect to. * @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily). * @param string|false $x_redirect_by Optional. The application doing the redirect or false to omit. Default 'WordPress'. * @return bool False if the redirect was canceled, true otherwise. */