Eine auf WordPress spezialiserte Suchmaschine für Entwickler und Theme-Autoren



wp_validate_redirect ›

Seit2.8.1
Veraltetn/v
wp_validate_redirect ( $location, $default = '' )
Parameter: (2)
  • (string) $location The redirect to validate
    Erforderlich: Ja
  • (string) $default The value to return if $location is not allowed
    Erforderlich: Nein
    Standard: (leer)
Gibt zurück:
  • (string) redirect-sanitized URL
Definiert in:
Codex:

Validates a URL for use in a redirect.

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

If the host is not allowed, then the redirect is to $default supplied



Quellcode

function wp_validate_redirect( $location, $default = '' ) {
		$location = trim( $location, " \t\n\r\0\x08\x0B" );
		// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
		if ( substr( $location, 0, 2 ) == '//' ) {
			$location = 'http:' . $location;
		}

		// In php 5 parse_url may fail if the URL query part contains http://, bug #38143
		$test = ( $cut = strpos( $location, '?' ) ) ? substr( $location, 0, $cut ) : $location;

		// @-operator is used to prevent possible warnings in PHP < 5.3.3.
		$lp = @parse_url( $test );

		// Give up if malformed URL
		if ( false === $lp ) {
			return $default;
		}

		// Allow only http and https schemes. No data:, etc.
		if ( isset( $lp['scheme'] ) && ! ( 'http' == $lp['scheme'] || 'https' == $lp['scheme'] ) ) {
			return $default;
		}

		// Reject if certain components are set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.
		if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
			return $default;
		}

		// Reject malformed components parse_url() can return on odd inputs.
		foreach ( array( 'user', 'pass', 'host' ) as $component ) {
			if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) {
				return $default;
			}
		}

		$wpp = parse_url( home_url() );

		/**
		 * Filters the whitelist of hosts to redirect to.
		 *
		 * @since 2.3.0
		 *
		 * @param array       $hosts An array of allowed hosts.
		 * @param bool|string $host  The parsed host; empty if not isset.
		 */
		$allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array( $wpp['host'] ), isset( $lp['host'] ) ? $lp['host'] : '' );

		if ( isset( $lp['host'] ) && ( ! in_array( $lp['host'], $allowed_hosts ) && $lp['host'] != strtolower( $wpp['host'] ) ) ) {
			$location = $default;
		}

		return $location;
	}
endif;

if ( ! function_exists( 'wp_notify_postauthor' ) ) :