wp_sanitize_redirect
函数
wp_sanitize_redirect ( $location )
- 参数
-
-
(string)
$location
The path to redirect to.- Required: 是
-
(string)
- 返回值
-
- (string) Redirect-sanitized URL.
- 定义位置
-
-
wp-includes/pluggable.php
, line 1434
-
wp-includes/pluggable.php
- 引入
- 2.3.0
- 弃用
- –
Sanitizes a URL for use in a redirect.
function wp_sanitize_redirect( $location ) { // Encode spaces. $location = str_replace( ' ', '%20', $location ); $regex = '/ ( (?: [xC2-xDF][x80-xBF] # double-byte sequences 110xxxxx 10xxxxxx | xE0[xA0-xBF][x80-xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [xE1-xEC][x80-xBF]{2} | xED[x80-x9F][x80-xBF] | [xEE-xEF][x80-xBF]{2} | xF0[x90-xBF][x80-xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [xF1-xF3][x80-xBF]{3} | xF4[x80-x8F][x80-xBF]{2} ){1,40} # ...one or more times )/x'; $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location ); $location = preg_replace( '|[^a-z0-9-~+_.?#=&;,/:%!*[]()@]|i', '', $location ); $location = wp_kses_no_null( $location ); // Remove %0D and %0A from location. $strip = array( '%0d', '%0a', '%0D', '%0A' ); return _deep_replace( $strip, $location ); } /** * URL encodes UTF-8 characters in a URL. * * @ignore * @since 4.2.0 * @access private * * @see wp_sanitize_redirect() * * @param array $matches RegEx matches against the redirect location. * @return string URL-encoded version of the first RegEx match. */ function _wp_sanitize_utf8_in_redirect( $matches ) { return urlencode( $matches[0] ); } endif; if ( ! function_exists( 'wp_safe_redirect' ) ) : /** * Performs a safe (local) redirect, using wp_redirect(). * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl * instead. This prevents malicious redirects which redirect to another host, * but only used in a few places. * * Note: wp_safe_redirect() does not exit automatically, and should almost always be * followed by a call to `exit;`: * * wp_safe_redirect( $url ); * exit; * * Exiting can also be selectively manipulated by using wp_safe_redirect() as a conditional * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_location'} filters: * * if ( wp_safe_redirect( $url ) ) { * exit; * } * * @since 2.3.0 * @since 5.1.0 The return value from wp_redirect() is now passed on, and the `$x_redirect_by` parameter was added. * * @param string $location The path or URL to redirect to. * @param int $status Optional. HTTP response status code to use. Default '302' (Moved Temporarily). * @param string $x_redirect_by Optional. The application doing the redirect. Default 'WordPress'. * @return bool False if the redirect was canceled, true otherwise. */
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。