wp_validate_redirect

函数
wp_validate_redirect ( $location, $default = '' )
参数
  • (string) $location The redirect to validate.
    Required:
  • (string) $default The value to return if $location is not allowed.
    Required:
    Default: (empty)
返回值
  • (string) redirect-sanitized URL.
定义位置
相关方法
wp_sanitize_redirectwp_safe_redirectwp_redirectwp_old_slug_redirectwp_validate_site_data
引入
2.8.1
弃用
-

wp_validate_redirect是一个WordPress的函数,用来验证一个作为重定向的URL: 这个函数是用来确保一个URL可以安全地用作重定向: 该函数将一个URL作为其输入,如果它是有效的,则返回该URL,如果它不是,则返回false。

验证用于重定向的URL。

检查$location是否使用允许的主机,如果它有一个绝对路径。因此,一个插件可以设置或删除允许的主机,或从列表中删除。

如果主机不被允许,那么重定向将提供给$default。

function wp_validate_redirect( $location, $default = '' ) {
		$location = wp_sanitize_redirect( trim( $location, " tnrx08x0B" ) );
		// Browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'.
		if ( '//' === substr( $location, 0, 2 ) ) {
			$location = 'http:' . $location;
		}

		// In PHP 5 parse_url() may fail if the URL query part contains 'http://'.
		// See https://bugs.php.net/bug.php?id=38143
		$cut  = strpos( $location, '?' );
		$test = $cut ? substr( $location, 0, $cut ) : $location;

		$lp = parse_url( $test );

		// Give up if malformed URL.
		if ( false === $lp ) {
			return $default;
		}

		// Allow only 'http' and 'https' schemes. No 'data:', etc.
		if ( isset( $lp['scheme'] ) && ! ( 'http' === $lp['scheme'] || 'https' === $lp['scheme'] ) ) {
			return $default;
		}

		if ( ! isset( $lp['host'] ) && ! empty( $lp['path'] ) && '/' !== $lp['path'][0] ) {
			$path = '';
			if ( ! empty( $_SERVER['REQUEST_URI'] ) ) {
				$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );
				$path = wp_normalize_path( $path );
			}
			$location = '/' . ltrim( $path . '/', '/' ) . $location;
		}

		// Reject if certain components are set but host is not.
		// This catches URLs like https:host.com for which parse_url() does not set the host field.
		if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) {
			return $default;
		}

		// Reject malformed components parse_url() can return on odd inputs.
		foreach ( array( 'user', 'pass', 'host' ) as $component ) {
			if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/?#@' ) ) {
				return $default;
			}
		}

		$wpp = parse_url( home_url() );

		/**
		 * Filters the list of allowed hosts to redirect to.
		 *
		 * @since 2.3.0
		 *
		 * @param string[] $hosts An array of allowed host names.
		 * @param string   $host  The host name of the redirect destination; empty string if not set.
		 */
		$allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array( $wpp['host'] ), isset( $lp['host'] ) ? $lp['host'] : '' );

		if ( isset( $lp['host'] ) && ( ! in_array( $lp['host'], $allowed_hosts, true ) && strtolower( $wpp['host'] ) !== $lp['host'] ) ) {
			$location = $default;
		}

		return $location;
	}
endif;

if ( ! function_exists( 'wp_notify_postauthor' ) ) :
	/**
	 * Notifies an author (and/or others) of a comment/trackback/pingback on a post.
	 *
	 * @since 1.0.0
	 *
	 * @param int|WP_Comment $comment_id Comment ID or WP_Comment object.
	 * @param string         $deprecated Not used.
	 * @return bool True on completion. False if no email addresses were specified.
	 */

常见问题

FAQs
查看更多 >