CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
wp_validate_redirect example
/**
* Filters the redirect fallback URL for when the provided redirect is not safe (local).
*
* @since 4.3.0
*
* @param string $fallback_url The fallback URL to use by default.
* @param int $status The HTTP response status code to use.
*/
$fallback_url = apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status );
$location = wp_validate_redirect( $location, $fallback_url );
return wp_redirect( $location, $status, $x_redirect_by );
}
endif;
if ( ! function_exists( 'wp_validate_redirect' ) ) :
/** * Validates a URL for use in a redirect. * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect is to $fallback_url supplied. * * @since 2.8.1 * * @param string $location The redirect to validate. * @param string $fallback_url The value to return if $location is not allowed. * @return string Redirect-sanitized URL. */
$fallback_url = apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status );
$location = wp_validate_redirect( $location, $fallback_url );
return wp_redirect( $location, $status, $x_redirect_by );
}
endif;
if ( ! function_exists( 'wp_validate_redirect' ) ) :
/** * Validates a URL for use in a redirect. * * Checks whether the $location is using an allowed host, if it has an absolute * path. A plugin can therefore set or remove allowed host(s) to or from the * list. * * If the host is not allowed, then the redirect is to $fallback_url supplied. * * @since 2.8.1 * * @param string $location The redirect to validate. * @param string $fallback_url The value to return if $location is not allowed. * @return string Redirect-sanitized URL. */
<div class="notice notice-info"><p><strong><?php _e( 'Important:' ); ?></strong> <?php _e( 'This user has super admin privileges.' ); ?></p></div>
<?php endif; ?>
<?php if ( isset( $_GET['updated'] ) ) : ?>
<div id="message" class="updated notice is-dismissible">
<?php if ( IS_PROFILE_PAGE ) : ?>
<p><strong><?php _e( 'Profile updated.' ); ?></strong></p>
<?php else : ?>
<p><strong><?php _e( 'User updated.' ); ?></strong></p>
<?php endif; ?>
<?php if ( $wp_http_referer && ! str_contains( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) : ?>
<p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e( '← Go to Users' ); ?></a></p>
<?php endif; ?>
</div>
<?php endif; ?>
<?php if ( isset( $_GET['error'] ) ) : ?>
<div class="notice notice-error">
<?php if ( 'new-email' === $_GET['error'] ) : ?>
<p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
<?php endif; ?>
</div>
<?php endif; ?>
function wp_get_referer() {
// Return early if called before wp_validate_redirect() is defined. if ( ! function_exists( 'wp_validate_redirect' ) ) {
return false;
}
$ref = wp_get_raw_referer();
if ( $ref && wp_unslash( $_SERVER['REQUEST_URI'] ) !== $ref
&& home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) !== $ref
) {
return wp_validate_redirect( $ref, false );
}
return false;
}
/** * Retrieves unvalidated referer from the '_wp_http_referer' URL query variable or the HTTP referer. * * If the value of the '_wp_http_referer' URL query variable is not a string then it will be ignored. * * Do not use for redirects, use wp_get_referer() instead. * * @since 4.5.0 * * @return string|false Referer URL on success, false on failure. */
// Return early if called before wp_validate_redirect() is defined. if ( ! function_exists( 'wp_validate_redirect' ) ) {
return false;
}
$ref = wp_get_raw_referer();
if ( $ref && wp_unslash( $_SERVER['REQUEST_URI'] ) !== $ref
&& home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) !== $ref
) {
return wp_validate_redirect( $ref, false );
}
return false;
}
/** * Retrieves unvalidated referer from the '_wp_http_referer' URL query variable or the HTTP referer. * * If the value of the '_wp_http_referer' URL query variable is not a string then it will be ignored. * * Do not use for redirects, use wp_get_referer() instead. * * @since 4.5.0 * * @return string|false Referer URL on success, false on failure. */
<h1><?php _e( 'Database Update Required' ); ?></h1>
<p><?php _e( 'WordPress has been updated! Next and final step is to update your database to the newest version.' ); ?></p>
<p><?php _e( 'The database update process may take a little while, so please be patient.' ); ?></p>
<p class="step"><a class="button button-large button-primary" href="upgrade.php?step=1&backto=<?php echo $goback; ?>"><?php _e( 'Update WordPress Database' ); ?></a></p>
<?php
break;
case 1:
wp_upgrade();
$backto = ! empty( $_GET['backto'] ) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
$backto = esc_url( $backto );
$backto = wp_validate_redirect( $backto, __get_option( 'home' ) . '/' );
?> <h1><?php _e( 'Update Complete' ); ?></h1> <p><?php _e( 'Your WordPress database has been successfully updated!' ); ?></p> <p class="step"><a class="button button-large" href="<?php echo $backto; ?>"><?php _e( 'Continue' ); ?></a></p> <?php break;
endswitch;
endif;
?> </body> </html>
case 1:
wp_upgrade();
$backto = ! empty( $_GET['backto'] ) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
$backto = esc_url( $backto );
$backto = wp_validate_redirect( $backto, __get_option( 'home' ) . '/' );
?> <h1><?php _e( 'Update Complete' ); ?></h1> <p><?php _e( 'Your WordPress database has been successfully updated!' ); ?></p> <p class="step"><a class="button button-large" href="<?php echo $backto; ?>"><?php _e( 'Continue' ); ?></a></p> <?php break;
endswitch;
endif;
?> </body> </html>
function allowed_http_request_hosts( $is_external, $host ) {
if ( ! $is_external && wp_validate_redirect( 'http://' . $host ) ) {
$is_external = true;
}
return $is_external;
}
/** * Adds any domain in a multisite installation for safe HTTP requests to the * allowed list. * * Attached to the {@see 'http_request_host_is_external'} filter. * * @since 3.6.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param bool $is_external * @param string $host * @return bool */
<?php echo $tax->labels->edit_item; ?></h1>
<?php
$class = ( isset( $msg ) && 5 === $msg ) ? 'error' : 'success';
if ( $message ) {
?> <div id="message" class="notice notice-<?php echo $class; ?>"> <p><strong><?php echo $message; ?></strong></p> <?php if ( $wp_http_referer ) { ?> <p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>"> <?php echo esc_html( $tax->labels->back_to_items ); ?> </a></p> <?php } ?> </div> <?php }
?> <div id="ajax-response"></div> <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate"
if ( $message ) {
?> <div id="message" class="notice notice-<?php echo $class; ?>"> <p><strong><?php echo $message; ?></strong></p> <?php if ( $wp_http_referer ) { ?> <p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>"> <?php echo esc_html( $tax->labels->back_to_items ); ?> </a></p> <?php } ?> </div> <?php }
?> <div id="ajax-response"></div> <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate"
/**
* Sets the initial URL to be previewed.
*
* URL is validated.
*
* @since 4.4.0
*
* @param string $preview_url URL to be previewed.
*/
public function set_preview_url( $preview_url ) {
$preview_url = sanitize_url( $preview_url );
$this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) );
}
/** * Gets the initial URL to be previewed. * * @since 4.4.0 * * @return string URL being previewed. */
public function get_preview_url() {
if ( empty( $this->preview_url ) ) {
public function set_preview_url( $preview_url ) {
$preview_url = sanitize_url( $preview_url );
$this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) );
}
/** * Gets the initial URL to be previewed. * * @since 4.4.0 * * @return string URL being previewed. */
public function get_preview_url() {
if ( empty( $this->preview_url ) ) {