[wp-trac] [WordPress Trac] #44317: wp_safe_redirect() and wp_redirect() shouldn't allow non-3xx status codes
WordPress Trac
noreply at wordpress.org
Wed Jun 6 16:41:44 UTC 2018
#44317: wp_safe_redirect() and wp_redirect() shouldn't allow non-3xx status codes
-------------------------+-----------------------------
Reporter: johnbillion | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
-------------------------+-----------------------------
It might not be immediately obvious that the below code has a serious bug
in it:
{{{
wp_safe_redirect( $url, 404 );
exit;
}}}
The `wp_safe_redirect()` and `wp_redirect()` functions should trigger an
error if an HTTP status code is passed in that isn't in the `3xx` range.
The code above can cause much head scratching when you're presented with a
404 with no output.
I think it would make sense to trigger a `wp_die()` error message in this
situation, to ensure maximum chance of visibility to the developer.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44317>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list