[wp-trac] [WordPress Trac] #20060: wp_redirect() doesn't exit
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 22 20:11:27 UTC 2012
#20060: wp_redirect() doesn't exit
--------------------------------------+------------------------------
Reporter: iandunn | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-patch dev-feedback |
--------------------------------------+------------------------------
Comment (by johnbillion):
Replying to [comment:6 hakre]:
> I must admit that I don't really understand the security issue.
>
> What's wrong with writing:
>
>
> {{{
> wp_redirect( $location, $status );
> exit;
> }}}
There's nothing wrong with writing that. The problem comes when someone
uses `wp_redirect()` without `exit()`ing afterwards. Subsequent code will
be executed and subsequent output returned to the client, which can be a
security issue. This ticket is trying to address that by `exit()`ing after
the redirect header is sent.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20060#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list