PHP wp_sanitize_redirect函数代码示例

 /**
  * Activated the given EDD license.
  *
  * @return	void
  * @since	1.7.1
  */
 public function activateLicense($option)
 {
     if ($this->settings['id'] != $option->settings['id']) {
         return;
     }
     /* Get the license */
     $license = esc_attr($this->getValue());
     /* License ID */
     $key = substr(md5($license), 0, 10);
     /* If the license is set we can handle activation. */
     if (strlen($license) > 0) {
         /* First of all we check if the user requested a manual activation */
         if (isset($_GET['eddactivate']) && '1' == $_GET['eddactivate']) {
             global $pagenow;
             if (isset($_GET)) {
                 $get = (array) $_GET;
             }
             if (isset($get['eddactivate'])) {
                 unset($get['eddactivate']);
             }
             $this->check($license, 'activate_license');
             /* Redirect to the settings page without the eddactivate parameter (otherwise it's used in all tabs links) */
             wp_redirect(wp_sanitize_redirect(add_query_arg($get, admin_url($pagenow))));
         }
         /* First activation of the license. */
         if (false == get_transient("tf_edd_license_try_{$key}")) {
             $this->check($license, 'activate_license');
         }
     }
 }

 public function json_create_user()
 {
     $error = array("status" => 0, "msg" => __('There has been an error processing your request. Please, reload the page and try again.', Eab_EventsHub::TEXT_DOMAIN));
     $data = stripslashes_deep($_POST);
     $email = $data['email'];
     if (empty($email)) {
         $error['msg'] = __('Please, submit an email.', Eab_EventsHub::TEXT_DOMAIN);
         die(json_encode($error));
     }
     if (!is_email($email)) {
         $error['msg'] = __('Please, submit a valid email.', Eab_EventsHub::TEXT_DOMAIN);
         die(json_encode($error));
     }
     if (email_exists($email)) {
         $current_location = get_permalink();
         if (!empty($data['location'])) {
             // Let's make this sane first - it's coming from a POST request, so make that sane
             $loc = wp_validate_redirect(wp_sanitize_redirect($data['location']));
             if (!empty($loc)) {
                 $current_location = $loc;
             }
         }
         $login_link = wp_login_url($current_location);
         $login_message = sprintf(__('The email address already exists. Please <a href="%s">Login</a> and RSVP to the event.', Eab_EventsHub::TEXT_DOMAIN), $login_link);
         $error['msg'] = $login_message;
         die(json_encode($error));
     }
     $wordp_user = $this->_create_user($email);
     if (is_object($wordp_user) && !empty($wordp_user->ID)) {
         $this->_login_user($wordp_user);
     } else {
         die(json_encode($error));
     }
     die(json_encode(array("status" => 1)));
 }

 /**
  * Send the Express Checkout NVP request
  *
  * @param $form_id
  * @throws Exception
  */
 public function send_EC_Request($form_id)
 {
     if (!session_id()) {
         @session_start();
     }
     if (!count($this->products)) {
         throw new Exception('Products not found!');
     }
     $total = 0;
     // create the data to send on PayPal
     $data = '&SOLUTIONTYPE=' . 'Sole' . '&PAYMENTREQUEST_0_PAYMENTACTION=' . 'Sale' . '&PAYMENTREQUEST_0_CURRENCYCODE=' . urlencode(get_option('ab_paypal_currency')) . '&RETURNURL=' . urlencode(add_query_arg(array('action' => 'ab-paypal-returnurl', 'ab_fid' => $form_id), AB_Utils::getCurrentPageURL())) . '&CANCELURL=' . urlencode(add_query_arg(array('action' => 'ab-paypal-cancelurl', 'ab_fid' => $form_id), AB_Utils::getCurrentPageURL()));
     foreach ($this->products as $k => $product) {
         $data .= "&L_PAYMENTREQUEST_0_NAME{$k}=" . urlencode($product->name) . "&L_PAYMENTREQUEST_0_DESC{$k}=" . urlencode($product->desc) . "&L_PAYMENTREQUEST_0_AMT{$k}=" . urlencode($product->price) . "&L_PAYMENTREQUEST_0_QTY{$k}=" . urlencode($product->qty);
         $total += $product->qty * $product->price;
     }
     $data .= "&PAYMENTREQUEST_0_AMT=" . urlencode($total) . "&PAYMENTREQUEST_0_ITEMAMT=" . urlencode($total);
     // send the request to PayPal
     $response = self::sendNvpRequest('SetExpressCheckout', $data);
     //Respond according to message we receive from Paypal
     if ("SUCCESS" == strtoupper($response["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($response["ACK"])) {
         $_SESSION['bookly'][$form_id]['paypal_response'] = array($response, $form_id);
         $paypalurl = 'https://www' . get_option('ab_paypal_ec_mode') . '.paypal.com/cgi-bin/webscr?cmd=_express-checkout&useraction=commit&token=' . urldecode($response["TOKEN"]);
         header('Location: ' . $paypalurl);
         exit;
     } else {
         header('Location: ' . wp_sanitize_redirect(add_query_arg(array('action' => 'ab-paypal-errorurl', 'ab_fid' => $form_id, 'error_msg' => $response["L_LONGMESSAGE0"]), AB_Utils::getCurrentPageURL())));
         exit;
     }
 }

/**
 * Copy and paste of WordPress original function where headers are but stored
 * before sending to avoid CLI limitations.
 *
 * @param $location
 * @param int $status
 * @return bool
 */
function wp_redirect($location, $status = 302)
{
    global $is_IIS;
    /**
     * Filter the redirect location.
     *
     * @since 2.1.0
     *
     * @param string $location The path to redirect to.
     * @param int $status Status code to use.
     */
    $location = apply_filters('wp_redirect', $location, $status);
    /**
     * Filter the redirect status code.
     *
     * @since 2.3.0
     *
     * @param int $status Status code to use.
     * @param string $location The path to redirect to.
     */
    $status = apply_filters('wp_redirect_status', $status, $location);
    if (!$location) {
        return false;
    }
    $location = wp_sanitize_redirect($location);
    if (!$is_IIS && PHP_SAPI != 'cgi-fcgi') {
        status_header($status);
    }
    // This causes problems on IIS and some FastCGI setups
    header("Location: {$location}", true, $status);
    global $cli_headers;
    $cli_headers["Location: {$location}"] = $status;
    return true;
}

function wpas_system_tools()
{
    if (!isset($_GET['tool']) || !isset($_GET['_nonce'])) {
        return false;
    }
    if (!wp_verify_nonce($_GET['_nonce'], 'system_tool')) {
        return false;
    }
    switch (sanitize_text_field($_GET['tool'])) {
        /* Clear all tickets metas */
        case 'tickets_metas':
            wpas_clear_tickets_metas();
            break;
        case 'agents_metas':
            wpas_clear_agents_metas();
            break;
        case 'clear_taxonomies':
            wpas_clear_taxonomies();
            break;
        case 'resync_products':
            wpas_delete_synced_products(true);
            break;
        case 'delete_products':
            wpas_delete_synced_products();
            break;
    }
    /* Redirect in "read-only" mode */
    $url = add_query_arg(array('post_type' => 'ticket', 'page' => 'wpas-status', 'tab' => 'tools', 'done' => sanitize_text_field($_GET['tool'])), admin_url('edit.php'));
    wp_redirect(wp_sanitize_redirect($url));
    exit;
}

	function test_wp_sanitize_redirect() {
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago'));
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
		//Nesting checks
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
	}

	function test_wp_sanitize_redirect() {
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago'));
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
		$this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay'));
		//Nesting checks
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
	}

/**
 * Generate a wpas-do field with a security nonce
 *
 * @since 3.3
 *
 * @param string $action      Action trigger
 * @param string $redirect_to Possible URL to redirect to after the action
 * @param bool   $echo        Whether to echo or return the fields
 *
 * @return string
 */
function wpas_do_field($action, $redirect_to = '', $echo = true)
{
    $field = sprintf('<input type="hidden" name="%1$s" value="%2$s">', 'wpas-do', $action);
    $field .= wp_nonce_field('trigger_custom_action', 'wpas-do-nonce', true, false);
    if (!empty($redirect_to)) {
        $field .= sprintf('<input type="hidden" name="%1$s" value="%2$s">', 'redirect_to', wp_sanitize_redirect($redirect_to));
    }
    if ($echo) {
        echo $field;
    }
    return $field;
}

	function test_wp_sanitize_redirect() {
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0Ago'));
		$this->assertEquals('http://example.com/watchthelinefeedgo', wp_sanitize_redirect('http://example.com/watchthelinefeed%0ago'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0Dgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0dgo'));
		$this->assertEquals('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay', wp_sanitize_redirect('http://example.com/watchtheallowedcharacters-~+_.?#=&;,/:%!*stay'));
		//Nesting checks
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0ddgo'));
		$this->assertEquals('http://example.com/watchthecarriagereturngo', wp_sanitize_redirect('http://example.com/watchthecarriagereturn%0%0DDgo'));
		$this->assertEquals('http://example.com/whyisthisintheurl/?param[1]=foo', wp_sanitize_redirect('http://example.com/whyisthisintheurl/?param[1]=foo'));
		$this->assertEquals('http://[2606:2800:220:6d:26bf:1447:aa7]/', wp_sanitize_redirect('http://[2606:2800:220:6d:26bf:1447:aa7]/'));
		$this->assertEquals('http://example.com/search.php?search=(amistillhere)', wp_sanitize_redirect('http://example.com/search.php?search=(amistillhere)'));
	}

 function wp_redirect($location, $status = 302)
 {
     $location = apply_filters('wp_redirect', $location, $status);
     if (empty($location)) {
         return false;
     }
     $status = apply_filters('wp_redirect_status', $status, $location);
     if ($status < 300 || $status > 399) {
         $status = 302;
     }
     $location = wp_sanitize_redirect($location);
     header('Location: ' . $location, true, $status);
 }

 function wp_redirect($location, $status = 302)
 {
     global $is_IIS;
     $location = apply_filters('wp_redirect', $location, $status);
     $status = apply_filters('wp_redirect_status', $status, $location);
     if (!$location) {
         // allows the wp_redirect filter to cancel a redirect
         return false;
     }
     $location = wp_sanitize_redirect($location);
     if (!$is_IIS && php_sapi_name() != 'cgi-fcgi') {
         status_header($status);
     }
     // This causes problems on IIS and some FastCGI setups
     $uri_ext = '/' . WpBoojFindURISegment();
     $uri_len = strlen($uri_ext) + 1;
     if (substr($location, 0, 1) == '/' && substr($location, 0, $uri_len) != $uri_ext) {
         $location = '/blog' . $location;
     }
     header("Location: {$location}", true, $status);
 }

 function wpc_client_rul_safe_redirect($location)
 {
     global $rul_local_only;
     if (2 == $rul_local_only || 1 == $rul_local_only) {
         return $location;
     }
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
     if (substr($location, 0, 2) == '//') {
         $location = 'http:' . $location;
     }
     // In php 5 parse_url may fail if the URL query part contains http://, bug #38143
     $test = ($cut = strpos($location, '?')) ? substr($location, 0, $cut) : $location;
     $lp = parse_url($test);
     $wpp = parse_url(get_home_url());
     $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
     if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) {
         return false;
     } else {
         return $location;
     }
 }

 static function JsRedirect($url, $unsafe = false)
 {
     $url = wp_sanitize_redirect($url);
     if (!$unsafe) {
         $url = wp_validate_redirect($url, apply_filters('wp_safe_redirect_fallback', admin_url(), 302));
     }
     echo '<script type="text/javascript"> window.location = "', str_replace('"', '\\"', $url), '"; </script><h1><a href="', esc_attr($url), '">', esc_html($url), '</a></h1>';
     // NO exit/die here!
 }

 /**
  * Performs a safe (local) redirect, using wp_redirect().
  *
  * Checks whether the $location is using an allowed host, if it has an absolute
  * path. A plugin can therefore set or remove allowed host(s) to or from the
  * list.
  *
  * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl
  * instead. This prevents malicious redirects which redirect to another host,
  * but only used in a few places.
  *
  * @since 2.3.0
  *
  * @param string $location The path to redirect to.
  * @param int    $status   Status code to use.
  */
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     /**
      * Filters the redirect fallback URL for when the provided redirect is not safe (local).
      *
      * @since 4.3.0
      *
      * @param string $fallback_url The fallback URL to use by default.
      * @param int    $status       The redirect status.
      */
     $location = wp_validate_redirect($location, apply_filters('wp_safe_redirect_fallback', admin_url(), $status));
     wp_redirect($location, $status);
 }

 /**
 * performs a safe (local) redirect, using wp_redirect()
 * @return void
 **/
 function wp_safe_redirect($location, $status = 302)
 {
     // Need to look at the URL the way it will end up in wp_redirect()
     $location = wp_sanitize_redirect($location);
     // browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
     if (substr($location, 0, 2) == '//') {
         $location = 'http:' . $location;
     }
     $lp = parse_url($location);
     $wpp = parse_url(get_option('home'));
     $allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']));
     if (isset($lp['host']) && (!in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host']))) {
         $location = get_option('siteurl') . '/wp-admin/';
     }
     wp_redirect($location, $status);
 }