WordPress.org

Make WordPress Core

Opened 3 weeks ago

#44317 new enhancement

wp_safe_redirect() and wp_redirect() shouldn't allow non-3xx status codes

Reported by: johnbillion Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords: needs-patch
Focuses: Cc:

Description

It might not be immediately obvious that the below code has a serious bug in it:

wp_safe_redirect( $url, 404 );
exit;

The wp_safe_redirect() and wp_redirect() functions should trigger an error if an HTTP status code is passed in that isn't in the 3xx range. The code above can cause much head scratching when you're presented with a 404 with no output.

I think it would make sense to trigger a wp_die() error message in this situation, to ensure maximum chance of visibility to the developer.

Change History (0)

Note: See TracTickets for help on using tickets.