Opened 6 months ago
Closed 3 months ago
#60926 closed defect (bug) (fixed)
Missing calling `exit` after using `wp_redirect`
Reported by: | jigar bhanushali | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 6.6 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Networks and Sites | Keywords: | has-patch |
Focuses: | administration, multisite | Cc: |
Description
When I reviewed the wp-admin/ms-options.php
file, I have found missing calling exit
As per the function wp_redirect
description, we should call exit
after wp_redirect
Ref: https://developer.wordpress.org/reference/functions/wp_redirect/#description
Attachments (1)
Change History (10)
#2
@
6 months ago
- Keywords close removed
I'd be happy enough to add this in for completeness, best practice, etc.
#4
@
6 months ago
The description says:
Note: wp_redirect() does not exit automatically, and should almost always be followed by a call to exit;
Therefore I go with jorbin
This ticket was mentioned in Slack in #core by nhrrob. View the logs.
3 months ago
#6
follow-up:
↓ 8
@
3 months ago
Just to put some context, we use wp_redirect() in multiple places in the core where we want to continue the page processing after doing the redirect. So, exiting within the function will break the core a lot, as well as plugins or themes using it, in case they are also processing after redirect.
Examples from core:
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/update.php#L85
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/nav-menus.php#L608
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/user-edit.php#L122
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/includes/plugin.php#L667
...
My opinion is to close this as won't-fix.
#7
@
3 months ago
- Keywords close added
- Milestone changed from 6.6 to Awaiting Review
I also agree with what the documentation says: it should "almost" always be followed by an exit
call. Therefore, I'm re-adding the close
keyword and putting this ticket outside of the current milestone.
#8
in reply to:
↑ 6
@
3 months ago
- Keywords close removed
- Milestone changed from Awaiting Review to 6.6
Replying to rajinsharwar:
Just to put some context, we use wp_redirect() in multiple places in the core where we want to continue the page processing after doing the redirect. So, exiting within the function will break the core a lot, as well as plugins or themes using it, in case they are also processing after redirect.
Unless I'm missing something, this ticket does not suggest placing an exit
call within the wp_redirect()
function. It only suggests adding the call in a specific place at the end of wp-admin/ms-options.php
, which should not break anything.
Taking a closer look, there is already an exit
call after wp_redirect()
in the same exact pattern in these files:
wp-admin/moderation.php
wp-admin/ms-admin.php
wp-admin/ms-edit.php
wp-admin/ms-sites.php
wp-admin/ms-themes.php
wp-admin/ms-upgrade-network.php
wp-admin/ms-users.php
See [16847] / #15518. It's only missing in wp-admin/ms-options.php
by accident, so while an exit
call might seem redundant here, 60926.patch brings more consistency with the other files.
I don't think
exit
is necessary since the file ends after the redirect.