Make WordPress Core

Opened 6 months ago

Closed 3 months ago

#60926 closed defect (bug) (fixed)

Missing calling `exit` after using `wp_redirect`

Reported by: jigar-bhanushali's profile jigar bhanushali Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 6.6 Priority: normal
Severity: normal Version:
Component: Networks and Sites Keywords: has-patch
Focuses: administration, multisite Cc:

Description

When I reviewed the wp-admin/ms-options.php file, I have found missing calling exit

As per the function wp_redirect description, we should call exit after wp_redirect

Ref: https://developer.wordpress.org/reference/functions/wp_redirect/#description

Attachments (1)

60926.patch (293 bytes) - added by jigar bhanushali 6 months ago.

Download all attachments as: .zip

Change History (10)

#1 @jorbin
6 months ago

  • Keywords close added

I don't think exit is necessary since the file ends after the redirect.

#2 @johnbillion
6 months ago

  • Keywords close removed

I'd be happy enough to add this in for completeness, best practice, etc.

#3 @SergeyBiryukov
6 months ago

  • Milestone changed from Awaiting Review to 6.6

#4 @Presskopp
6 months ago

The description says:

Note: wp_redirect() does not exit automatically, and should almost always be followed by a call to exit;

Therefore I go with jorbin

This ticket was mentioned in Slack in #core by nhrrob. View the logs.


3 months ago

#6 follow-up: @rajinsharwar
3 months ago

Just to put some context, we use wp_redirect() in multiple places in the core where we want to continue the page processing after doing the redirect. So, exiting within the function will break the core a lot, as well as plugins or themes using it, in case they are also processing after redirect.

Examples from core:
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/update.php#L85
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/nav-menus.php#L608
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/user-edit.php#L122
https://github.com/WordPress/wordpress-develop/blob/33f443597f25bcfdc25cfbd73e57e601227ea809/src/wp-admin/includes/plugin.php#L667
...

My opinion is to close this as won't-fix.

#7 @audrasjb
3 months ago

  • Keywords close added
  • Milestone changed from 6.6 to Awaiting Review

I also agree with what the documentation says: it should "almost" always be followed by an exit call. Therefore, I'm re-adding the close keyword and putting this ticket outside of the current milestone.

#8 in reply to: ↑ 6 @SergeyBiryukov
3 months ago

  • Keywords close removed
  • Milestone changed from Awaiting Review to 6.6

Replying to rajinsharwar:

Just to put some context, we use wp_redirect() in multiple places in the core where we want to continue the page processing after doing the redirect. So, exiting within the function will break the core a lot, as well as plugins or themes using it, in case they are also processing after redirect.

Unless I'm missing something, this ticket does not suggest placing an exit call within the wp_redirect() function. It only suggests adding the call in a specific place at the end of wp-admin/ms-options.php, which should not break anything.

Taking a closer look, there is already an exit call after wp_redirect() in the same exact pattern in these files:

  • wp-admin/moderation.php
  • wp-admin/ms-admin.php
  • wp-admin/ms-edit.php
  • wp-admin/ms-sites.php
  • wp-admin/ms-themes.php
  • wp-admin/ms-upgrade-network.php
  • wp-admin/ms-users.php

See [16847] / #15518. It's only missing in wp-admin/ms-options.php by accident, so while an exit call might seem redundant here, 60926.patch brings more consistency with the other files.

#9 @SergeyBiryukov
3 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 58460:

Networks and Sites: Exit after wp_redirect() in wp-admin/ms-options.php.

This brings more consistency with the other files having the same pattern:

  • wp-admin/moderation.php
  • wp-admin/ms-admin.php
  • wp-admin/ms-edit.php
  • wp-admin/ms-sites.php
  • wp-admin/ms-themes.php
  • wp-admin/ms-upgrade-network.php
  • wp-admin/ms-users.php

Follow-up to [15481], [16847].

Props jigar-bhanushali, jorbin, johnbillion, Presskopp, rajinsharwar, audrasjb, SergeyBiryukov.
Fixes #60926.

Note: See TracTickets for help on using tickets.