Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds WP.Security.SafeRedirect documentation.
- Loading branch information
1 parent
2f396d1
commit 093a725
Showing
1 changed file
with
19 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<documentation title="Safe Redirect"> | ||
<standard> | ||
<![CDATA[ | ||
wp_safe_redirect() should be used whenever possible to prevent open redirect vulnerabilities. One of the main uses of an open redirect vulnerability is to make phishing attacks more credible. In this case the user sees your (trusted) domain and might get redirected to an attacker controlled website aimed at stealing private information. | ||
]]> | ||
</standard> | ||
<code_comparison> | ||
<code title="Valid: Redirect can only go to allowed domains."> | ||
<![CDATA[ | ||
<em>wp_safe_redirect</em>( $location ); | ||
]]> | ||
</code> | ||
<code title="Invalid: Unsafe redirect, can be abused."> | ||
<![CDATA[ | ||
<em>wp_redirect</em>( $location ); | ||
]]> | ||
</code> | ||
</code_comparison> | ||
</documentation> |