wp_sanitize_redirect

The timeline below displays how wordpress function wp_sanitize_redirect has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 5.3

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @param string $location The path to redirect to.
 * @return string Redirect-sanitized URL.
 */
function wp_sanitize_redirect($location)
{
    // Encode spaces.
    $location = str_replace(' ', '%20', $location);
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // Remove %0D and %0A from location.
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: 5.1

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @param string $location The path to redirect to.
 * @return string Redirect-sanitized URL.
 */
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: 4.5

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @param string $location The path to redirect to.
 * @return string Redirect-sanitized URL.
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: 4.4

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: 3.4

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: .30

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: 3.3

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: .24

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: 4.3

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return _deep_replace($strip, $location);
}

WordPress Version: 2.4

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .30

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 2.3

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .28

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .10

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,40}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 4.2

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $regex = '/
		(
			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
			|   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
			|   [\xE1-\xEC][\x80-\xBF]{2}
			|   \xED[\x80-\x9F][\x80-\xBF]
			|   [\xEE-\xEF][\x80-\xBF]{2}
			|   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
			|   [\xF1-\xF3][\x80-\xBF]{3}
			|   \xF4[\x80-\x8F][\x80-\xBF]{2}
		){1,50}                              # ...one or more times
		)/x';
    $location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 1.5

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .40

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 1.4

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .31

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 4.1

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 0.4

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .31

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 4.0

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 3.9

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 8.4

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .34

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 7.5

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .40

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 7.4

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: .34

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!@]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}

WordPress Version: 3.7

/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3
 *
 * @return string redirect-sanitized URL
 **/
function wp_sanitize_redirect($location)
{
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
    $location = wp_kses_no_null($location);
    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $location = _deep_replace($strip, $location);
    return $location;
}