You are here

function drupal_goto in Drupal 5

Same name and namespace in other branches
  1. 4 includes/common.inc \drupal_goto()
  2. 6 includes/common.inc \drupal_goto()
  3. 7 includes/common.inc \drupal_goto()

Send the user to a different Drupal page.

This issues an on-site HTTP redirect. The function makes sure the redirected URL is formatted correctly.

Usually the redirected URL is constructed from this function's input parameters. However you may override that behavior by setting a <em>destination</em> in either the $_REQUEST-array (i.e. by using the query string of an URI) or the $_REQUEST['edit']-array (i.e. by using a hidden form field). This is used to direct the user back to the proper page after completing a form. For example, after editing a post on the 'admin/content/node'-page or after having logged on using the 'user login'-block in a sidebar. The function drupal_get_destination() can be used to help set the destination URL.

Drupal will ensure that messages set by drupal_set_message() and other session data are written to the database before the user is redirected.

This function ends the request; use it rather than a print theme('page') statement in your menu callback.

Parameters

$path: A Drupal path or a full URL.

$query: The query string component, if any.

$fragment: The destination fragment identifier (named anchor).

$http_response_code: Valid values for an actual "goto" as per RFC 2616 section 10.3 are:

  • 301 Moved Permanently (the recommended value for most redirects)
  • 302 Found (default in Drupal and PHP, sometimes used for spamming search engines)
  • 303 See Other
  • 304 Not Modified
  • 305 Use Proxy
  • 307 Temporary Redirect (an alternative to "503 Site Down for Maintenance")

Note: Other values are defined by RFC 2616, but are rarely used and poorly supported.

See also

drupal_get_destination()

34 calls to drupal_goto()
aggregator_admin_refresh_feed in modules/aggregator/aggregator.module
Menu callback; refreshes a feed, then redirects to the overview page.
comment_admin_overview_validate in modules/comment/comment.module
We can't execute any 'Update options' if no comments were selected.
comment_multiple_delete_confirm in modules/comment/comment.module
List the selected comments and verify that the admin really wants to delete them.
comment_multiple_delete_confirm_submit in modules/comment/comment.module
Perform the actual comment deletion.
comment_reply in modules/comment/comment.module
This function is responsible for generating a comment reply form. There are several cases that have to be handled, including:

... See full list

2 string references to 'drupal_goto'
drupal_redirect_form in includes/form.inc
Redirect the user to a URL after a form has been processed.
legacy_menu in modules/legacy/legacy.module
Implementation of hook_menu().

File

includes/common.inc, line 303
Common functions that many Drupal modules will need to reference.

Code

function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) {
  $destination = FALSE;
  if (isset($_REQUEST['destination'])) {
    $destination = $_REQUEST['destination'];
  }
  else {
    if (isset($_REQUEST['edit']['destination'])) {
      $destination = $_REQUEST['edit']['destination'];
    }
  }
  if ($destination) {

    // Do not redirect to an absolute URL originating from user input.
    $colonpos = strpos($destination, ':');
    $absolute = $colonpos !== FALSE && !preg_match('![/?#]!', substr($destination, 0, $colonpos));
    if (!$absolute) {
      extract(parse_url(urldecode($destination)));
    }
  }
  $url = url($path, $query, $fragment, TRUE);

  // Remove newlines from the URL to avoid header injection attacks.
  $url = str_replace(array(
    "\n",
    "\r",
  ), '', $url);

  // Before the redirect, allow modules to react to the end of the page request.
  module_invoke_all('exit', $url);

  // Even though session_write_close() is registered as a shutdown function, we
  // need all session data written to the database before redirecting.
  session_write_close();
  header('Location: ' . $url, TRUE, $http_response_code);

  // The "Location" header sends a REDIRECT status code to the http
  // daemon. In some cases this can go wrong, so we make sure none
  // of the code below the drupal_goto() call gets executed when we redirect.
  exit;
}