You are here

Home » API reference » Finder 7.2 » form.inc

function finder_form_goto in Finder 7.2

Same name and namespace in other branches
  1. 6 includes/finder.form.inc \finder_form_goto()
  2. 7 includes/finder.form.inc \finder_form_goto()

Redirect from a finder form.

The difference between this and drupal_goto() is that this undoes the encoding of the arguments seperator, as such encoding inteferes with finder.

Parameters

$sep: The arguments seperator string.

$path: A Drupal path or a full URL.

$query: A query string component, if any.

$fragment: A destination fragment identifier (named anchor).

$http_response_code: Valid values for an actual "goto" as per RFC 2616 section 10.3 are:

  • 301 Moved Permanently (the recommended value for most redirects)
  • 302 Found (default in Drupal and PHP, sometimes used for spamming search engines)
  • 303 See Other
  • 304 Not Modified
  • 305 Use Proxy
  • 307 Temporary Redirect (alternative to "503 Site Down for Maintenance")

Note: Other values are defined by RFC 2616, but are rarely used and poorly supported.

See also

drupal_goto()

1 call to finder_form_goto()
finder_form_state in includes/form.inc
Statically 'get' or 'set' the FAPI form state in a per-finder cache.

File

includes/form.inc, line 536
The finder form.

Code

function finder_form_goto($sep, $url_empty_sep, $path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) {

  // A destination in $_GET always overrides the function arguments.
  // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
  if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
    $destination = drupal_parse_url($_GET['destination']);
    $path = $destination['path'];
    $query = $destination['query'];
    $fragment = $destination['fragment'];
  }
  $url = url($path, array(
    'query' => $query,
    'fragment' => $fragment,
    'absolute' => TRUE,
  ));

  // custom changes - undo separator encoding
  $url = str_replace(urlencode($url_empty_sep), $url_empty_sep, str_replace(urlencode($sep), $sep, $url));

  // Remove newlines from the URL to avoid header injection attacks.
  $url = str_replace(array(
    "\n",
    "\r",
  ), '', $url);
  header('Location: ' . $url, TRUE, $http_response_code);

  // The "Location" header sends a redirect status code to the HTTP daemon. In
  // some cases this can be wrong, so we make sure none of the code below the
  // drupal_goto() call gets executed upon redirection.
  drupal_exit($url);
}