Same name and namespace in other branches
  1. 4.6.x includes/common.inc \drupal_goto()
  2. 4.7.x includes/common.inc \drupal_goto()
  3. 5.x includes/common.inc \drupal_goto()
  4. 7.x includes/common.inc \drupal_goto()

Send the user to a different Drupal page.

This issues an on-site HTTP redirect. The function makes sure the redirected URL is formatted correctly.

Usually the redirected URL is constructed from this function's input parameters. However you may override that behavior by setting a destination in either the $_REQUEST-array (i.e. by using the query string of an URI) or the $_REQUEST['edit']-array (i.e. by using a hidden form field). This is used to direct the user back to the proper page after completing a form. For example, after editing a post on the 'admin/content/node'-page or after having logged on using the 'user login'-block in a sidebar. The function drupal_get_destination() can be used to help set the destination URL.

Drupal will ensure that messages set by drupal_set_message() and other session data are written to the database before the user is redirected.

This function ends the request; use it rather than a print theme('page') statement in your menu callback.

Parameters

$path: (optional) A Drupal path or a full URL, which will be passed to url() to compute the redirect for the URL.

$query: (optional) A URL-encoded query string to append to the link, or an array of query key/value-pairs without any URL-encoding. Passed to url().

$fragment: (optional) A destination fragment identifier (named anchor).

$http_response_code: (optional) The HTTP status code to use for the redirection, defaults to 302. The valid values for 3xx redirection status codes are defined in RFC 2616 and the draft for the new HTTP status codes:

  • 301: Moved Permanently (the recommended value for most redirects).
  • 302: Found (default in Drupal and PHP, sometimes used for spamming search engines).
  • 303: See Other.
  • 304: Not Modified.
  • 305: Use Proxy.
  • 307: Temporary Redirect.

See also

drupal_get_destination()

Related topics

25 calls to drupal_goto()
aggregator_admin_refresh_feed in modules/aggregator/aggregator.admin.inc
Menu callback; refreshes a feed, then redirects to the overview page.
batch_process in includes/form.inc
Processes the batch.
comment_multiple_delete_confirm in modules/comment/comment.admin.inc
List the selected comments and verify that the admin really wants to delete them.
drupal_redirect_form in includes/form.inc
Redirect the user to a URL after a form has been processed.
locale_languages_delete_form in includes/locale.inc
User interface for the language deletion confirmation screen.

... See full list

1 string reference to 'drupal_goto'
drupal_redirect_form in includes/form.inc
Redirect the user to a URL after a form has been processed.

File

includes/common.inc, line 332
Common functions that many Drupal modules will need to reference.

Code

function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) {
  $destination = FALSE;
  if (isset($_REQUEST['destination'])) {
    $destination = $_REQUEST['destination'];
  }
  else {
    if (isset($_REQUEST['edit']['destination'])) {
      $destination = $_REQUEST['edit']['destination'];
    }
  }
  if ($destination) {

    // Do not redirect to an absolute URL originating from user input.
    if (!menu_path_is_external($destination)) {
      extract(parse_url($destination));
    }
  }
  $options = array(
    'query' => $query,
    'fragment' => $fragment,
    'absolute' => TRUE,
  );

  // In some cases modules call drupal_goto($_GET['q']). We need to ensure that
  // such a redirect is not to an external URL.
  if ($path === $_GET['q'] && menu_path_is_external($path)) {

    // Force url() to generate a non-external URL.
    $options['external'] = FALSE;
  }
  $url = url($path, $options);

  // Remove newlines from the URL to avoid header injection attacks.
  $url = str_replace(array(
    "\n",
    "\r",
  ), '', $url);

  // Allow modules to react to the end of the page request before redirecting.
  // We do not want this while running update.php.
  if (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update') {
    module_invoke_all('exit', $url);
  }

  // Even though session_write_close() is registered as a shutdown function, we
  // need all session data written to the database before redirecting.
  session_write_close();
  header('Location: ' . $url, TRUE, $http_response_code);

  // The "Location" header sends a redirect status code to the HTTP daemon. In
  // some cases this can be wrong, so we make sure none of the code below the
  // drupal_goto() call gets executed upon redirection.
  exit;
}