Can I trust user input in wp_redirect()?

You can never trust user input. Always prepare a value that you want use in your own code. Example:

$path = filter_input( INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_URL );

if ( $path )
{
    $url="http://old.example.com" . $path;
    $url_escaped = esc_url( $url );
    $status      = 301;
    $message     = "Moved to <a href="https://wordpress.stackexchange.com/questions/233824/$url_escaped">$url_escaped</a>.";

    wp_redirect( 'http://old.example.com'. $path, $status );
    wp_die( $message, 'Moved', $status );
}

Related Posts:

  1. wp_redirect not working after submitting form
  2. Where does wp_redirect need to be placed to make it work?
  3. How to 301 private posts rather than 404?
  4. Redirect on successful login
  5. Need help to repair a 301 redirect problem
  6. Passing User Messages to Another Page
  7. How to disable redirect on test/staging copy of wordpress site
  8. wp_redirect not working when going to www version of site
  9. Cannot get redirect working
  10. Custom pagination structure
  11. wp_redirect “headers already sent” after front-end submission form
  12. Controller functionality – if user is not logged in send them to specific page (not wp_login)
  13. wp-admin Redirects to Docker Container Name
  14. Redirect to Referring URL after Login
  15. Why “exit” is needed after wp_redirect?
  16. wp_redirect not working in header, exit is breaking page
  17. how to block direct access to multiple thank you pages?
  18. Redirecting Subscriber Users to the home page after updating their profile
  19. wp_redirect not working from shortcode function
  20. Problem with is_page & wp_redirect
  21. Why is the session clearing after wp_safe_redirect?
  22. How to fix Ahref error showing wordpress admin pages as “Duplicate pages without canonical”?
  23. Problem in redirect link in wordpress
  24. Fix a Permalink plugin: it miss the redirect from old to new permalink
  25. Redirect Non-Logged In Users to Specific Page based on Page Template
  26. How to redirect non-logged in users from a URL to a specific page?
  27. Proper way to set author pages at root?
  28. How to Manually Upload Files via FTP
  29. Redirect to specific page
  30. blog url redirecting
  31. How to do 302 redirects “in” WordPress using Redirection plugin? [closed]
  32. wp_redirect giving a warning: Cannot modify header information – custom plugin
  33. force login and redirect to custom login page
  34. redirect to /wp-admin/edit.php instead of wp_redirect url
  35. WordPress wp_redirect() not working after get_header();
  36. Redirect specific link for logged in users only to specific URL
  37. Redirection problems
  38. Use wp_redirect without filter in plugin file
  39. Redirect to Page URL for non-members
  40. How to redirect to cart page using wp_redirect [closed]
  41. WP Redirect is not working
  42. Redirect regex misbehaving when placeholder empty
  43. Redirect to first child in menu
  44. Why does user not logged in when using wp_signon function
  45. Website URL not getting updated
  46. wp_redirect and get variables
  47. Force Rewrite Query Var On Hierarchical (Nested) Page
  48. Strange redirect behavior after moving development site to client server
  49. how to use wp_redirect inside a function
  50. wp_redirect hangs, but returns true
  51. How we redirect to other pages in WordPress?
  52. Question about proper use of wp_redirect?
  53. Checking if a user is logged in, if so redirect to a different page
  54. How do you maintain a debug session after wp_redirect()?
  55. Infinite redirect loop in my local environment
  56. Why sometimes wp_redirect() reset cookie?
  57. wp_redirect is not working sometimes
  58. Staging redirecting to live site (under construction page)
  59. Redirect Users who aren’t logged in, aren’t post authors and aren’t admin. Frontend
  60. Looking to redirect a link
  61. How Do I Redirect a WordPress Website?
  62. Overiding wp_sanitize_redirect for | character
  63. changing products urls – redirects
  64. How to redirect single post to parent category
  65. Fix WP Redirect Loop
  66. Redirect CPT to child?
  67. Add action “page_template” not work with home page
  68. Does wp_redirect keep the referrer?
  69. wp_redirect only works for external pages
  70. wp_redirect shows header already sent message
  71. Too may redirects when i use the wp_redirect() function
  72. Redirect missing pagination to base page
  73. gravity form login widget redirect
  74. How is WordPress redirecting/rewriting my URL?
  75. Is this consindered safe redirect?
  76. subpages are redirecting to the homepage
  77. Does wp_safe_redirect() no longer works?
  78. Cannot find redirect – WordPress behind HTTPS proxy (Cloudfront)
  79. Pretty permalinks for search results with extra query var
  80. Getting redirect to happen before header output
  81. How To Only Allow Users To View Their Own Buddypress Profiles? [closed]
  82. Redirect the non-www version of the site to the www
  83. My WP_options db rewrite_rules Does Not Work
  84. How to set 301 redirection after moving WordPress blog?
  85. Correct method of redirecting user login
  86. Redirect custom post type from one domain to another domain
  87. How can I redirect to my custom page without loading the Dashboard itself?
  88. Redirect from the dashboard to edit.php if wp_is_mobile() is true
  89. Cannot modify header information – headers already sent (wp_redirect in functions.php)
  90. wp_redirect () doesn’t work in nginx?
  91. Do more action after login successfully
  92. Redirect website domain (including all pages) to external URL after Popup message (few seconds)
  93. Create header.php redirect in WordPress and with WPML
  94. Admin Menu new tab external link
  95. WordPress site login Redirect
  96. Redirect to dashboard user once you click on Publish page
  97. Problem in auto login after registration
  98. Why https://www. SUBdomain is redirected by WP to https://MAINdomain
  99. redirect_to how to make it simply work with get parameter or similar?
  100. Redirect to a subdirectory frontpage using without using a WP plugin- what files to edit, and how?