Why does wp_redirect strip out %0A (url encoded new line character) and how do I make it stop?

If you take a look to the wp_sanitize_redirect() function you will notice it is removing the new lines from the destination URL:

https://core.trac.wordpress.org/browser/tags/4.9/src/wp-includes/pluggable.php#L1249

In my opinion you have 2 options:

1 – Convert new lines on the message to a diff allowed unique char combination and then replace them back to new lines before outputting the string from the responseMsg URL parameter.

2 – Since this is a pluggable function, you can put it on a plugin and customize it to fit your needs.
Something like this: 

if ( !function_exists('wp_redirect') ) :
/**
 * Redirects to another page.
 *
 * Note: wp_redirect() does not exit automatically, and should almost always be
 * followed by a call to `exit;`:
 *
 *     wp_redirect( $url );
 *     exit;
 *
 * Exiting can also be selectively manipulated by using wp_redirect() as a conditional
 * in conjunction with the {@see 'wp_redirect'} and {@see 'wp_redirect_location'} hooks:
 *
 *     if ( wp_redirect( $url ) ) {
 *         exit;
 *     }
 *
 * @since 1.5.1
 *
 * @global bool $is_IIS
 *
 * @param string $location The path to redirect to.
 * @param int    $status   Status code to use.
 * @return bool False if $location is not provided, true otherwise.
 */
function wp_redirect($location, $status = 302, $strip_new_lines = true) {
    global $is_IIS;

    /**
     * Filters the redirect location.
     *
     * @since 2.1.0
     *
     * @param string $location The path to redirect to.
     * @param int    $status   Status code to use.
     */
    $location = apply_filters( 'wp_redirect', $location, $status );

    /**
     * Filters the redirect status code.
     *
     * @since 2.3.0
     *
     * @param int    $status   Status code to use.
     * @param string $location The path to redirect to.
     */
    $status = apply_filters( 'wp_redirect_status', $status, $location );

    if ( ! $location )
        return false;

    $location = wp_sanitize_redirect($location, $strip_new_lines);

    if ( !$is_IIS && PHP_SAPI != 'cgi-fcgi' )
        status_header($status); // This causes problems on IIS and some FastCGI setups

    header("Location: $location", true, $status);

    return true;
}
endif;

if ( !function_exists('wp_sanitize_redirect') ) :
/**
 * Sanitizes a URL for use in a redirect.
 *
 * @since 2.3.0
 *
 * @param string $location The path to redirect to.
 * @return string Redirect-sanitized URL.
 **/
function wp_sanitize_redirect($location, $strip_new_lines = true) {
    $regex = '/
        (
            (?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
            |   \xE0[\xA0-\xBF][\x80-\xBF]    # triple-byte sequences   1110xxxx 10xxxxxx * 2
            |   [\xE1-\xEC][\x80-\xBF]{2}
            |   \xED[\x80-\x9F][\x80-\xBF]
            |   [\xEE-\xEF][\x80-\xBF]{2}
            |   \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
            |   [\xF1-\xF3][\x80-\xBF]{3}
            |   \xF4[\x80-\x8F][\x80-\xBF]{2}
        ){1,40}                              # ...one or more times
        )/x';
    $location = preg_replace_callback( $regex, '_wp_sanitize_utf8_in_redirect', $location );
    $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\[\]()@]|i', '', $location);
    $location = wp_kses_no_null($location);

    // remove %0d and %0a from location
    $strip = array('%0d', '%0a', '%0D', '%0A');
    return $strip_new_lines ? _deep_replace( $strip, $location ) : $location;
}

/**
 * URL encode UTF-8 characters in a URL.
 *
 * @ignore
 * @since 4.2.0
 * @access private
 *
 * @see wp_sanitize_redirect()
 *
 * @param array $matches RegEx matches against the redirect location.
 * @return string URL-encoded version of the first RegEx match.
 */
function _wp_sanitize_utf8_in_redirect( $matches ) {
    return urlencode( $matches[0] );
}
endif;

Then you can call:

// by default is removing new lines so we pass false
$strip_new_lines = false;
$location = "/upload_success?responseMsg=".urlencode($new_body->message);

// make sure you pass the correct HTTP 
// status here to prevent penalty or any  other SEO issue
$status = 302;

wp_redirect( $location, $status,  $strip_new_lines );
//  wp_redirect() does not exit automatically
exit;

Related Posts:

  1. Stop unwanted WP redirection to new url
  2. Adding rewrite rule dynamically for search results redirecting to 404 URL
  3. store URL global before we redirect
  4. How to fix automatic redirects?
  5. Disable WordPress URL auto Redirect
  6. using wp_rewrite but keep the original url in the address bar
  7. Redirect based on $_GET parameters
  8. How to prevent automatic redirection of 404 errors and “incorrect” URLs?
  9. Disable WordPress URL auto complete
  10. Redirect user to original url after login?
  11. wp_redirect() function is not working
  12. Disable ONLY URL auto complete, not the whole canonical URL system
  13. Why is wp_redirect() preferable to a standard PHP header redirect?
  14. User redirect to destination URL after login
  15. WordPress HTTPS redirect loop
  16. Redirecting WordPress /.htaccess / HSTS / SSL
  17. Why does WordPress automatically redirect URLs with the parameter “name=” to a different page?
  18. WP redirects all pages from new domain to old domain
  19. Redirect to “All Posts” after post update or publish in Block Editor
  20. Redirect user after login/registration globally
  21. Redirecting old site links to new site
  22. Redirect to login page
  23. Temporary redirect prevents getting $_POST array
  24. Creating intro page in wordpress
  25. How to redirect only if page doesn’t exists
  26. Headers already sent – WordPress core
  27. Perform a redirect after user action
  28. How To Only Allow Users To View Their Own Buddypress Profiles? [closed]
  29. How to auto login after registration? [duplicate]
  30. header and wp_redirect not working. cannot modify header information warning
  31. Code to create a redirection after login?
  32. WordPress Global Redirect
  33. How to redirect to home page after registration?
  34. Redirect the non-www version of the site to the www
  35. Redirect Logged In User if page is wp-login.php and $_Get[‘level’] = X
  36. How to redirect URL with subfolder to the same URL but without subfolder?
  37. Redirect first category archive page to normal page
  38. Stuck In a Redirect Loop
  39. How to redirect a page into file?
  40. How to redirect after login getting a variable from url (for example with the language)
  41. How to set 301 redirection after moving WordPress blog?
  42. How can I replace my primary url globally with a parked one?
  43. URL redirect problem
  44. Force WordPress to load from site’s hostname
  45. How to redirect if a background request is still being executed
  46. Redirect custom post type from one domain to another domain
  47. How To Redirect /url.html to /url?
  48. I get redirected too many times only in wp-admin?
  49. reducing number of URL Redirects and increasing speed
  50. Remove #wpcf7-f2450-o1 with Contact form 7 redirect [closed]
  51. How to pass a message using template_redirect
  52. Disable WordPress URL auto complete
  53. Redirect user to original url after login?
  54. HTML Redirect to WP pages
  55. How do I Redirect a WordPress Page?
  56. Why does the $_GET parameter ?search forward the front-page to the archive/blog page
  57. wp_redirect () doesn’t work in nginx?
  58. Is it possible to wp_redirect() to a new tab?
  59. Redirect Attachment Page to Attachment
  60. How to redirect from one WP site to another
  61. WP_List_table with form of method=GET redirects to wrong url after submit
  62. Redirect old URL (with different post ID) to new URL
  63. Create header.php redirect in WordPress and with WPML
  64. My redirect URL doesn’t show any pages on my website [closed]
  65. Missing domain http://./wp-… in redirects
  66. Date based redirects of posts that no longer exist
  67. Redirect Page ID, based on logged-in User Role
  68. Trying to re-direct users to specific page based on an ACF variable
  69. How to redirect a child page to its parent page?
  70. Bulk redirect all post
  71. WordPress multi domain: page redirect to main domain whenever WordPress do the URL guessing issue
  72. Applying ‘middleware’ to a url before redirecting? Does WP have built in mechanism for this?
  73. How can I prevent caching of wp_redirect?
  74. Debugging issue with redirection in WordPress
  75. How to remove redirection
  76. Re-Direct ALL Users to the Home Page IF not logged in
  77. Redirect to dashboard user once you click on Publish page
  78. ERR_TOO_MANY_REDIRECTS when switching from good database to old database
  79. Redirect to /404/
  80. Redirect Category Media ‘URL’ when clicked
  81. wordpress automatic URL ‘page’ parameter rewrite
  82. Make custom post type archive for administrator only
  83. How to 301 redirect sub domain post URL to root domain
  84. Why https://www. SUBdomain is redirected by WP to https://MAINdomain
  85. Internal redirect from page to category
  86. Redirect only PDFs in different folders?
  87. wp_redirect leading to an infinite loop
  88. How to redirect new registrars to a custom registration page instead of WP default registration page?
  89. How to disable WordPress URL autocomplete / recognition?
  90. I’ve move my site but URL still goes to the old site
  91. How to redirect 404s that generated for css&JS files?
  92. Force SSL on a single page which is used as iFrame
  93. International characters in slugs to redirect to
  94. Rewrite rule for incoming urls
  95. URL Custom Rewrite
  96. How to handle expired assets/content when user has direct URL
  97. Redirect to a subdirectory frontpage using without using a WP plugin- what files to edit, and how?
  98. How to change Ugly link?
  99. Post Migration Site Migration Redirects All Known Solutions Attempted
  100. wp_redirect() doesn’t work