From f5a914218d39ac33edef4e17f05774fa63fea2ee Mon Sep 17 00:00:00 2001
From: Dion Hulse <dd32@git.wordpress.org>
Date: Tue, 16 Jun 2015 05:25:32 +0000
Subject: [PATCH] Add a filter to wp_safe_redirect() for the fallback URL.
 Props anubisthejackle. Fixes #22612

git-svn-id: https://develop.svn.wordpress.org/trunk@32793 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/pluggable.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index fcf198bd9f..e75b506eed 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1260,7 +1260,7 @@ if ( !function_exists('wp_safe_redirect') ) :
  * path. A plugin can therefore set or remove allowed host(s) to or from the
  * list.
  *
- * If the host is not allowed, then the redirect is to wp-admin on the siteurl
+ * If the host is not allowed, then the redirect defaults to wp-admin on the siteurl
  * instead. This prevents malicious redirects which redirect to another host,
  * but only used in a few places.
  *
@@ -1271,7 +1271,15 @@ function wp_safe_redirect($location, $status = 302) {
 	// Need to look at the URL the way it will end up in wp_redirect()
 	$location = wp_sanitize_redirect($location);
 
-	$location = wp_validate_redirect($location, admin_url());
+	/**
+	 * Filter the redirect fallback URL for when the provided redirect is not safe (local).
+	 * 
+	 * @since 4.3.0
+	 * 
+	 * @param string $fallback_url	The fallback URL to use by default.
+	 * @param int    $status        The redirect status.
+	 */
+	$location = wp_validate_redirect( $location, apply_filters( 'wp_safe_redirect_fallback', admin_url(), $status ) );
 
 	wp_redirect($location, $status);
 }