ad_returnredirect (public)

 ad_returnredirect [ -message message ] [ -html ] \
    [ -allow_complete_url ] target_url

Defined in packages/acs-tcl/tcl/utilities-procs.tcl

Write the HTTP response required to get the browser to redirect to a different page, to the current connection. This does not cause execution of the current page, including serving an ADP file, to stop. If you want to stop execution of the page, you should call ad_script_abort immediately following this call.

This proc is a replacement for ns_returnredirect, but improved in two important respects:

  • When the supplied target_url isn't complete, (e.g. /foo/bar.tcl or foo.tcl) the prepended location part is constructed by looking at the HTTP 1.1 Host header.
  • If a URL relative to the current directory is supplied (e.g. foo.tcl) it prepends location and directory.

A message to display to the user. See util_user_message.
(boolean) (optional)
Set this flag if your message contains HTML. If specified, you're responsible for proper quoting of everything in your message. Otherwise, we quote it for you.
(boolean) (optional)
By default we disallow redirecting to URLs outside the current host. This is based on the currently set host header or the hostname in the config file if there is no host header. Set allow_complete_url if you are redirecting to a known safe external web site. This prevents redirecting to a site by URL query hacking.
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 Class ::Generic::Form Class ::Generic::Form (public) ad_returnredirect ad_returnredirect Class ::Generic::Form->ad_returnredirect Class ::xowf::test_item::Question_manager Class ::xowf::test_item::Question_manager (public) Class ::xowf::test_item::Question_manager->ad_returnredirect ad_cache_returnredirect ad_cache_returnredirect (public) ad_cache_returnredirect->ad_returnredirect ad_redirect_for_registration ad_redirect_for_registration (public) ad_redirect_for_registration->ad_returnredirect ad_restrict_to_https ad_restrict_to_https (public) ad_restrict_to_https->ad_returnredirect ad_urlencode_folder_path ad_urlencode_folder_path (public) ad_returnredirect->ad_urlencode_folder_path util::external_url_p util::external_url_p (public) ad_returnredirect->util::external_url_p util_absolute_path_p util_absolute_path_p (public) ad_returnredirect->util_absolute_path_p util_complete_url_p util_complete_url_p (public) ad_returnredirect->util_complete_url_p util_current_directory util_current_directory (public) ad_returnredirect->util_current_directory

No testcase defined.
Source code:
    if {$message ne ""} {
        # Leave a hint, that we do not want to be consumed on the
        # current page.
        set ::__skip_util_get_user_messages 1
        util_user_message -message $message -html=$html_p

    if { [util_complete_url_p $target_url] } {
        # style - just pass to ns_returnredirect
        # check if the hostname matches the current host
        if {[util::external_url_p $target_url] && !$allow_complete_url_p} {
            error "Redirection to external hosts is not allowed."
        set url $target_url
    } elseif { [util_absolute_path_p $target_url] } {
        # /foo/bar.tcl style - prepend the current location:
        set url [util_current_location]$target_url
    } else {
        # URL is relative to current directory.
        set url [util_current_location][ad_urlencode_folder_path [util_current_directory]]
        if {$target_url ne "."} {
            append url $target_url

    # Sanitize URL to avoid potential injection attack
    regsub -all -- {[\r\n]} $url "" url

    ns_returnredirect $url
XQL Not present:
PostgreSQL, Oracle
Generic XQL file:

[ hide source ] | [ make this the default ]
Show another procedure: