I've done something like that myself so that if I ever should have time to fix the HTTP header injection vulnerability, that header('Location: ' . $location); exposes, i can just fix it in this one place.