validate_file()
Validates a file name and path against an allowed set of rules.
A return value of 1 means the file path contains directory traversal.
A return value of 2 means the file path contains a Windows drive path.
A return value of 3 means the file is not in the allowed files list.
Used By: wp_get_active_and_valid_plugins()
1 time — 0.000018 sec (very fast) | 50000 times — 0.01 sec (speed of light) | PHP 7.1.2, WP 4.7.5
No Hooks.
Return
Int
. 0 means nothing is wrong, greater than 0 means something was wrong.
Usage
validate_file( $file, $allowed_files );
- $file(string) (required)
- File path.
- $allowed_files(string[])
- Array of allowed files.
Default: array()
Examples
#1 Demo of file path checks
A path that will pass inspection:
$path = 'uploads/2012/12/my_image.jpg'; echo validate_file( $path ); // print 0 (valid path)
A path that will not pass inspection:
$path = '../../wp-content/uploads/2012/12/my_image.jpg'; echo validate_file( $path ); // print 1 (inaccessible path)
Changelog
Since 1.2.0 | Introduced. |