WordPress.org

Ready to get started?Download WordPress

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Difference between revisions of "Function Reference/validate file"

(New article: validate_file())
 
(Specify paramteres, add notes, replace description.)
Line 1: Line 1:
 
== Description ==
 
== Description ==
   
Validates a file against and allowed set of defined rules.
+
Used to prevent directory traversal attacks, or to test a filename against a whitelist.
   
 
== Usage ==
 
== Usage ==
   
%%%<?php validate_file( $file, $allowed_files ); ?>%%%
+
<?php validate_file( $file, $allowed_files ); ?>
   
 
== Parameters ==
 
== Parameters ==
Line 14: Line 14:
 
== Return Values ==
 
== Return Values ==
   
; (string) : The cleaned <tt>$url</tt> after the '<tt>cleaned_url</tt>' filter is applied.
+
; (0) : <tt>$file</tt> represents a valid relative path. You <strong>must</strong> treat it as a relative path after validating.
  +
  +
; (1) : <tt>$file</tt> is invalid and contains either <tt>'..'</tt> or <tt>'./'</tt>
  +
  +
; (2) : <tt>$file</tt> is invalid and contains <tt>':'</tt> after the first character.
  +
  +
; (3) : <tt>$file</tt> is invalid and is not in the <tt>$allowed_file</tt> list.
   
 
== Examples ==
 
== Examples ==
Line 21: Line 21:
 
== Notes ==
 
== Notes ==
   
  +
Be careful making boolean interpretations of the result, since false (0) indicates the filename has passed validation, whereas true (> 0) indicates failure.
   
 
== Changelog ==
 
== Changelog ==

Revision as of 21:57, 21 December 2012

Description

Used to prevent directory traversal attacks, or to test a filename against a whitelist.

Usage

<?php validate_file( $file, $allowed_files ); ?>

Parameters

$file
(string) (required) The file path.
Default: None
$allowed_files
(array) (optional) An array of allowed files
Default: null

Return Values

(0) 
$file represents a valid relative path. You must treat it as a relative path after validating.
(1) 
$file is invalid and contains either '..' or './'
(2) 
$file is invalid and contains ':' after the first character.
(3) 
$file is invalid and is not in the $allowed_file list.

Examples

Notes

Be careful making boolean interpretations of the result, since false (0) indicates the filename has passed validation, whereas true (> 0) indicates failure.

Changelog

Source File

validate_file() is located in wp-includes/functions.php.

Related

See the Data Validation article for an in-depth discussion of input and output sanitization.

See also index of Function Reference and index of Template Tags.
This page is marked as incomplete. You can help Codex by expanding it.