Used to prevent directory traversal attacks, or to test a filename against a whitelist.
<?php validate_file( $file, $allowed_files ); ?>
- (string) (required) The file path.
- Default: None
- (array) (optional) An array of allowed files
- Default: null
- $file represents a valid relative path. You must treat it as a relative path after validating.
- $file is invalid and contains either '..' or './'
- $file is invalid and contains ':' after the first character.
- $file is invalid and is not in the $allowed_file list.
Be careful making boolean interpretations of the result, since false (0) indicates the filename has passed validation, whereas true (> 0) indicates failure.
validate_file() is located in
See the Data Validation article for an in-depth discussion of input and output sanitization.