成为VIPvalidate_file
函数
validate_file ( $file, $allowed_files = array() ) - 参数
-
-
(string)
$file
File path.- Required: 是
-
(string[])
$allowed_files
Optional. Array of allowed files.- Required: 否
- Default: array()
-
(string)
- 返回值
-
- (int) 0 means nothing is wrong, greater than 0 means something was wrong.
- 定义位置
-
-
wp-includes/functions.php
, line 5975
-
wp-includes/functions.php
- 引入
- 1.2.0
- 弃用
- –
根据允许的规则集验证文件名和路径。
返回值为`1`意味着文件路径包含目录遍历。
返回值为`2’意味着文件路径包含Windows驱动路径。
返回值为`3’意味着文件不在允许的文件列表中。
function validate_file( $file, $allowed_files = array() ) {
if ( ! is_scalar( $file ) || '' === $file ) {
return 0;
}
// `../` on its own is not allowed:
if ( '../' === $file ) {
return 1;
}
// More than one occurrence of `../` is not allowed:
if ( preg_match_all( '#../#', $file, $matches, PREG_SET_ORDER ) && ( count( $matches ) > 1 ) ) {
return 1;
}
// `../` which does not occur at the end of the path is not allowed:
if ( false !== strpos( $file, '../' ) && '../' !== mb_substr( $file, -3, 3 ) ) {
return 1;
}
// Files not in the allowed file list are not allowed:
if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files, true ) ) {
return 3;
}
// Absolute Windows drive paths are not allowed:
if ( ':' === substr( $file, 1, 1 ) ) {
return 2;
}
return 0;
}
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
