Collections functions
General functions
Node functions
Render functions
Theme permission functions
User functions
Resource functions

validate_temp_path()

Description

Block path traversal by ensuring download is only possible from the temp folder.
Generates path to temp folder and checks it matches the supplied path.

Parameters

ColumnTypeDefaultDescription
$test_path string Potentially unsafe path to check.
$temp_folder string Optional name of temp folder to validate.
PATHINFO_DIRNAME;
$extra_paths array
pathinfo$path
&& PATHINFO_DIRNAME

Location

include/file_functions.php lines 375 to 380

Definition

 
function validate_temp_path(string $test_pathstring $temp_folder '') : bool
    
{
    
$temp_dir realpath(get_temp_dir(false$temp_folder));
    
$test_path realpath(pathinfo($test_pathPATHINFO_DIRNAME));
    return 
$test_path !== false && $temp_dir !== false && $temp_dir === $test_path;
    }

This article was last updated 29th May 2024 09:05 Europe/London time based on the source file dated 28th May 2024 17:05 Europe/London time.