CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
validate_file example
function wp_get_active_network_plugins() {
$active_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
if ( empty( $active_plugins ) ) {
return array();
}
$plugins = array();
$active_plugins = array_keys( $active_plugins );
sort( $active_plugins );
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file. && str_ends_with( $plugin, '.php' ) // $plugin must end with '.php'. && file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist. ) {
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
}
return $plugins;
}
/** * Checks status of current blog. * * Checks if the blog is deleted, inactive, archived, or spammed. * * Dies with a default message if the blog does not pass the check. * * To change the default message when a blog does not pass the check, * use the wp-content/blog-deleted.php, blog-inactive.php and * blog-suspended.php drop-ins. * * @since 3.0.0 * * @return true|string Returns true on success, or drop-in file to include. */
$active_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
if ( empty( $active_plugins ) ) {
return array();
}
$plugins = array();
$active_plugins = array_keys( $active_plugins );
sort( $active_plugins );
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file. && str_ends_with( $plugin, '.php' ) // $plugin must end with '.php'. && file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist. ) {
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
}
return $plugins;
}
/** * Checks status of current blog. * * Checks if the blog is deleted, inactive, archived, or spammed. * * Dies with a default message if the blog does not pass the check. * * To change the default message when a blog does not pass the check, * use the wp-content/blog-deleted.php, blog-inactive.php and * blog-suspended.php drop-ins. * * @since 3.0.0 * * @return true|string Returns true on success, or drop-in file to include. */
do_action( 'render_block_core_template_part_post', $template_part_id, $attributes, $template_part_post, $content );
} else {
$template_part_file_path = '';
// Else, if the template part was provided by the active theme, // render the corresponding file content. if ( 0 === validate_file( $attributes['slug'] ) ) {
$block_template_file = _get_block_template_file( 'wp_template_part', $attributes['slug'] );
if ( $block_template_file ) {
$template_part_file_path = $block_template_file['path'];
$content = (string) file_get_contents( $template_part_file_path );
$content = '' !== $content ? _inject_theme_attribute_in_block_template_content( $content ) : '';
if ( isset( $block_template_file['area'] ) ) {
$area = $block_template_file['area'];
}
}
}
/*
* If a static page is set as the front page, $pagename will not be set.
* Retrieve it from the queried object.
*/
$post = get_queried_object();
if ( $post ) {
$pagename = $post->post_name;
}
}
$templates = array();
if ( $template && 0 === validate_file( $template ) ) {
$templates[] = $template;
}
if ( $pagename ) {
$pagename_decoded = urldecode( $pagename );
if ( $pagename_decoded !== $pagename ) {
$templates[] = "page-{$pagename_decoded}.php";
}
$templates[] = "page-{$pagename}.php";
}
if ( $id ) {
$templates[] = "page-{$id}.php";
}
$post = get_queried_object();
if ( $post ) {
$pagename = $post->post_name;
}
}
$templates = array();
if ( $template && 0 === validate_file( $template ) ) {
$templates[] = $template;
}
if ( $pagename ) {
$pagename_decoded = urldecode( $pagename );
if ( $pagename_decoded !== $pagename ) {
$templates[] = "page-{$pagename_decoded}.php";
}
$templates[] = "page-{$pagename}.php";
}
if ( $id ) {
$templates[] = "page-{$id}.php";
}
_deprecated_file( 'my-hacks.php', '1.5.0' );
array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
}
if ( empty( $active_plugins ) || wp_installing() ) {
return $plugins;
}
$network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file. && str_ends_with( $plugin, '.php' ) // $plugin must end with '.php'. && file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist. // Not already included as a network plugin. && ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin, $network_plugins, true ) )
) {
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
}
/* * Remove plugins from the list of active plugins when we're on an endpoint * that should be protected against WSODs and the plugin is paused. */
array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
}
if ( empty( $active_plugins ) || wp_installing() ) {
return $plugins;
}
$network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file. && str_ends_with( $plugin, '.php' ) // $plugin must end with '.php'. && file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist. // Not already included as a network plugin. && ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin, $network_plugins, true ) )
) {
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
}
/* * Remove plugins from the list of active plugins when we're on an endpoint * that should be protected against WSODs and the plugin is paused. */
function wp_edit_theme_plugin_file( $args ) {
if ( empty( $args['file'] ) ) {
return new WP_Error( 'missing_file' );
}
if ( 0 !== validate_file( $args['file'] ) ) {
return new WP_Error( 'bad_file' );
}
if ( ! isset( $args['newcontent'] ) ) {
return new WP_Error( 'missing_content' );
}
if ( ! isset( $args['nonce'] ) ) {
return new WP_Error( 'missing_nonce' );
}
/**
* Validates the plugin path.
*
* Checks that the main plugin file exists and is a valid plugin. See validate_file().
*
* @since 2.5.0
*
* @param string $plugin Path to the plugin file relative to the plugins directory.
* @return int|WP_Error 0 on success, WP_Error on failure.
*/
function validate_plugin( $plugin ) {
if ( validate_file( $plugin ) ) {
return new WP_Error( 'plugin_invalid', __( 'Invalid plugin path.' ) );
}
if ( ! file_exists( WP_PLUGIN_DIR . '/' . $plugin ) ) {
return new WP_Error( 'plugin_not_found', __( 'Plugin file does not exist.' ) );
}
$installed_plugins = get_plugins();
if ( ! isset( $installed_plugins[ $plugin ] ) ) {
return new WP_Error( 'no_plugin_header', __( 'The plugin does not have a valid header.' ) );
}
return 0;
}
function validate_plugin( $plugin ) {
if ( validate_file( $plugin ) ) {
return new WP_Error( 'plugin_invalid', __( 'Invalid plugin path.' ) );
}
if ( ! file_exists( WP_PLUGIN_DIR . '/' . $plugin ) ) {
return new WP_Error( 'plugin_not_found', __( 'Plugin file does not exist.' ) );
}
$installed_plugins = get_plugins();
if ( ! isset( $installed_plugins[ $plugin ] ) ) {
return new WP_Error( 'no_plugin_header', __( 'The plugin does not have a valid header.' ) );
}
return 0;
}
$plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );
$status = array(
'update' => 'plugin',
'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ),
'oldVersion' => '',
'newVersion' => '',
);
if ( ! current_user_can( 'update_plugins' ) || 0 !== validate_file( $plugin ) ) {
$status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' );
wp_send_json_error( $status );
}
$plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
$status['plugin'] = $plugin;
$status['pluginName'] = $plugin_data['Name'];
if ( $plugin_data['Version'] ) {
/* translators: %s: Plugin version. */
$status['oldVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
}
public function validate_plugin_param( $file ) {
if ( ! is_string( $file ) || ! preg_match( '/' . self::PATTERN . '/u', $file ) ) {
return false;
}
$validated = validate_file( plugin_basename( $file ) );
return 0 === $validated;
}
/** * Sanitizes the "plugin" parameter to be a proper plugin file with ".php" appended. * * @since 5.5.0 * * @param string $file The plugin file parameter. * @return string */
do_action( 'setup_theme' );
// Define the template related constants. wp_templating_constants();
// Load the default text localization domain. load_default_textdomain();
$locale = get_locale();
$locale_file = WP_LANG_DIR . "/$locale.php";
if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) ) {
require $locale_file;
}
unset( $locale_file );
/** * WordPress Locale object for loading locale domain date and various strings. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @since 2.1.0 */
$GLOBALS['wp_locale'] = new WP_Locale();
if ( isset( $_REQUEST['customize_theme'] ) ) {
$args['theme'] = wp_unslash( $_REQUEST['customize_theme'] );
} elseif ( isset( $_REQUEST['theme'] ) ) { // Deprecated. $args['theme'] = wp_unslash( $_REQUEST['theme'] );
}
}
if ( ! isset( $args['messenger_channel'] ) && isset( $_REQUEST['customize_messenger_channel'] ) ) {
$args['messenger_channel'] = sanitize_key( wp_unslash( $_REQUEST['customize_messenger_channel'] ) );
}
$this->original_stylesheet = get_stylesheet();
$this->theme = wp_get_theme( 0 === validate_file( $args['theme'] ) ? $args['theme'] : null );
$this->messenger_channel = $args['messenger_channel'];
$this->_changeset_uuid = $args['changeset_uuid'];
foreach ( array( 'settings_previewed', 'autosaved', 'branching' ) as $key ) {
if ( isset( $args[ $key ] ) ) {
$this->$key = (bool) $args[ $key ];
}
}
require_once ABSPATH . WPINC . '/class-wp-customize-setting.php';
require_once ABSPATH . WPINC . '/class-wp-customize-panel.php';
$args['theme'] = wp_unslash( $_REQUEST['customize_theme'] );
} elseif ( isset( $_REQUEST['theme'] ) ) { // Deprecated. $args['theme'] = wp_unslash( $_REQUEST['theme'] );
}
}
if ( ! isset( $args['messenger_channel'] ) && isset( $_REQUEST['customize_messenger_channel'] ) ) {
$args['messenger_channel'] = sanitize_key( wp_unslash( $_REQUEST['customize_messenger_channel'] ) );
}
$this->original_stylesheet = get_stylesheet();
$this->theme = wp_get_theme( 0 === validate_file( $args['theme'] ) ? $args['theme'] : null );
$this->messenger_channel = $args['messenger_channel'];
$this->_changeset_uuid = $args['changeset_uuid'];
foreach ( array( 'settings_previewed', 'autosaved', 'branching' ) as $key ) {
if ( isset( $args[ $key ] ) ) {
$this->$key = (bool) $args[ $key ];
}
}
require_once ABSPATH . WPINC . '/class-wp-customize-setting.php';
require_once ABSPATH . WPINC . '/class-wp-customize-panel.php';
do_action( $page_hook );
} else {
if ( validate_file( $plugin_page ) ) {
wp_die( __( 'Invalid plugin page.' ) );
}
if ( ! ( file_exists( WP_PLUGIN_DIR . "/$plugin_page" ) && is_file( WP_PLUGIN_DIR . "/$plugin_page" ) )
&& ! ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page" ) && is_file( WPMU_PLUGIN_DIR . "/$plugin_page" ) )
) {
/* translators: %s: Admin page generated by a plugin. */
wp_die( sprintf( __( 'Cannot load %s.' ), htmlentities( $plugin_page ) ) );
}
/** * Fires before a particular screen is loaded. * * The load-* hook fires in a number of contexts. This hook is for plugin screens * where the file to load is directly included, rather than the use of a function. * * The dynamic portion of the hook name, `$plugin_page`, refers to the plugin basename. * * @see plugin_basename() * * @since 1.5.0 */