validate_file example

function wp_get_active_network_plugins() {
    $active_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
    if ( empty( $active_plugins ) ) {
        return array();
    }

    $plugins        = array();
    $active_plugins = array_keys( $active_plugins );
    sort( $active_plugins );

    foreach ( $active_plugins as $plugin ) {
        if ( ! validate_file( $plugin )                     // $plugin must validate as file.             && str_ends_with( $plugin, '.php' )             // $plugin must end with '.php'.             && file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist.             ) {
            $plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
        }
    }

    return $plugins;
}

/** * Checks status of current blog. * * Checks if the blog is deleted, inactive, archived, or spammed. * * Dies with a default message if the blog does not pass the check. * * To change the default message when a blog does not pass the check, * use the wp-content/blog-deleted.php, blog-inactive.php and * blog-suspended.php drop-ins. * * @since 3.0.0 * * @return true|string Returns true on success, or drop-in file to include. */

            do_action( 'render_block_core_template_part_post', $template_part_id$attributes$template_part_post$content );
        } else {
            $template_part_file_path = '';
            // Else, if the template part was provided by the active theme,             // render the corresponding file content.             if ( 0 === validate_file( $attributes['slug'] ) ) {
                $block_template_file = _get_block_template_file( 'wp_template_part', $attributes['slug'] );
                if ( $block_template_file ) {
                    $template_part_file_path = $block_template_file['path'];
                    $content                 = (string) file_get_contents( $template_part_file_path );
                    $content                 = '' !== $content ? _inject_theme_attribute_in_block_template_content( $content ) : '';
                    if ( isset( $block_template_file['area'] ) ) {
                        $area = $block_template_file['area'];
                    }
                }
            }

            
/* * If a static page is set as the front page, $pagename will not be set. * Retrieve it from the queried object. */
        $post = get_queried_object();
        if ( $post ) {
            $pagename = $post->post_name;
        }
    }

    $templates = array();
    if ( $template && 0 === validate_file( $template ) ) {
        $templates[] = $template;
    }
    if ( $pagename ) {
        $pagename_decoded = urldecode( $pagename );
        if ( $pagename_decoded !== $pagename ) {
            $templates[] = "page-{$pagename_decoded}.php";
        }
        $templates[] = "page-{$pagename}.php";
    }
    if ( $id ) {
        $templates[] = "page-{$id}.php";
    }
_deprecated_file( 'my-hacks.php', '1.5.0' );
        array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
    }

    if ( empty( $active_plugins ) || wp_installing() ) {
        return $plugins;
    }

    $network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;

    foreach ( $active_plugins as $plugin ) {
        if ( ! validate_file( $plugin )                     // $plugin must validate as file.             && str_ends_with( $plugin, '.php' )             // $plugin must end with '.php'.             && file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist.             // Not already included as a network plugin.             && ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin$network_plugins, true ) )
        ) {
            $plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
        }
    }

    /* * Remove plugins from the list of active plugins when we're on an endpoint * that should be protected against WSODs and the plugin is paused. */

function wp_edit_theme_plugin_file( $args ) {
    if ( empty( $args['file'] ) ) {
        return new WP_Error( 'missing_file' );
    }

    if ( 0 !== validate_file( $args['file'] ) ) {
        return new WP_Error( 'bad_file' );
    }

    if ( ! isset( $args['newcontent'] ) ) {
        return new WP_Error( 'missing_content' );
    }

    if ( ! isset( $args['nonce'] ) ) {
        return new WP_Error( 'missing_nonce' );
    }

    
/** * Validates the plugin path. * * Checks that the main plugin file exists and is a valid plugin. See validate_file(). * * @since 2.5.0 * * @param string $plugin Path to the plugin file relative to the plugins directory. * @return int|WP_Error 0 on success, WP_Error on failure. */
function validate_plugin( $plugin ) {
    if ( validate_file( $plugin ) ) {
        return new WP_Error( 'plugin_invalid', __( 'Invalid plugin path.' ) );
    }
    if ( ! file_exists( WP_PLUGIN_DIR . '/' . $plugin ) ) {
        return new WP_Error( 'plugin_not_found', __( 'Plugin file does not exist.' ) );
    }

    $installed_plugins = get_plugins();
    if ( ! isset( $installed_plugins[ $plugin ] ) ) {
        return new WP_Error( 'no_plugin_header', __( 'The plugin does not have a valid header.' ) );
    }
    return 0;
}


    $plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );

    $status = array(
        'update'     => 'plugin',
        'slug'       => sanitize_key( wp_unslash( $_POST['slug'] ) ),
        'oldVersion' => '',
        'newVersion' => '',
    );

    if ( ! current_user_can( 'update_plugins' ) || 0 !== validate_file( $plugin ) ) {
        $status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' );
        wp_send_json_error( $status );
    }

    $plugin_data          = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
    $status['plugin']     = $plugin;
    $status['pluginName'] = $plugin_data['Name'];

    if ( $plugin_data['Version'] ) {
        /* translators: %s: Plugin version. */
        $status['oldVersion'] = sprintf( __( 'Version %s' )$plugin_data['Version'] );
    }

    public function validate_plugin_param( $file ) {
        if ( ! is_string( $file ) || ! preg_match( '/' . self::PATTERN . '/u', $file ) ) {
            return false;
        }

        $validated = validate_file( plugin_basename( $file ) );

        return 0 === $validated;
    }

    /** * Sanitizes the "plugin" parameter to be a proper plugin file with ".php" appended. * * @since 5.5.0 * * @param string $file The plugin file parameter. * @return string */

do_action( 'setup_theme' );

// Define the template related constants. wp_templating_constants();

// Load the default text localization domain. load_default_textdomain();

$locale      = get_locale();
$locale_file = WP_LANG_DIR . "/$locale.php";
if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file ) ) {
    require $locale_file;
}
unset( $locale_file );

/** * WordPress Locale object for loading locale domain date and various strings. * * @global WP_Locale $wp_locale WordPress date and time locale object. * @since 2.1.0 */
$GLOBALS['wp_locale'] = new WP_Locale();

if ( isset( $_REQUEST['customize_theme'] ) ) {
                $args['theme'] = wp_unslash( $_REQUEST['customize_theme'] );
            } elseif ( isset( $_REQUEST['theme'] ) ) { // Deprecated.                 $args['theme'] = wp_unslash( $_REQUEST['theme'] );
            }
        }
        if ( ! isset( $args['messenger_channel'] ) && isset( $_REQUEST['customize_messenger_channel'] ) ) {
            $args['messenger_channel'] = sanitize_key( wp_unslash( $_REQUEST['customize_messenger_channel'] ) );
        }

        $this->original_stylesheet = get_stylesheet();
        $this->theme               = wp_get_theme( 0 === validate_file( $args['theme'] ) ? $args['theme'] : null );
        $this->messenger_channel   = $args['messenger_channel'];
        $this->_changeset_uuid     = $args['changeset_uuid'];

        foreach ( array( 'settings_previewed', 'autosaved', 'branching' ) as $key ) {
            if ( isset( $args[ $key ] ) ) {
                $this->$key = (bool) $args[ $key ];
            }
        }

        require_once ABSPATH . WPINC . '/class-wp-customize-setting.php';
        require_once ABSPATH . WPINC . '/class-wp-customize-panel.php';
        

        do_action( $page_hook );
    } else {
        if ( validate_file( $plugin_page ) ) {
            wp_die( __( 'Invalid plugin page.' ) );
        }

        if ( ! ( file_exists( WP_PLUGIN_DIR . "/$plugin_page) && is_file( WP_PLUGIN_DIR . "/$plugin_page) )
            && ! ( file_exists( WPMU_PLUGIN_DIR . "/$plugin_page) && is_file( WPMU_PLUGIN_DIR . "/$plugin_page) )
        ) {
            /* translators: %s: Admin page generated by a plugin. */
            wp_die( sprintf( __( 'Cannot load %s.' )htmlentities( $plugin_page ) ) );
        }

        /** * Fires before a particular screen is loaded. * * The load-* hook fires in a number of contexts. This hook is for plugin screens * where the file to load is directly included, rather than the use of a function. * * The dynamic portion of the hook name, `$plugin_page`, refers to the plugin basename. * * @see plugin_basename() * * @since 1.5.0 */
Home | Imprint | This part of the site doesn't use cookies.