Make WordPress Core

Ticket #42016: filter-validate-file-results.diff

File filter-validate-file-results.diff, 1.2 KB (added by DavidAnderson, 7 years ago)

This patch allows developers to filter/over-ride the validate_file() results. It is not a complete fix for this issue (I will put that in a separate patch). N.B. The change of order in the function is to ensure the same result code is returned. e.g. A developer who knows that he wants to allow some things can filter the result (e.g. it's a plugin that scans third-party zips, or that (cough!) unzips existing site backups).

  • wp-includes/functions.php

     
    42524252 * @return int 0 means nothing is wrong, greater than 0 means something was wrong.
    42534253 */
    42544254function validate_file( $file, $allowed_files = '' ) {
    4255         if ( false !== strpos( $file, '..' ) )
    4256                 return 1;
     4255        $result = 0;
    42574256
    4258         if ( false !== strpos( $file, './' ) )
    4259                 return 1;
     4257        if (':' == substr( $file, 1, 1 ) )
     4258                $result = 2;
    42604259
    42614260        if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files ) )
    4262                 return 3;
     4261                $result = 3;
    42634262
    4264         if (':' == substr( $file, 1, 1 ) )
    4265                 return 2;
     4263        if ( false !== strpos( $file, '..' ) )
     4264                $result = 1;
    42664265
    4267         return 0;
     4266        if ( false !== strpos( $file, './' ) )
     4267                $result = 1;
     4268
     4269        /**
     4270         * Filters the returned result.
     4271         *
     4272         * @since 4.8.3
     4273         *
     4274         * @param int As described for the return value of the function.
     4275         * @param string $file As provided to the function (file path).
     4276         * @param array  $allowed_files As provided to the function (list of allowed files).
     4277         */
     4278        return apply_filters( 'validate_file', $result, $file, $allowed_files );
    42684279}
    42694280
    42704281/**