validate_file( string $file, string[] $allowed_files = array() )

根据允许的一组规则验证文件名和路径。
Validates a file name and path against an allowed set of rules.

目录锚点：#说明#参数#源码#笔记

说明（Description）

返回值1表示文件路径包含目录遍历。返回值2表示文件路径包含Windows驱动器路径。返回值3表示文件不在允许的文件列表中。

参数（Parameters）

源码（Source）

/**
 * File validates against allowed set of defined rules.
 *
 * A return value of '1' means that the $file contains either '..' or './'. A
 * return value of '2' means that the $file contains ':' after the first
 * character. A return value of '3' means that the file is not in the allowed
 * files list.
 *
 * @since 1.2.0
 *
 * @param string $file File path.
 * @param array  $allowed_files List of allowed files.
 * @return int 0 means nothing is wrong, greater than 0 means something was wrong.
 */
function validate_file( $file, $allowed_files = '' ) {
	if ( false !== strpos( $file, '..' ) )
		return 1;

	if ( false !== strpos( $file, './' ) )
		return 1;

	if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files ) )
		return 3;

	if (':' == substr( $file, 1, 1 ) )
		return 2;

	return 0;
}

笔记（Notes）

有效的文件路径