validate_temp_path()

Coding standards

Security in ResourceSpace

Developer reference

Database

Action functions

Admin functions

Ajax functions

Annotation functions

API functions

Collections functions

Comment functions

Config functions

CSV export functions

Dash functions

Debug functions

Encryption functions

Facial recognition functions

File functions

General functions

Language functions

Log functions

Message functions

Migration functions

Node functions

PDF functions

Plugin functions

Render functions

Reporting functions

Request functions

Research functions

Slideshow functions

Theme permission functions

getThemePathPerms()

User functions

Video functions

Database functions

Metadata functions

Resource functions

Search functions

Map functions

Job functions

get_job_type_priority()

Tab functions

Test functions

Description

Block path traversal by ensuring download is only possible from the temp folder.
Generates path to temp folder and checks it matches the supplied path.

Parameters

Column	Type	Description
$test_path	string	Potentially unsafe path to check.
$temp_folder	string	Optional name of temp folder to validate.
	PATHINFO_DIRNAME;
$override_paths	array
pathinfo$path
&&	PATHINFO_DIRNAME

Location

include/file_functions.php lines 375 to 380

Definition


 
function validate_temp_path(string $test_path, string $temp_folder = '') : bool
    {
    $temp_dir = realpath(get_temp_dir(false, $temp_folder));
    $test_path = realpath(pathinfo($test_path, PATHINFO_DIRNAME));
    return $test_path !== false && $temp_dir !== false && $temp_dir === $test_path;
    }

This article was last updated 7th June 2024 11:35 Europe/London time based on the source file dated 7th June 2024 11:05 Europe/London time.

Knowledge Base