wp_delete_file_from_directory

The timeline below displays how wordpress function wp_delete_file_from_directory has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.3

/**
 * Deletes a file if its path is within the given directory.
 *
 * @since 4.9.7
 *
 * @param string $file      Absolute path to the file to delete.
 * @param string $directory Absolute path to a directory.
 * @return bool True on success, false on failure.
 */
function wp_delete_file_from_directory($file, $directory)
{
    if (wp_is_stream($file)) {
        $real_file = $file;
        $real_directory = $directory;
    } else {
        $real_file = realpath(wp_normalize_path($file));
        $real_directory = realpath(wp_normalize_path($directory));
    }
    if (false !== $real_file) {
        $real_file = wp_normalize_path($real_file);
    }
    if (false !== $real_directory) {
        $real_directory = wp_normalize_path($real_directory);
    }
    if (false === $real_file || false === $real_directory || !str_starts_with($real_file, trailingslashit($real_directory))) {
        return false;
    }
    wp_delete_file($file);
    return true;
}

WordPress Version: 2.1

/**
 * Deletes a file if its path is within the given directory.
 *
 * @since 4.9.7
 *
 * @param string $file      Absolute path to the file to delete.
 * @param string $directory Absolute path to a directory.
 * @return bool True on success, false on failure.
 */
function wp_delete_file_from_directory($file, $directory)
{
    if (wp_is_stream($file)) {
        $real_file = $file;
        $real_directory = $directory;
    } else {
        $real_file = realpath(wp_normalize_path($file));
        $real_directory = realpath(wp_normalize_path($directory));
    }
    if (false !== $real_file) {
        $real_file = wp_normalize_path($real_file);
    }
    if (false !== $real_directory) {
        $real_directory = wp_normalize_path($real_directory);
    }
    if (false === $real_file || false === $real_directory || strpos($real_file, trailingslashit($real_directory)) !== 0) {
        return false;
    }
    wp_delete_file($file);
    return true;
}

WordPress Version: 5.2

/**
 * Deletes a file if its path is within the given directory.
 *
 * @since 4.9.7
 *
 * @param string $file      Absolute path to the file to delete.
 * @param string $directory Absolute path to a directory.
 * @return bool True on success, false on failure.
 */
function wp_delete_file_from_directory($file, $directory)
{
    if (wp_is_stream($file)) {
        $real_file = wp_normalize_path($file);
        $real_directory = wp_normalize_path($directory);
    } else {
        $real_file = realpath(wp_normalize_path($file));
        $real_directory = realpath(wp_normalize_path($directory));
    }
    if (false === $real_file || false === $real_directory || strpos($real_file, trailingslashit($real_directory)) !== 0) {
        return false;
    }
    wp_delete_file($file);
    return true;
}

WordPress Version: .21

/**
 * Deletes a file if its path is within the given directory.
 *
 * @since 4.9.7
 *
 * @param string $file      Absolute path to the file to delete.
 * @param string $directory Absolute path to a directory.
 * @return bool True on success, false on failure.
 */
function wp_delete_file_from_directory($file, $directory)
{
    $real_file = realpath(wp_normalize_path($file));
    $real_directory = realpath(wp_normalize_path($directory));
    if (false === $real_file || false === $real_directory || strpos(wp_normalize_path($real_file), trailingslashit(wp_normalize_path($real_directory))) !== 0) {
        return false;
    }
    wp_delete_file($file);
    return true;
}

WordPress Version: .27

/**
 * Deletes a file if its path is within the given directory.
 *
 * @since 4.9.7
 *
 * @param string $file      Absolute path to the file to delete.
 * @param string $directory Absolute path to a directory.
 * @return bool True on success, false on failure.
 */
function wp_delete_file_from_directory($file, $directory)
{
    $real_file = realpath(wp_normalize_path($file));
    $real_directory = realpath(wp_normalize_path($directory));
    if (false === $real_file || false === $real_directory || strpos(wp_normalize_path($real_file), trailingslashit(wp_normalize_path($real_directory))) !== 0) {
        return false;
    }
    /** This filter is documented in wp-admin/custom-header.php */
    $delete = apply_filters('wp_delete_file', $file);
    if (!empty($delete)) {
        @unlink($delete);
    }
    return true;
}