plugins - How can sanitize $_FILES['haq_slider'] field

admin管理员组

文章数量:1024592

I have a function

function haqSliderHandleUpload() {
    global $haq_settings, $haqSliderImage;

    //  upload the image
    $sliderfile = $_FILES['haq_slider'];
    $upload = wp_handle_upload($sliderfile, 0);
    extract($upload);
    $uploadDirPath = str_replace(basename($file), '', $url);
    list($imageWidth, $imageHeight) = getimagesize($file);     }

I want to SANITIZE this field $sliderfile = $_FILES['haq_slider']; How can i do it

I have a function

function haqSliderHandleUpload() {
    global $haq_settings, $haqSliderImage;

    //  upload the image
    $sliderfile = $_FILES['haq_slider'];
    $upload = wp_handle_upload($sliderfile, 0);
    extract($upload);
    $uploadDirPath = str_replace(basename($file), '', $url);
    list($imageWidth, $imageHeight) = getimagesize($file);     }

I want to SANITIZE this field $sliderfile = $_FILES['haq_slider']; How can i do it

• plugins
• plugin-development

Share Improve this question asked Apr 6, 2019 at 6:09 Husain AhmedHusain Ahmed 7311 silver badge1313 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

You don't say where this code is running - for users or just for admins. Here are a few tips, taken heavily from this article on Wordfence.

The first check you can run is current_user_can to see if the current user is allowed to upload files using:

if(current_user_can('upload_files')) { ....

Next you can use wp_check_filetype to see if it's a valid extension.

$fileInfo = wp_check_filetype(basename($_FILES['haq_slider']['name']));
if (!empty($fileInfo['ext'])) {
   // This file is valid
} else {
   // Invalid file
}

The final test that Wordfence suggest is a call to PHPs getimagesize which will return FALSE if it fails to read a valid image file.

if (!@getimagesize($_FILES['haq_slider']['tmp_name']))
   wp_die(__('An invalid image was supplied.'));

I have a function

function haqSliderHandleUpload() {
    global $haq_settings, $haqSliderImage;

    //  upload the image
    $sliderfile = $_FILES['haq_slider'];
    $upload = wp_handle_upload($sliderfile, 0);
    extract($upload);
    $uploadDirPath = str_replace(basename($file), '', $url);
    list($imageWidth, $imageHeight) = getimagesize($file);     }

I want to SANITIZE this field $sliderfile = $_FILES['haq_slider']; How can i do it

I have a function

function haqSliderHandleUpload() {
    global $haq_settings, $haqSliderImage;

    //  upload the image
    $sliderfile = $_FILES['haq_slider'];
    $upload = wp_handle_upload($sliderfile, 0);
    extract($upload);
    $uploadDirPath = str_replace(basename($file), '', $url);
    list($imageWidth, $imageHeight) = getimagesize($file);     }

I want to SANITIZE this field $sliderfile = $_FILES['haq_slider']; How can i do it

• plugins
• plugin-development

Share Improve this question asked Apr 6, 2019 at 6:09 Husain AhmedHusain Ahmed 7311 silver badge1313 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

You don't say where this code is running - for users or just for admins. Here are a few tips, taken heavily from this article on Wordfence.

The first check you can run is current_user_can to see if the current user is allowed to upload files using:

if(current_user_can('upload_files')) { ....

Next you can use wp_check_filetype to see if it's a valid extension.

$fileInfo = wp_check_filetype(basename($_FILES['haq_slider']['name']));
if (!empty($fileInfo['ext'])) {
   // This file is valid
} else {
   // Invalid file
}

The final test that Wordfence suggest is a call to PHPs getimagesize which will return FALSE if it fails to read a valid image file.

if (!@getimagesize($_FILES['haq_slider']['tmp_name']))
   wp_die(__('An invalid image was supplied.'));

本文标签： pluginsHow can sanitize FILES39haqslider39 field