I have a function
function haqSliderHandleUpload() {
global $haq_settings, $haqSliderImage;
// upload the image
$sliderfile = $_FILES['haq_slider'];
$upload = wp_handle_upload($sliderfile, 0);
extract($upload);
$uploadDirPath = str_replace(basename($file), '', $url);
list($imageWidth, $imageHeight) = getimagesize($file); }
I want to SANITIZE this field $sliderfile = $_FILES['haq_slider']; How can i do it
I have a function
function haqSliderHandleUpload() {
global $haq_settings, $haqSliderImage;
// upload the image
$sliderfile = $_FILES['haq_slider'];
$upload = wp_handle_upload($sliderfile, 0);
extract($upload);
$uploadDirPath = str_replace(basename($file), '', $url);
list($imageWidth, $imageHeight) = getimagesize($file); }
I want to SANITIZE this field $sliderfile = $_FILES['haq_slider']; How can i do it
Share Improve this question asked Apr 6, 2019 at 6:09 Husain AhmedHusain Ahmed 731 silver badge13 bronze badges1 Answer
Reset to default 2You don't say where this code is running - for users or just for admins. Here are a few tips, taken heavily from this article on Wordfence.
The first check you can run is current_user_can to see if the current user is allowed to upload files using:
if(current_user_can('upload_files')) { ....
Next you can use wp_check_filetype to see if it's a valid extension.
$fileInfo = wp_check_filetype(basename($_FILES['haq_slider']['name']));
if (!empty($fileInfo['ext'])) {
// This file is valid
} else {
// Invalid file
}
The final test that Wordfence suggest is a call to PHPs getimagesize which will return FALSE if it fails to read a valid image file.
if (!@getimagesize($_FILES['haq_slider']['tmp_name']))
wp_die(__('An invalid image was supplied.'));