sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Filesystem: Introduce the pre_move_uploaded_file filter.

Browse Source 
Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`.

Error reporting related to the file being moved will also be skipped.

Props ryan, Mte90.
Fixes #24603.


git-svn-id: https://develop.svn.wordpress.org/trunk@41258 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Drew Jaynes 2017-08-16 21:58:12 +00:00
parent cbaa63caeb
commit 0fb490ee1a
1 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/wp-admin/includes/file.php
View File

@ -371,21 +371,39 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
// Move the file to the uploads dir.
$new_file = $uploads['path'] . "/$filename";
if ( 'wp_handle_upload' === $action ) {
$move_new_file = @ move_uploaded_file( $file['tmp_name'], $new_file );
} else {
// use copy and unlink because rename breaks streams.
$move_new_file = @ copy( $file['tmp_name'], $new_file );
unlink( $file['tmp_name'] );
}
if ( false === $move_new_file ) {
if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) {
$error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
/**
* Filters whether to short-circuit moving the uploaded file after passing all checks.
*
* If a non-null value is passed to the filter, moving the file and any related error
* reporting will be completely skipped.
*
* @since 4.9.0
*
* @param string $move_new_file If null (default) move the file after the upload.
* @param string $file An array of data for a single file.
* @param string $new_file Filename of the newly-uploaded file.
* @param string $type File type.
*/
$move_new_file = apply_filters( 'pre_move_uploaded_file', null, $file, $new_file, $type );
if ( null === $move_new_file ) {
if ( 'wp_handle_upload' === $action ) {
$move_new_file = @ move_uploaded_file( $file['tmp_name'], $new_file );
} else {
$error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
// use copy and unlink because rename breaks streams.
$move_new_file = @ copy( $file['tmp_name'], $new_file );
unlink( $file['tmp_name'] );
}
if ( false === $move_new_file ) {
if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) {
$error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
} else {
$error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
}
return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
}
return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
}
// Set correct file permissions.