Changeset 41258

Timestamp:

08/16/2017 09:58:12 PM (7 years ago)

Author:

DrewAPicture

Message:

Filesystem: Introduce the pre_move_uploaded_file filter.

Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging _wp_handle_upload(), such as wp_handle_upload() or wp_handle_sideload().

Error reporting related to the file being moved will also be skipped.

Props ryan, Mte90.
Fixes #24603.

File:

• trunk/src/wp-admin/includes/file.php (modified) (1 diff)

trunk/src/wp-admin/includes/file.php

@@ -372 +372 @@
     // Move the file to the uploads dir.
     $new_file = $uploads['path'] . "/$filename";
-    if ( 'wp_handle_upload' === $action ) {
-        $move_new_file = @ move_uploaded_file( $file['tmp_name'], $new_file );
-    } else {
-        // use copy and unlink because rename breaks streams.
-        $move_new_file = @ copy( $file['tmp_name'], $new_file );
-        unlink( $file['tmp_name'] );
-    }
-
-    if ( false === $move_new_file ) {
-        if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) {
-            $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
+
+    /**
+     * Filters whether to short-circuit moving the uploaded file after passing all checks.
+     *
+     * If a non-null value is passed to the filter, moving the file and any related error
+     * reporting will be completely skipped.
+     *
+     * @since 4.9.0
+     *
+     * @param string $move_new_file If null (default) move the file after the upload.
+     * @param string $file          An array of data for a single file.
+     * @param string $new_file      Filename of the newly-uploaded file.
+     * @param string $type          File type.
+     */
+    $move_new_file = apply_filters( 'pre_move_uploaded_file', null, $file, $new_file, $type );
+
+    if ( null === $move_new_file ) {
+        if ( 'wp_handle_upload' === $action ) {
+            $move_new_file = @ move_uploaded_file( $file['tmp_name'], $new_file );
         } else {
-            $error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
-        }
-        return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
+            // use copy and unlink because rename breaks streams.
+            $move_new_file = @ copy( $file['tmp_name'], $new_file );
+            unlink( $file['tmp_name'] );
+        }
+
+        if ( false === $move_new_file ) {
+            if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) {
+                $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
+            } else {
+                $error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
+            }
+            return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
+        }
     }