From 0fb490ee1a27d8af76da12878ed92bad31e104ed Mon Sep 17 00:00:00 2001 From: Drew Jaynes Date: Wed, 16 Aug 2017 21:58:12 +0000 Subject: [PATCH] Filesystem: Introduce the `pre_move_uploaded_file` filter. Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`. Error reporting related to the file being moved will also be skipped. Props ryan, Mte90. Fixes #24603. git-svn-id: https://develop.svn.wordpress.org/trunk@41258 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/file.php | 42 ++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php index 73999414aa..595b2857b5 100644 --- a/src/wp-admin/includes/file.php +++ b/src/wp-admin/includes/file.php @@ -371,21 +371,39 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) { // Move the file to the uploads dir. $new_file = $uploads['path'] . "/$filename"; - if ( 'wp_handle_upload' === $action ) { - $move_new_file = @ move_uploaded_file( $file['tmp_name'], $new_file ); - } else { - // use copy and unlink because rename breaks streams. - $move_new_file = @ copy( $file['tmp_name'], $new_file ); - unlink( $file['tmp_name'] ); - } - if ( false === $move_new_file ) { - if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) { - $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; + /** + * Filters whether to short-circuit moving the uploaded file after passing all checks. + * + * If a non-null value is passed to the filter, moving the file and any related error + * reporting will be completely skipped. + * + * @since 4.9.0 + * + * @param string $move_new_file If null (default) move the file after the upload. + * @param string $file An array of data for a single file. + * @param string $new_file Filename of the newly-uploaded file. + * @param string $type File type. + */ + $move_new_file = apply_filters( 'pre_move_uploaded_file', null, $file, $new_file, $type ); + + if ( null === $move_new_file ) { + if ( 'wp_handle_upload' === $action ) { + $move_new_file = @ move_uploaded_file( $file['tmp_name'], $new_file ); } else { - $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; + // use copy and unlink because rename breaks streams. + $move_new_file = @ copy( $file['tmp_name'], $new_file ); + unlink( $file['tmp_name'] ); + } + + if ( false === $move_new_file ) { + if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) { + $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; + } else { + $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; + } + return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) ); } - return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) ); } // Set correct file permissions.