Home/ Questions/Q 7610811
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T01:30:31+00:00

All, I’m using the following code to upload some images to my WordPress blog:

  • 0

All,
I’m using the following code to upload some images to my WordPress blog:

$fieldname = 'logo';
include_once(ABSPATH . 'wp-admin/includes/media.php');
include_once(ABSPATH . 'wp-admin/includes/file.php');

if ($_FILES[$fieldname]) {
    $overrides = array('test_form' => false); 
    $file = wp_handle_upload($_FILES[$fieldname], $overrides);
    echo $file[error];
}

This works fine, however I can upload any type of file and as you are aware that could be potentially dangerous. Is there a way to make sure that the file is only a .jpg, .jpeg, .gif or a .png in the overrides or something like that?? Any help would be greatly appreciated!

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Set an array in your overrides for the mime types allowed. Here is an example for gif/jpg

    $fieldname = 'logo';
include_once(ABSPATH . 'wp-admin/includes/media.php');
include_once(ABSPATH . 'wp-admin/includes/file.php');


if ($_FILES[$fieldname]) {
    $allowed_file_types = array(
        'jpg'  => 'image/jpeg',
        'jpeg' => 'image/jpeg',
        'gif'  => 'image/gif',
        'png'  => 'image/png');
    $overrides          = array(
        'test_form' => false,
        'mimes'     => $allowed_file_types
);

    $file = wp_handle_upload($_FILES[$fieldname], $overrides);
    echo $file[error];
}
    • 0