kharissulistiyo · November 21, 2024 22:56
diff --git a/bad-code-sample-arbitrary-file-upload.php b/bad-code-sample-arbitrary-file-upload.php
 <?php

  public function upload_file() {

          $uploadedfile = $_FILES['file'];

          $image_url = $uploadedfile['tmp_name'];

          $upload_dir = wp_upload_dir();

          $image_data = file_get_contents( $image_url );

          $filename = $uploadedfile['name'];

          $file = $upload_dir['basedir'] . '/dlm_uploads/' . date( 'Y/m/' ) . $filename;

          if ( ! file_put_contents( $file, $image_data ) ) {
                  wp_send_json_error( array( 'errorMessage' => esc_html__( 'Failed to write the file at: ', 'download-monitor' ) . $file ) );
          }

          $wp_filetype = wp_check_filetype( $filename, null );

          $attachment = array(
                  'post_mime_type' => $wp_filetype['type'],
                  'post_title'     => sanitize_file_name( $filename ),
                  'post_content'   => '',
                  'post_status'    => 'inherit',
          );

          $attach_id = wp_insert_attachment( $attachment, $file );

  }
	<?php

	public function upload_file() {

	$uploadedfile = $_FILES['file'];

	$image_url = $uploadedfile['tmp_name'];

	$upload_dir = wp_upload_dir();

	$image_data = file_get_contents( $image_url );

	$filename = $uploadedfile['name'];

	$file = $upload_dir['basedir'] . '/dlm_uploads/' . date( 'Y/m/' ) . $filename;

	if ( ! file_put_contents( $file, $image_data ) ) {
	wp_send_json_error( array( 'errorMessage' => esc_html__( 'Failed to write the file at: ', 'download-monitor' ) . $file ) );
	}

	$wp_filetype = wp_check_filetype( $filename, null );

	$attachment = array(
	'post_mime_type' => $wp_filetype['type'],
	'post_title' => sanitize_file_name( $filename ),
	'post_content' => '',
	'post_status' => 'inherit',
	);

	$attach_id = wp_insert_attachment( $attachment, $file );

	}