How to sanitize uploaded file filename from a plugin?

1 Views

There is a problem with WordPress Form Manager plugin that doesn’t sanitize the uploaded file filename. So, when a user upload a photo with special characters in the filename, you will not be able to show it up on the front-end, for example.

My question is, how can I sanitize that?

Read More

Ps: I already shot the question to the plugin’s author.

Post Views: 1

Related posts

Leave a Reply

1 comment

  1. I found a way. Change the lines on wordpress-form-manager plugin direcoty -> types -> file.php (around line 109)

    From:

    if($fileNameFormat == "%filename%"){
    $newFileName = $pathInfo['filename'];
}

    To:

    if($fileNameFormat == "%filename%"){
//Sanitize the filename (See note below)
    $remove_these = array(' ','`','"',''','','/','%');
    $newFileName = str_replace($remove_these, '', $pathInfo['filename']);
//Make the filename unique
    $newFileName = time().'-'.$newFileName;                 
}