WordPress user uploading photos without extensions

May 8, 20232 Views

I am with the strangest issue here. There is a writer here on my website, using WordPress 4.2.2 (but it happens for months) that keeps uploading photos with names such as ()), 00 without even an extension and for some dark reason, these images bypass the WordPress upload filter and get crazy names such as simply jpg or jpg4.

The mess is even bigger when we use our image resize system that ends creating images with names such as jpg12-250x100. (note the trailing dot).

So our CloudFlare cache breaks, the internal cache breaks and to finish up this teenager’s bedroom, I am not able to reproduce this error even with superuser access. I already checked his user and he doesn’t have the role to unfiltered_upload.

I don’t know even how to start this investigation because I can’t do it with my account. Is there any filter at the WordPress’ upload system that I can search across my plugins to isolate the suspect code? I am totally blind right now.

Thanks,
Vinicius.

Post Views: 2

2 comments

Anonymous says:

May 8, 2023 at 7:16 pm

You can check wp_check_filetype_and_ext to check the filetype and proper extension.

Reference: https://codex.wordpress.org/Function_Reference/wp_check_filetype_and_ext

You can use wp_handle_upload hook to process uploaded file, similar to:
https://wordpress.stackexchange.com/a/38585

Hello Vinicius Tavares,

if you need WordPress uploading photos without extensions, follow below steps.

1) add admin page

2) add wordpress media files

3) write Html for image uploding

4) js for image uploading form media

5) save image on database.

add_action( 'admin_menu', 'register_my_custom_menu_page' );

    function register_my_custom_menu_page() {
        add_menu_page( 'Image uploding', 'Image uploding', 'manage_options', 'myplugin/myplugin-admin.php', 'Uploding_images_own', '', 6 );
    }
    function Uploding_images_own(){
        wp_enqueue_script('jquery');
        wp_enqueue_media();
    ?>
    <div style="margin:20px 20px">
       <label for="image_url">Image</label>
       <input type="text" name="image_url" id="image_url" class="regular-text">
       <input type="button" name="upload-btn" id="upload-btn" class="button-secondary" value="Upload Image">
    </div>
    <script type="text/javascript">
    jQuery(document).ready(function($){
        $('#upload-btn').click(function(e) {
            e.preventDefault();
            var image = wp.media({ 
                title: 'Upload Image',
                // mutiple: true if you want to upload multiple files at once
                multiple: false
            }).open()
            .on('select', function(e){
                // This will return the selected image from the Media Uploader, the result is an object
                var uploaded_image = image.state().get('selection').first();
                // We convert uploaded_image to a JSON object to make accessing it easier
                // Output to the console uploaded_image
                console.log(uploaded_image);
                var image_url = uploaded_image.toJSON().url;
                // Let's assign the url value to the input field
                $('#image_url').val(image_url);
            });
        });
    });
    </script>
    <?php } ?>

Comments are closed.

Related posts

2 comments

Social Network