Uploading data files

  • My plugin imports a dataset from a CSV. The data is then sanitised and a new options table row created.

    PCP returns this error:

    “The use of function move_uploaded_file() is forbidden”

    I’m really not sure how to fix this as it’s the standard PHP function for uploading temporary files. There doesn’t appear to be any alternative method of importing a file.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi @aerin,

    Not an expert in this area, but have you tried wp_upload_bits instead?

    It may also be possible via _wp_handle_upload and wp_upload_dir() as per this stackexchange topic.

    Thread Starter Graham

    (@aerin)

    Thanks James. I have been looking wp_upload_bits and it may well be the solution.

    But I’d still like to know why move_uploaded_file() is forbidden. It works and has been working since forever on other plugins I’ve submitted to the WP repository.

    Security-wise,move_uploaded_file doesn’t really do much validation and people usually use it without any additional validation either. Then there are also reliability issues on certain filesystem setups with different permissions etc. For these reasons it’s always advisable to use the functions provided by WordPress for such things. Then you are on the safe side.

    For specific questions about plugin submission, please ask in the #pluginreview Slack channel.

    Thread Starter Graham

    (@aerin)

    Thanks @swissspidy. The problem I have is I can’t find a suitable wordpress function.

    I do a lot of validation on the uploaded data so I know it’s safe. I’d just like to clear the notice on the PCP report.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.