Yes I have searched and yes I have found lots of answers, but I am not sure I have found the correct answer.
I have a form with an image upload. I am using wp_handler_upload() to upload the image to my uploads file. The code works fine as long as 'test_form' => false is in the $overrides array. So here is my question everything I have found online says to set this this way, but in the codex it says
$overrides
(array) (optional) An associative array to override default behaviors. When called while handling a form, 'action' must be set to match the 'action' parameter in the form or the upload will be rejected. When there is no form being handled, use 'test_form' => false to bypass this test, and set 'action' to something other than the default ("wp_handle_upload") to bypass security checks requiring the file in question to be a user-uploaded file.Default: false
The source file says
// All tests are on by default. Most can be turned off by `$overrides[{test_name}] = false;
$test_form = isset( $overrides['test_form'] ) ? $overrides['test_form'] : true;
$test_size = isset( $overrides['test_size'] ) ? $overrides['test_size'] : true;`// If you override this, you must provide $ext and $type!!
` $test_type = isset( $overrides['test_type'] ) ? $overrides['test_type'] : true;
$mimes = isset( $overrides['mimes'] ) ? $overrides['mimes'] : false;`// A correct form post will pass this test.
` if ( $test_form && ( ! isset( $_POST['action'] ) || ( $_POST['action'] != $action ) ) ) {
return call_user_func( $upload_error_handler, $file, __( 'Invalid form submission.' ) );
}`
So my questions are first how do I set action to my forms action parameter? I tried 'action'=>'' which didn't work.
Second is setting 'test_form' => false just an easy fix that is bypassing a security measure? or is it really supposed to be set that way? The only example in codex uses it and every example I have found online uses it, but it says a form should be able to pass the test. I am so confused.
Here is my current code:
if ( ! function_exists( 'wp_handle_upload' ) ) {
require_once( ABSPATH . 'wp-admin/includes/file.php' );
}
$uploadedfile = $_FILES['fileToUpload'];
$upload_overrides = array( 'test_form' => false, 'mimes' => array('jpg' => 'image/jpeg', 'png' => 'image/png') );
$movefile = wp_handle_upload( $uploadedfile, $upload_overrides );
if ( $movefile && !isset( $movefile['error'] ) ) {
echo "File is valid, and was successfully uploaded.\n";
//var_dump( $movefile);
$image=$movefile[url];
} else {
/**
* Error generated by _wp_handle_upload()
* @see _wp_handle_upload() in wp-admin/includes/file.php
*/
echo $movefile['error'];
}and the form
<form method="post" action="<?php echo htmlspecialchars('');?>" enctype="multipart/form-data">
<input type="file" name="fileToUpload" id="fileToUpload"><br>
<input type="submit" name="submit" value="Save">
</form>