First do a var_dump
on the $_FILES
variable to check if the array key you are using is the correct one, and you should never just grab a variable that comes from user input and just use it, try doing a isset
or empty
before you use the variable.
After you found what is the key you will use wp_check_filetype
because it will give safer data about the file, you will have to do 2 in_array
to check if both the mimetype of the file and the extension belongs to the set you are allowing the user to upload, if not throw the user an message. Exemple of in_array
:
$extention = 'doc';
$allowed_extensions = array( 'doc', 'docx', 'pdf' );
$mime="text/javascript";
$allowed_mime = array( 'application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.ms-word.document.macroEnabled.12' );
if ( ! in_array( $extension, $allowed_extensions ) ){
return false;
}
if ( ! in_array( $mime, $allowed_mime ) ){
return false;
}
If you want to check for file size, you can use check_upload_size
, which is also a WordPress method that uses the site upload limit as a guide.