How to Validate Post Meta type/extension (Video File Image File etc)

Post’s metadata can not and should not be used for validation. They can be easily manipulated. Post metadata simply stores “editable” strings or arrays, nothing more than that.

The code you have copied is trying to fetch a metadata and check if its value is mp3. You can change a value of exe to mp3, and it will assume that the file is mp3. So, security issue here.

To validate a file truly, you have to pass the files path or URL to a real validator.

For example, WordPress offers this function to validate an image:

file_is_valid_image( $path );

Which returns true is the file in the pass is a real image. There are function to retrieve the file’s real extension (since it can easily be manipulated, change .exe to .jpg), which you can find them by a simple search.

Related Posts:

  1. Can I exclude a post by meta key using pre_get_posts function?
  2. What is the index [0] for on post meta fields?
  3. Best way to programmatically remove a category/term from a post
  4. Custom field metabox not showing in back-end
  5. So much data in postmeta
  6. How to hide meta box values from custom fields list?
  7. get_post_meta() unserialize issue – returns boolean(false)
  8. What is the advantage of the wp_options design pattern?
  9. display specific custom fields
  10. Meta keywords and descriptions plugin for manually editing meta for each page/post
  11. Multiple meta values for same meta_key adding on “Preview Changes” hit but not on saving or updating post
  12. Transients vs CRON +Custom Fields: Caching Data Per Post
  13. Unable to save datetime custom meta field using update_post_meta() function
  14. Up/Down voting system for WordPress
  15. post meta data clearing on autosave
  16. Create custom field on post draft or publish?
  17. Display info from custom fields in all images’ HTML
  18. get_post_meta fields don’t show up on posts page
  19. Update meta values with AJAX
  20. copy attachments to another post type and change attachment url
  21. Cannot edit post meta fields with rest API
  22. Add a post meta key and value only if it does not exist on the post
  23. Custom fields to save multiple values
  24. Function to change meta value in database for each post
  25. Get aggregate list of all custom fields for entire blog
  26. wp_handle_upload error “Specified file failed upload test” but still creates attachment?
  27. Which is best in the following scenario : post_meta vs custom table vs parent/child posts
  28. Saving custom image meta fields
  29. using multiple meta_key and meta_value in query_posts
  30. Adding custom fields (post meta) before/during wp_insert_post()
  31. Get specific custom field keys from a post and put into an array
  32. MySQL Query that looks for post with Custom Field, then changes Category
  33. ACF: How to get the full field name (meta_key) by a field key?
  34. post meta getting deleted on save
  35. How to add a new meta key and assign timestamp to posts
  36. If meta key exists in get posts function otherwise create it
  37. Custom field not updating when value is empty
  38. meta_compare seems to be treating values as strings instead of integers as expected
  39. Limit the number of acf content when displaying in post loop [closed]
  40. Read / Watch / Listen times – meta
  41. How to add custom metadata text box dropdown to sidebar in Gutenberg editor for all post types
  42. How do I Implement Atomic Update of Post Metadata?
  43. How do I have WP_Query match posts based on search parameter OR meta fields? (rather than search parameters AND meta fields)?
  44. Why is my Custom Meta Box Field Inputs NOT saving?
  45. Get registered custom fields or post meta even if empty
  46. Displaying multiple URLs as custom field values
  47. Show values of custom post meta on ‘Add new post’ page?
  48. Custom post meta field effect on the performance on the post
  49. Limits, not all post are showen when querying for posts by view count
  50. Display Custom Meta Box Field Only If Value is Present
  51. Stop sending email everytime I updates my post
  52. Best way to store everyday post views?
  53. shortcode in a custom metabox
  54. Unable to get specific value from post meta
  55. Problem with saving large amount of data in postmeta/usermeta
  56. Custom meta is not being saved
  57. How to get posts with a metadata numeric key greater than X?
  58. IF Custom field value equals ZERO
  59. How to use media upload on metabox post page without breaking TinyMCE?
  60. Let’s Create Custom Field Template Documentation
  61. Branch made by several custom values
  62. Looping inside block return
  63. WordPress creates new lines in postmeta table on post update
  64. User customising position of WordPress Featured Image
  65. Can I save post meta programatically without setting metaboxes?
  66. Insert image into sub-field with update_post_meta
  67. How to use conditional statement with custom field
  68. Meta box values are displayed on Custom Fields list. Is it possible to hide them?
  69. If metabox has content display content
  70. Best way to achieve multiple links in a post title
  71. Display Meta Data with HTML?
  72. How can I add/update post meta in a admin menu page?
  73. Get author total post votes from post meta
  74. Group Posts By Custom Meta Value: Date
  75. custom filed from post in the side bar
  76. Meta field bulk editing no longer working in WP 6.0 [closed]
  77. How to display custom fields in hestia theme
  78. How to speed up post list slowed by update_meta_cache()?
  79. WordPress Blocks, setAttributes not saving
  80. SQL query to change the value of a Custom Field
  81. Custom meta POST request fired twice when updating a post in Gutenberg
  82. Add custom field information to source meta data
  83. Update custom field on page specific to logged in user
  84. Save, update, get and sanitize post meta as HTML not plain
  85. Create Meta boxes dynamically
  86. Saved Post Meta Array Returns as String
  87. Delete custom meta
  88. Problem saving meta data
  89. Check if value exists before saving
  90. Get meta value when the page is a blog archive
  91. change attachment custom field onChange event
  92. wordpress simple post multi rating with post_meta and user_meta
  93. wp_postmeta are updated for only one page
  94. Custom fields / meta box output
  95. Make Custom Fields Public in JSON – API
  96. Colecting values from custom field checkboxes and displaying them in the post
  97. Build Array from Input Fields question
  98. Order by a meta field in query loop
  99. How can i put a custom field inside this php
  100. Site uses wpdb to fetch meta_keys but just displays first meta_key from a page (the post uses the same meta_key “filmmaker” more than once)
techhipbettruvabetnorabahisbahis forumuedusedusedueduedusedusedueduseduedu