The ‘pre_move_uploaded_file’ WordPress PHP filter allows you to short-circuit the process of moving an uploaded file after it has passed all checks.
If a non-null value is returned from the filter, the file will not be moved, and any related error reporting will be skipped.
Usage
function my_pre_move_uploaded_file( $move_new_file, $file, $new_file, $type ) { // your custom code return $move_new_file; } add_filter( 'pre_move_uploaded_file', 'my_pre_move_uploaded_file', 10, 4 );
Parameters
- $move_new_file (mixed): If null (default), move the file after the upload.
- $file (array): Reference to a single element from $_FILES.
- name (string): The original name of the file on the client machine.
- type (string): The mime type of the file, if the browser provided this information.
- tmp_name (string): The temporary filename of the file in which the uploaded file was stored on the server.
- size (int): The size, in bytes, of the uploaded file.
- error (int): The error code associated with this file upload.
- $new_file (string): Filename of the newly-uploaded file.
- $type (string): Mime type of the newly-uploaded file.
Examples
Prevent image uploads
function prevent_image_upload( $move_new_file, $file, $new_file, $type ) { if ( strpos( $type, 'image/' ) === 0 ) { return false; } return $move_new_file; } add_filter( 'pre_move_uploaded_file', 'prevent_image_upload', 10, 4 );
In this example, we prevent image files from being uploaded by checking the mime type of the file. If the file is an image, the function returns false, preventing the file from being moved.
Limit file size
function limit_file_size( $move_new_file, $file, $new_file, $type ) { $max_size = 1024 * 1024; // 1 MB if ( $file['size'] > $max_size ) { return false; } return $move_new_file; } add_filter( 'pre_move_uploaded_file', 'limit_file_size', 10, 4 );
In this example, we limit the file size to 1 MB. If the uploaded file is larger than the limit, the function returns false, preventing the file from being moved.
Allow only PDF uploads
function allow_only_pdf( $move_new_file, $file, $new_file, $type ) { if ( $type != 'application/pdf' ) { return false; } return $move_new_file; } add_filter( 'pre_move_uploaded_file', 'allow_only_pdf', 10, 4 );
This example checks if the uploaded file is a PDF. If it’s not, the function returns false, preventing the file from being moved.
Rename uploaded files
function rename_uploaded_files( $move_new_file, $file, $new_file, $type ) { $file_extension = pathinfo( $file['name'], PATHINFO_EXTENSION ); $new_file_name = uniqid() . '.' . $file_extension; $new_file_path = dirname( $new_file ) . '/' . $new_file_name; move_uploaded_file( $file['tmp_name'], $new_file_path ); return true; } add_filter( 'pre_move_uploaded_file', 'rename_uploaded_files', 10, 4 );
In this example, we rename uploaded files using a unique ID and their original file extension. The filter function moves the uploaded file to the new path with the new filename and returns true, skipping the default file moving process.
Restrict file uploads based on user role
function restrict_file_uploads_by_role( $move_new_file, $file, $new_file, $type ) { $allowed_roles = array( 'administrator', 'editor' ); $current_user = wp_get_current_user(); if ( !array_intersect( $allowed_roles, $current_user->roles ) ) { return false; } return $move_new_file; } add_filter( 'pre_move_uploaded_file', 'restrict_file_uploads_by_role', 10, 4 );
In this example, we restrict file uploads to users with the ‘administrator’ or ‘editor’ role. If the current user doesn’t have one of these roles, the function returns false, preventing the file from being moved.