phpcs WordPress ruleset error Detected usage of a non-sanitized input variable: $_FILES

Question

I have a function of a file uploading. While uploading a file when I run the PHP_CodeSniffer phpcs I am getting the error. I am running WordPress ruleset.

Detected usage of a non-sanitized input variable: $_FILES

$fext = $file = $_FILES['import_file']['name'];
$filename = $_FILES['import_file']['tmp_name'];

Can anyone please tell me how to solve it.

Thanks in advance.

https://codex.wordpress.org/Function_Reference/sanitize_file_name — mujuonly, Mar 11 '19 at 11:01

score 0 · Answer 1 · answered Aug 19 '20 at 14:29

If you want to upload $_FILES['import_file'] using wp_handle_upload() should be enough to sanitize it.

Instead of running:

$file = $_FILES['import_file'];
$wp_handle_upload($file, array( 'test_form' => false ));

Don't hold $FILES['import_file'] in a variable, do this:

$wp_handle_upload($_FILES['import_file'], array( 'test_form' => false ));

phpcs WordPress ruleset error Detected usage of a non-sanitized input variable: $_FILES

1 Answers1