Yeah, that one’s a little tricky. ‘wp_handle_upload_prefilter’ gives you file information, but nothing about the final destination path. ‘upload_dir’ gives you the final destination path, but no file information. Some clue about how to resolve this would have been useful.
Untested, but it should work:
Hook ‘wp_handle_upload_prefilter’ to determine if the file being uploaded needs special handling or not. If nothing special is required, return without doing anything. If special path handling is required, add a filter hook to ‘upload_dir’ that returns the desired special path. You could conceivably manage several special paths by having a different ‘upload_dir’ callback for each path. The ‘wp_handle_upload_prefilter’ callback decides which path callback to add based on whatever file criteria makes sense.
Either way, return the file data unchanged, we’re not changing anything in ‘wp_handle_upload_prefilter’, it’s just a convenient launch point for selectively adding another filter since all the file data is available.
It’d be a good idea to also have the ‘upload_dir’ callback remove itself from the filter stack so it doesn’t erroneously change the path of any other subsequent upload that might occur during the same request. This may be the case with multiple file uploads from a single POST request. If uploads are always single files this is probably not necessary, but I like to remove selectively added callbacks prior to returning no matter what. It’s part of the “always clean up after yourself” coding maxim I always try to follow.
Thread Starter
Guido
(@guido07111975)
Hi BC,
Thanks for your response.
Maybe I have to look for an alternative, cause this seems a bit tricky (in case of multiple file uploads) and difficult to build. That might also be the reason why I wasn’t able to find my answer online.
Could create a custom post type + attach file upload. But I only need the file, not the post content.
In short, I have to find a way to upload certain files to a second upload folder.
Guido
You might consider doing without WP at all for handling the upload. There’s plenty of examples online on how this is done in PHP. The initial form where the user selects the file to upload can be a WP page or something, but the form would submit directly to a PHP script page that handles moving the file from the temp folder to where it belongs. This will work fine as long as you do not try to use any WP functions in the script.
Beware though, allowing file uploads can be a huge security risk depending on the type of file and the permissions assigned. Some aggressive file validation is in order to prevent hack attacks. IMO, the security implications are a lot more tricky to deal with than the selective filter hook scheme I suggested. OTOH, if done well, a custom upload routine is probably more secure than WP methods.
Another thought, you could let WP put the file where it normally would, then use PHP to move it to where it really belongs. Moving files (as opposed to copying) is pretty fast and efficient. The ‘wp_handle_upload’ filter should work for this. Returning an updated file data array should take care of any references to the file, but while developing you should ensure there are no orphaned references to the old location somewhere.
Thread Starter
Guido
(@guido07111975)
Hi BC,
I have deceided to use an alternative, so I can still use the default wp-content folder: htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^.*wp-content/uploads/.*(aa|ee) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . - [R=403,L]
</IfModule>
I’m no expert on this, but it seems to work:
No access to files (uri’s) containing ‘aa’ or ‘ee’ located in folder ‘wp-content > uploads’ when not logged is.
But as always, I might missing something 😉
Guido
