WordPress Plugin: How to make uploads go to a custom directory

Hey guys,

If you are building a plugin and would like to send all your uploads from it to go to a custom directory then this post is for you 🙂

As an example I’m using an existing wordpress plugin: Comment Attachment (comment-attachment)

This is an awesome plugin that allows users to post files in the comments section. But sometimes you can’t trust the content posted and would like it all to go to a custom directory that you could monitor closely, maybe even setup an antivirus for that directory.

At the time of writing this post, I’m using Version 1.5.8. So the code or function names might change in the future.

Steps:

  • comment-attachment-init.php file has the code for handling uploads. So add this function to this file:
/**
 * upload_dir function.
 *
 * @access public
 *
 * @param mixed $pathdata
 *
 * @return array
 */
function wpse_custom_upload_dir( $pathdata ) {
	if ( empty( $pathdata['subdir'] ) ) {
		$pathdata['path']   = $pathdata['path'] . '/comm_downloads';
		$pathdata['url']    = $pathdata['url'] . '/comm_downloads';
		$pathdata['subdir'] = '/comm_downloads';
	} else {
		$new_subdir = '/comm_downloads' . $pathdata['subdir'];

		$pathdata['path']   = str_replace( $pathdata['subdir'], $new_subdir, $pathdata['path'] );
		$pathdata['url']    = str_replace( $pathdata['subdir'], $new_subdir, $pathdata['url'] );
		$pathdata['subdir'] = str_replace( $pathdata['subdir'], $new_subdir, $pathdata['subdir'] );
	}
	return $pathdata;
}

This is a function which will create your custom directory, instead of using default uploads directory. Now you need to attach this as a filter before and remove it after the upload code

  • Look for function “insertAttachment” and add:
add_filter( 'upload_dir', array($this, 'wpse_custom_upload_dir') );
remove_filter( 'upload_dir', array($this, 'wpse_custom_upload_dir') );

So your final function will look something like:

public function insertAttachment($fileHandler, $postId)
{
	require_once(ABSPATH . "wp-admin" . '/includes/image.php');
	require_once(ABSPATH . "wp-admin" . '/includes/file.php');
	require_once(ABSPATH . "wp-admin" . '/includes/media.php');
	// changing the directory
	add_filter( 'upload_dir', array($this, 'wpse_custom_upload_dir') );
	$attachment_id = media_handle_upload($fileHandler, $postId);
	// remove so it doesn't apply to all uploads
	remove_filter( 'upload_dir', array($this, 'wpse_custom_upload_dir') );
	return $attachment_id;
}

This can also be done using Custom Post types. And so you can make changes directly to the upload_dir in your functions.php file. The code for this will be a bit more complicated though. This post explains the quicker way. Only drawback, if you are editing a plugin made by someone else, then your changes will be gone when you update the plugin.

Comment Attachment plugin allows a lot of different filetypes to be uploaded. If your wordpress installation isn’t allowing the upload, then you can add this to your wp-config file:

define('ALLOW_UNFILTERED_UPLOADS', true);

But for the protection of your site try not to let people comment and upload things if they aren’t logged in. Also be very careful about letting people upload rar or zip files. Keep scanning your uploads folders regularly. Better safe than sorry 🙂

Hope this article helps you. Let me know of any suggestions in the comments below.

Leave a Reply