My file upload routine first checks to make sure the user is logged in to the wordpress application which is hosting the upload form...CHECK!
Here is the code at the top of my uploader utility that does this...
if (!is_user_logged_in()){
die("You Must Be Logged In to Access This");;
}
So far so good. Now I'm seeking to further secure the upload utility to prevent malicious scripts from being extracted from the uploaded zip files (the upload requires a zip file).
The downside to using a zip, I presume, is that it can contain any number or type of files that might make it more complicated to handle than otherwise.
So my question is for tips on how to further secure this uploader to make sure no malicious files are sent. The desired allowed files are .php, .jpg, .gif, .png