Webapps exploit for platform.. Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5. Author: Larry W. Cashdollar . wp-admin/admin.");. 3. 4 header('Content-disposition: attachment; filename ='.$_GET['filename']);. 5 header('Content-type: application/pdf');. Removes special characters that are illegal in filenames on certain operating systems and special characters requiring special escaping to manipulate at the command line. Replaces. of filename. It is not guaranteed that this function will return a filename that is allowed to be uploaded.. File: wp-includes/formatting. . Description. Attempts to determine the real file type of a file. If unable to, the file name extension will be used to determine type. If it's determined that the extension does not match the file's real type, then the "proper_filename" value will be set with a proper filename and extension. Description. Retrieve the file type from the file name. You can optionally define the mime array, if needed. Usage. <? wp_check_filetype( $filename, $mimes ) ?> Parameters. $filename: (string) (required) File name or path. Default: None. $ mimes: (array) (optional) Key is the file extension with value as the mime type. wp_unique_filename( string $dir, string $filename, callable $ unique_filename_callback = null ). Get a filename that is. the filename is unique.he callback is passed three parameters, the first one is the directory, the second is the filename, and the third is the extension.. File: wp-includes/ functions..