cv upload

wp-content/plugins/biuro-contacts/public/class-biuro-contacts-public.php

@@ -378,7 +378,7 @@ class Biuro_Contacts_Public {
         case 'message':
             return sanitize_textarea_field($value);
         case 'cv':
-            return sanitize_file_name($value);
+            return sanitize_text_field($value);
         case 'agree':
         case 'confirm':
             return filter_var($value, FILTER_VALIDATE_INT) ? $value : 0;
@@ -463,11 +463,23 @@ class Biuro_Contacts_Public {
             $data = [
                 'city' => static::getValue('city', $_POST['city']),
                 'message' => static::getValue('message', $_POST['message']),
-                'cv' => static::getValue('cv', $_POST['cv']),
+                //'cv' => static::getValue('cv', $_POST['cv']),
                 'confirm' => static::getValue('confirm', $_POST['confirm']),
                 'updated' => current_time('Y-m-d H:i:s')
             ];
             
+            # upload file
+            if($_FILES) {
+          
+                $movefile = wp_handle_upload( $_FILES['cv'], ['test_form' => false]);
+                
+                if ( $movefile && ! isset( $movefile['error'] ) ) {
+                    $data['cv'] = static::getValue('cv', $movefile['url']);
+                } else {
+                    $_SESSION['file_error'] = $movefile['error'];
+                }                
+            }
+            
             static::update_row_in_db($data, $_SESSION['employees-quick--id']);
         endif;