# Security methods

## checkUploadedFile( file, p ) <a href="#checkuploadedfile" id="checkuploadedfile"></a>

Checks an uploaded file for security attacks and moves it to a safe place if it is considered secure. It moves the file to a safe place, specified by the returned Result property "`finalPath`".

* When checking uploaded images (`isRequireImage` or `allowedImageTypes` has been set), image types other than jpg, gif or png are converted to png.
* When uploading compressed image formats like jpg, since this method generates a new image from the uploaded one for security purposes, the final compression is always set to the maximum possible setting. This will cause compressed images like jpg files to take more disk space than their originals in most cases.
* **`file`** The file array given by PHP after receiving an uploaded file, received via $\_FILES\[name of the file]
* **`setup`** Optional hash array
  * **`isRequireImage`** Requires the file to be an image. If `allowedImageTypes` is specified, this is forced to true.&#x20;
  * **`allowedFileExtensions`** If value is specified with an array of extensions, only those file extensions are allowed. For example: `["pdf", "rtf"]`. If `allowedImageTypes` is specified and this is not, file extensions matching the specific `allowedImageTypes` will be required automatically.
  * **`allowedImageTypes`** If value is specified with an array of IMG\_?, only those image types are allowed (See <https://www.php.net/manual/en/image.constants.php>). If not specified, all image types supported by GD are accepted.

**Returns:** A [Result](/reference/core-classes/result.md) object with the following payloads:

* **`description`** A description of what went wrong
* **`finalPath`** The complete path where the file was moved if it was considered safe


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cherrycake.tin.cat/reference/core-modules/security/methods.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.