Validate uploaded filenames and content before storing files
PHP upload handlers should not persist raw `$_FILES` names without validation and normalization.
#Metadata
#Why it matters
Unsafely handled uploads can enable path traversal, executable file placement, and malicious payload storage.
#Remediation
Normalize filenames, enforce extension and MIME allowlists, and route uploads through dedicated validated storage helpers.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/php/php.security.unsafe-file-upload-handling.rule.yaml.