Handle PHP uploads in WordPress, sanitizing file names, checking extensions for mime type, and moving the file to the appropriate directory within the uploads directory.

Signature

_wp_handle_upload( $file, $overrides, $time, $action )
file
 (array) Reference to a single element of $_FILES. Call the function once for each uploaded file.
overrides
 (array) An associative array of names => values to override default variables.
time
 (string) Time formatted in 'yyyy/mm'.
action
 (string) Expected value for $_POST['action'].

Return

(array) On success, returns an associative array of file attributes. On failure, returns $overrides['upload_error_handler'](&$file, $message ) or array( 'error'=>$message ).

Source

function _wp_handle_upload( &$file, $overrides, $time, $action ) {
	// The default error handler.
	if ( ! function_exists( 'wp_handle_upload_error' ) ) {
		function wp_handle_upload_error( &$file, $message ) {
			return array( 'error' => $message );
		}
	}

	/**
	 * The dynamic portion of the hook name, $action, refers to the post action.
	 *
	 * @since 2.9.0 as 'wp_handle_upload_prefilter'
	 * @since 4.0.0 Converted to a dynamic hook with $action
	 *
	 * @param array $file An array of data for a single file.
	 */
	$file = apply_filters( "{$action}_prefilter", $file );

	// You may define your own function and pass the name in $overrides['upload_error_handler']
	$upload_error_handler = 'wp_handle_upload_error';
153 more lines...
WP Trac GitHub

Link here