function wpcf7_file_validation_filter($result, $tag) { global $wpcf7_contact_form; $type = $tag['type']; $name = $tag['name']; $options = (array) $tag['options']; $file = $_FILES[$name]; if ($file['error'] && UPLOAD_ERR_NO_FILE != $file['error']) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message('upload_failed_php_error'); return $result; } if (empty($file['tmp_name']) && 'file*' == $type) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message('invalid_required'); return $result; } if (!is_uploaded_file($file['tmp_name'])) { return $result; } $file_type_pattern = ''; $allowed_size = 1048576; // default size 1 MB foreach ($options as $option) { if (preg_match('%^filetypes:(.+)$%', $option, $matches)) { $file_types = explode('|', $matches[1]); foreach ($file_types as $file_type) { $file_type = trim($file_type, '.'); $file_type = str_replace(array('.', '+', '*', '?'), array('\\.', '\\+', '\\*', '\\?'), $file_type); $file_type_pattern .= '|' . $file_type; } } elseif (preg_match('/^limit:([1-9][0-9]*)([kKmM]?[bB])?$/', $option, $matches)) { $allowed_size = (int) $matches[1]; $kbmb = strtolower($matches[2]); if ('kb' == $kbmb) { $allowed_size *= 1024; } elseif ('mb' == $kbmb) { $allowed_size *= 1024 * 1024; } } } /* File type validation */ // Default file-type restriction if ('' == $file_type_pattern) { $file_type_pattern = 'jpg|jpeg|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv'; } $file_type_pattern = trim($file_type_pattern, '|'); $file_type_pattern = '(' . $file_type_pattern . ')'; $file_type_pattern = '/\\.' . $file_type_pattern . '$/i'; if (!preg_match($file_type_pattern, $file['name'])) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message('upload_file_type_invalid'); return $result; } /* File size validation */ if ($file['size'] > $allowed_size) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message('upload_file_too_large'); return $result; } $uploads_dir = wpcf7_upload_tmp_dir(); wpcf7_init_uploads(); // Confirm upload dir $filename = $file['name']; // If you get script file, it's a danger. Make it TXT file. if (preg_match('/\\.(php|pl|py|rb|cgi)\\d?$/', $filename)) { $filename .= '.txt'; } // foo.php.jpg => foo.php_.jpg $filename = wpcf7_sanitize_file_name($filename); $filename = wp_unique_filename($uploads_dir, $filename); $new_file = trailingslashit($uploads_dir) . $filename; if (false === @move_uploaded_file($file['tmp_name'], $new_file)) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message('upload_failed'); return $result; } // Make sure the uploaded file is only readable for the owner process @chmod($new_file, 0400); $wpcf7_contact_form->uploaded_files[$name] = $new_file; return $result; }
function wpcf7_file_display_warning_message() { if (!($contact_form = wpcf7_get_current_contact_form())) { return; } $has_tags = (bool) $contact_form->scan_form_tags(array('type' => array('file', 'file*'))); if (!$has_tags) { return; } $uploads_dir = wpcf7_upload_tmp_dir(); wpcf7_init_uploads(); if (!is_dir($uploads_dir) || !wp_is_writable($uploads_dir)) { $message = sprintf(__('This contact form contains file uploading fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'contact-form-7'), $uploads_dir); echo '<div class="notice notice-warning"><p>' . esc_html($message) . '</p></div>'; } }
function wpcf7_file_display_warning_message() { if (empty($_GET['post']) || !($contact_form = wpcf7_contact_form($_GET['post']))) { return; } $has_tags = (bool) $contact_form->form_scan_shortcode(array('type' => array('file', 'file*'))); if (!$has_tags) { return; } $uploads_dir = wpcf7_upload_tmp_dir(); wpcf7_init_uploads(); if (!is_dir($uploads_dir) || !wp_is_writable($uploads_dir)) { $message = sprintf(__('This contact form contains file uploading fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'wpcf7'), $uploads_dir); echo '<div class="error"><p><strong>' . esc_html($message) . '</strong></p></div>'; } }