function wpcf7_file_validation_filter($result, $tag)
{
global $wpcf7_contact_form;
$type = $tag['type'];
$name = $tag['name'];
$options = (array) $tag['options'];
$file = $_FILES[$name];
if ($file['error'] && UPLOAD_ERR_NO_FILE != $file['error']) {
$result['valid'] = false;
$result['reason'][$name] = $wpcf7_contact_form->message('upload_failed_php_error');
return $result;
}
if (empty($file['tmp_name']) && 'file*' == $type) {
$result['valid'] = false;
$result['reason'][$name] = $wpcf7_contact_form->message('invalid_required');
return $result;
}
if (!is_uploaded_file($file['tmp_name'])) {
return $result;
}
$file_type_pattern = '';
$allowed_size = 1048576;
// default size 1 MB
foreach ($options as $option) {
if (preg_match('%^filetypes:(.+)$%', $option, $matches)) {
$file_types = explode('|', $matches[1]);
foreach ($file_types as $file_type) {
$file_type = trim($file_type, '.');
$file_type = str_replace(array('.', '+', '*', '?'), array('\\.', '\\+', '\\*', '\\?'), $file_type);
$file_type_pattern .= '|' . $file_type;
}
} elseif (preg_match('/^limit:([1-9][0-9]*)([kKmM]?[bB])?$/', $option, $matches)) {
$allowed_size = (int) $matches[1];
$kbmb = strtolower($matches[2]);
if ('kb' == $kbmb) {
$allowed_size *= 1024;
} elseif ('mb' == $kbmb) {
$allowed_size *= 1024 * 1024;
}
}
}
/* File type validation */
// Default file-type restriction
if ('' == $file_type_pattern) {
$file_type_pattern = 'jpg|jpeg|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv';
}
$file_type_pattern = trim($file_type_pattern, '|');
$file_type_pattern = '(' . $file_type_pattern . ')';
$file_type_pattern = '/\\.' . $file_type_pattern . '$/i';
if (!preg_match($file_type_pattern, $file['name'])) {
$result['valid'] = false;
$result['reason'][$name] = $wpcf7_contact_form->message('upload_file_type_invalid');
return $result;
}
/* File size validation */
if ($file['size'] > $allowed_size) {
$result['valid'] = false;
$result['reason'][$name] = $wpcf7_contact_form->message('upload_file_too_large');
return $result;
}
$uploads_dir = wpcf7_upload_tmp_dir();
wpcf7_init_uploads();
// Confirm upload dir
$filename = $file['name'];
// If you get script file, it's a danger. Make it TXT file.
if (preg_match('/\\.(php|pl|py|rb|cgi)\\d?$/', $filename)) {
$filename .= '.txt';
}
// foo.php.jpg => foo.php_.jpg
$filename = wpcf7_sanitize_file_name($filename);
$filename = wp_unique_filename($uploads_dir, $filename);
$new_file = trailingslashit($uploads_dir) . $filename;
if (false === @move_uploaded_file($file['tmp_name'], $new_file)) {
$result['valid'] = false;
$result['reason'][$name] = $wpcf7_contact_form->message('upload_failed');
return $result;
}
// Make sure the uploaded file is only readable for the owner process
@chmod($new_file, 0400);
$wpcf7_contact_form->uploaded_files[$name] = $new_file;
return $result;
}
function wpcf7_file_display_warning_message()
{
if (!($contact_form = wpcf7_get_current_contact_form())) {
return;
}
$has_tags = (bool) $contact_form->scan_form_tags(array('type' => array('file', 'file*')));
if (!$has_tags) {
return;
}
$uploads_dir = wpcf7_upload_tmp_dir();
wpcf7_init_uploads();
if (!is_dir($uploads_dir) || !wp_is_writable($uploads_dir)) {
$message = sprintf(__('This contact form contains file uploading fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'contact-form-7'), $uploads_dir);
echo '<div class="notice notice-warning"><p>' . esc_html($message) . '</p></div>';
}
}
function wpcf7_file_display_warning_message()
{
if (empty($_GET['post']) || !($contact_form = wpcf7_contact_form($_GET['post']))) {
return;
}
$has_tags = (bool) $contact_form->form_scan_shortcode(array('type' => array('file', 'file*')));
if (!$has_tags) {
return;
}
$uploads_dir = wpcf7_upload_tmp_dir();
wpcf7_init_uploads();
if (!is_dir($uploads_dir) || !wp_is_writable($uploads_dir)) {
$message = sprintf(__('This contact form contains file uploading fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'wpcf7'), $uploads_dir);
echo '<div class="error"><p><strong>' . esc_html($message) . '</strong></p></div>';
}
}
