/modules/file.php

  1. <?php 
  2. /** 
  3. ** A base module for [file] and [file*] 
  4. **/ 
  5.  
  6. /** form_tag handler */ 
  7.  
  8. add_action( 'wpcf7_init', 'wpcf7_add_form_tag_file' ); 
  9.  
  10. function wpcf7_add_form_tag_file() { 
  11. wpcf7_add_form_tag( array( 'file', 'file*' ),  
  12. 'wpcf7_file_form_tag_handler', array( 'name-attr' => true ) ); 
  13.  
  14. function wpcf7_file_form_tag_handler( $tag ) { 
  15. $tag = new WPCF7_FormTag( $tag ); 
  16.  
  17. if ( empty( $tag->name ) ) { 
  18. return ''; 
  19.  
  20. $validation_error = wpcf7_get_validation_error( $tag->name ); 
  21.  
  22. $class = wpcf7_form_controls_class( $tag->type ); 
  23.  
  24. if ( $validation_error ) { 
  25. $class .= ' wpcf7-not-valid'; 
  26.  
  27. $atts = array(); 
  28.  
  29. $atts['size'] = $tag->get_size_option( '40' ); 
  30. $atts['class'] = $tag->get_class_option( $class ); 
  31. $atts['id'] = $tag->get_id_option(); 
  32. $atts['tabindex'] = $tag->get_option( 'tabindex', 'int', true ); 
  33.  
  34. if ( $tag->is_required() ) { 
  35. $atts['aria-required'] = 'true'; 
  36.  
  37. $atts['aria-invalid'] = $validation_error ? 'true' : 'false'; 
  38.  
  39. $atts['type'] = 'file'; 
  40. $atts['name'] = $tag->name; 
  41.  
  42. $atts = wpcf7_format_atts( $atts ); 
  43.  
  44. $html = sprintf( 
  45. '<span class="wpcf7-form-control-wrap %1$s"><input %2$s />%3$s</span>',  
  46. sanitize_html_class( $tag->name ), $atts, $validation_error ); 
  47.  
  48. return $html; 
  49.  
  50.  
  51. /** Encode type filter */ 
  52.  
  53. add_filter( 'wpcf7_form_enctype', 'wpcf7_file_form_enctype_filter' ); 
  54.  
  55. function wpcf7_file_form_enctype_filter( $enctype ) { 
  56. $multipart = (bool) wpcf7_scan_form_tags( array( 'type' => array( 'file', 'file*' ) ) ); 
  57.  
  58. if ( $multipart ) { 
  59. $enctype = 'multipart/form-data'; 
  60.  
  61. return $enctype; 
  62.  
  63.  
  64. /** Validation + upload handling filter */ 
  65.  
  66. add_filter( 'wpcf7_validate_file', 'wpcf7_file_validation_filter', 10, 2 ); 
  67. add_filter( 'wpcf7_validate_file*', 'wpcf7_file_validation_filter', 10, 2 ); 
  68.  
  69. function wpcf7_file_validation_filter( $result, $tag ) { 
  70. $tag = new WPCF7_FormTag( $tag ); 
  71.  
  72. $name = $tag->name; 
  73. $id = $tag->get_id_option(); 
  74.  
  75. $file = isset( $_FILES[$name] ) ? $_FILES[$name] : null; 
  76.  
  77. if ( $file['error'] && UPLOAD_ERR_NO_FILE != $file['error'] ) { 
  78. $result->invalidate( $tag, wpcf7_get_message( 'upload_failed_php_error' ) ); 
  79. return $result; 
  80.  
  81. if ( empty( $file['tmp_name'] ) && $tag->is_required() ) { 
  82. $result->invalidate( $tag, wpcf7_get_message( 'invalid_required' ) ); 
  83. return $result; 
  84.  
  85. if ( ! is_uploaded_file( $file['tmp_name'] ) ) { 
  86. return $result; 
  87.  
  88. $allowed_file_types = array(); 
  89.  
  90. if ( $file_types_a = $tag->get_option( 'filetypes' ) ) { 
  91. foreach ( $file_types_a as $file_types ) { 
  92. $file_types = explode( '|', $file_types ); 
  93.  
  94. foreach ( $file_types as $file_type ) { 
  95. $file_type = trim( $file_type, '.' ); 
  96. $file_type = str_replace( array( '.', '+', '*', '?' ),  
  97. array( '\.', '\+', '\*', '\?' ), $file_type ); 
  98. $allowed_file_types[] = $file_type; 
  99.  
  100. $allowed_file_types = array_unique( $allowed_file_types ); 
  101. $file_type_pattern = implode( '|', $allowed_file_types ); 
  102.  
  103. $allowed_size = 1048576; // default size 1 MB 
  104.  
  105. if ( $file_size_a = $tag->get_option( 'limit' ) ) { 
  106. $limit_pattern = '/^([1-9][0-9]*)([kKmM]?[bB])?$/'; 
  107.  
  108. foreach ( $file_size_a as $file_size ) { 
  109. if ( preg_match( $limit_pattern, $file_size, $matches ) ) { 
  110. $allowed_size = (int) $matches[1]; 
  111.  
  112. if ( ! empty( $matches[2] ) ) { 
  113. $kbmb = strtolower( $matches[2] ); 
  114.  
  115. if ( 'kb' == $kbmb ) { 
  116. $allowed_size *= 1024; 
  117. } elseif ( 'mb' == $kbmb ) { 
  118. $allowed_size *= 1024 * 1024; 
  119.  
  120. break; 
  121.  
  122. /** File type validation */ 
  123.  
  124. // Default file-type restriction 
  125. if ( '' == $file_type_pattern ) { 
  126. $file_type_pattern = 'jpg|jpeg|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv'; 
  127.  
  128. $file_type_pattern = trim( $file_type_pattern, '|' ); 
  129. $file_type_pattern = '(' . $file_type_pattern . ')'; 
  130. $file_type_pattern = '/\.' . $file_type_pattern . '$/i'; 
  131.  
  132. if ( ! preg_match( $file_type_pattern, $file['name'] ) ) { 
  133. $result->invalidate( $tag, wpcf7_get_message( 'upload_file_type_invalid' ) ); 
  134. return $result; 
  135.  
  136. /** File size validation */ 
  137.  
  138. if ( $file['size'] > $allowed_size ) { 
  139. $result->invalidate( $tag, wpcf7_get_message( 'upload_file_too_large' ) ); 
  140. return $result; 
  141.  
  142. wpcf7_init_uploads(); // Confirm upload dir 
  143. $uploads_dir = wpcf7_upload_tmp_dir(); 
  144. $uploads_dir = wpcf7_maybe_add_random_dir( $uploads_dir ); 
  145.  
  146. $filename = $file['name']; 
  147. $filename = wpcf7_canonicalize( $filename, 'as-is' ); 
  148. $filename = sanitize_file_name( $filename ); 
  149. $filename = wpcf7_antiscript_file_name( $filename ); 
  150. $filename = wp_unique_filename( $uploads_dir, $filename ); 
  151.  
  152. $new_file = trailingslashit( $uploads_dir ) . $filename; 
  153.  
  154. if ( false === @move_uploaded_file( $file['tmp_name'], $new_file ) ) { 
  155. $result->invalidate( $tag, wpcf7_get_message( 'upload_failed' ) ); 
  156. return $result; 
  157.  
  158. // Make sure the uploaded file is only readable for the owner process 
  159. @chmod( $new_file, 0400 ); 
  160.  
  161. if ( $submission = WPCF7_Submission::get_instance() ) { 
  162. $submission->add_uploaded_file( $name, $new_file ); 
  163.  
  164. return $result; 
  165.  
  166.  
  167. /** Messages */ 
  168.  
  169. add_filter( 'wpcf7_messages', 'wpcf7_file_messages' ); 
  170.  
  171. function wpcf7_file_messages( $messages ) { 
  172. return array_merge( $messages, array( 
  173. 'upload_failed' => array( 
  174. 'description' => __( "Uploading a file fails for any reason", 'contact-form-7' ),  
  175. 'default' => __( "There was an unknown error uploading the file.", 'contact-form-7' ) 
  176. ),  
  177.  
  178. 'upload_file_type_invalid' => array( 
  179. 'description' => __( "Uploaded file is not allowed for file type", 'contact-form-7' ),  
  180. 'default' => __( "You are not allowed to upload files of this type.", 'contact-form-7' ) 
  181. ),  
  182.  
  183. 'upload_file_too_large' => array( 
  184. 'description' => __( "Uploaded file is too large", 'contact-form-7' ),  
  185. 'default' => __( "The file is too big.", 'contact-form-7' ) 
  186. ),  
  187.  
  188. 'upload_failed_php_error' => array( 
  189. 'description' => __( "Uploading a file fails for PHP error", 'contact-form-7' ),  
  190. 'default' => __( "There was an error uploading the file.", 'contact-form-7' ) 
  191. ) ); 
  192.  
  193.  
  194. /** Tag generator */ 
  195.  
  196. add_action( 'wpcf7_admin_init', 'wpcf7_add_tag_generator_file', 50 ); 
  197.  
  198. function wpcf7_add_tag_generator_file() { 
  199. $tag_generator = WPCF7_TagGenerator::get_instance(); 
  200. $tag_generator->add( 'file', __( 'file', 'contact-form-7' ),  
  201. 'wpcf7_tag_generator_file' ); 
  202.  
  203. function wpcf7_tag_generator_file( $contact_form, $args = '' ) { 
  204. $args = wp_parse_args( $args, array() ); 
  205. $type = 'file'; 
  206.  
  207. $description = __( "Generate a form-tag for a file uploading field. For more details, see %s.", 'contact-form-7' ); 
  208.  
  209. $desc_link = wpcf7_link( __( 'https://contactform7.com/file-uploading-and-attachment/', 'contact-form-7' ), __( 'File Uploading and Attachment', 'contact-form-7' ) ); 
  210.  
  211. ?> 
  212. <div class="control-box"> 
  213. <fieldset> 
  214. <legend><?php echo sprintf( esc_html( $description ), $desc_link ); ?></legend> 
  215.  
  216. <table class="form-table"> 
  217. <tbody> 
  218. <tr> 
  219. <th scope="row"><?php echo esc_html( __( 'Field type', 'contact-form-7' ) ); ?></th> 
  220. <td> 
  221. <fieldset> 
  222. <legend class="screen-reader-text"><?php echo esc_html( __( 'Field type', 'contact-form-7' ) ); ?></legend> 
  223. <label><input type="checkbox" name="required" /> <?php echo esc_html( __( 'Required field', 'contact-form-7' ) ); ?></label> 
  224. </fieldset> 
  225. </td> 
  226. </tr> 
  227.  
  228. <tr> 
  229. <th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-name' ); ?>"><?php echo esc_html( __( 'Name', 'contact-form-7' ) ); ?></label></th> 
  230. <td><input type="text" name="name" class="tg-name oneline" id="<?php echo esc_attr( $args['content'] . '-name' ); ?>" /></td> 
  231. </tr> 
  232.  
  233. <tr> 
  234. <th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-limit' ); ?>"><?php echo esc_html( __( "File size limit (bytes)", 'contact-form-7' ) ); ?></label></th> 
  235. <td><input type="text" name="limit" class="filesize oneline option" id="<?php echo esc_attr( $args['content'] . '-limit' ); ?>" /></td> 
  236. </tr> 
  237.  
  238. <tr> 
  239. <th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-filetypes' ); ?>"><?php echo esc_html( __( 'Acceptable file types', 'contact-form-7' ) ); ?></label></th> 
  240. <td><input type="text" name="filetypes" class="filetype oneline option" id="<?php echo esc_attr( $args['content'] . '-filetypes' ); ?>" /></td> 
  241. </tr> 
  242.  
  243. <tr> 
  244. <th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-id' ); ?>"><?php echo esc_html( __( 'Id attribute', 'contact-form-7' ) ); ?></label></th> 
  245. <td><input type="text" name="id" class="idvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-id' ); ?>" /></td> 
  246. </tr> 
  247.  
  248. <tr> 
  249. <th scope="row"><label for="<?php echo esc_attr( $args['content'] . '-class' ); ?>"><?php echo esc_html( __( 'Class attribute', 'contact-form-7' ) ); ?></label></th> 
  250. <td><input type="text" name="class" class="classvalue oneline option" id="<?php echo esc_attr( $args['content'] . '-class' ); ?>" /></td> 
  251. </tr> 
  252.  
  253. </tbody> 
  254. </table> 
  255. </fieldset> 
  256. </div> 
  257.  
  258. <div class="insert-box"> 
  259. <input type="text" name="<?php echo $type; ?>" class="tag code" readonly="readonly" onfocus="this.select()" /> 
  260.  
  261. <div class="submitbox"> 
  262. <input type="button" class="button button-primary insert-tag" value="<?php echo esc_attr( __( 'Insert Tag', 'contact-form-7' ) ); ?>" /> 
  263. </div> 
  264.  
  265. <br class="clear" /> 
  266.  
  267. <p class="description mail-tag"><label for="<?php echo esc_attr( $args['content'] . '-mailtag' ); ?>"><?php echo sprintf( esc_html( __( "To attach the file uploaded through this field to mail, you need to insert the corresponding mail-tag (%s) into the File Attachments field on the Mail tab.", 'contact-form-7' ) ), '<strong><span class="mail-tag"></span></strong>' ); ?><input type="text" class="mail-tag code hidden" readonly="readonly" id="<?php echo esc_attr( $args['content'] . '-mailtag' ); ?>" /></label></p> 
  268. </div> 
  269. <?php 
  270.  
  271.  
  272. /** Warning message */ 
  273.  
  274. add_action( 'wpcf7_admin_warnings', 'wpcf7_file_display_warning_message' ); 
  275.  
  276. function wpcf7_file_display_warning_message() { 
  277. if ( ! $contact_form = wpcf7_get_current_contact_form() ) { 
  278. return; 
  279.  
  280. $has_tags = (bool) $contact_form->scan_form_tags( 
  281. array( 'type' => array( 'file', 'file*' ) ) ); 
  282.  
  283. if ( ! $has_tags ) { 
  284. return; 
  285.  
  286. $uploads_dir = wpcf7_upload_tmp_dir(); 
  287. wpcf7_init_uploads(); 
  288.  
  289. if ( ! is_dir( $uploads_dir ) || ! wp_is_writable( $uploads_dir ) ) { 
  290. $message = sprintf( __( 'This contact form contains file uploading fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'contact-form-7' ), $uploads_dir ); 
  291.  
  292. echo '<div class="notice notice-warning"><p>' . esc_html( $message ) . '</p></div>'; 
  293.  
  294.  
  295. /** File uploading functions */ 
  296.  
  297. function wpcf7_init_uploads() { 
  298. $dir = wpcf7_upload_tmp_dir(); 
  299. wp_mkdir_p( $dir ); 
  300.  
  301. $htaccess_file = trailingslashit( $dir ) . '.htaccess'; 
  302.  
  303. if ( file_exists( $htaccess_file ) ) { 
  304. return; 
  305.  
  306. if ( $handle = @fopen( $htaccess_file, 'w' ) ) { 
  307. fwrite( $handle, "Deny from all\n" ); 
  308. fclose( $handle ); 
  309.  
  310. function wpcf7_maybe_add_random_dir( $dir ) { 
  311. do { 
  312. $rand_max = mt_getrandmax(); 
  313. $rand = zeroise( mt_rand( 0, $rand_max ), strlen( $rand_max ) ); 
  314. $dir_new = path_join( $dir, $rand ); 
  315. } while ( file_exists( $dir_new ) ); 
  316.  
  317. if ( wp_mkdir_p( $dir_new ) ) { 
  318. return $dir_new; 
  319.  
  320. return $dir; 
  321.  
  322. function wpcf7_upload_tmp_dir() { 
  323. if ( defined( 'WPCF7_UPLOADS_TMP_DIR' ) ) 
  324. return WPCF7_UPLOADS_TMP_DIR; 
  325. else 
  326. return wpcf7_upload_dir( 'dir' ) . '/wpcf7_uploads'; 
  327.  
  328. add_action( 'template_redirect', 'wpcf7_cleanup_upload_files', 20 ); 
  329.  
  330. function wpcf7_cleanup_upload_files( $seconds = 60, $max = 100 ) { 
  331. if ( is_admin() || 'GET' != $_SERVER['REQUEST_METHOD'] 
  332. || is_robots() || is_feed() || is_trackback() ) { 
  333. return; 
  334.  
  335. $dir = trailingslashit( wpcf7_upload_tmp_dir() ); 
  336.  
  337. if ( ! is_dir( $dir ) || ! is_readable( $dir ) || ! wp_is_writable( $dir ) ) { 
  338. return; 
  339.  
  340. $seconds = absint( $seconds ); 
  341. $max = absint( $max ); 
  342. $count = 0; 
  343.  
  344. if ( $handle = @opendir( $dir ) ) { 
  345. while ( false !== ( $file = readdir( $handle ) ) ) { 
  346. if ( $file == "." || $file == ".." || $file == ".htaccess" ) { 
  347. continue; 
  348.  
  349. $mtime = @filemtime( $dir . $file ); 
  350.  
  351. if ( $mtime && time() < $mtime + $seconds ) { // less than $seconds old 
  352. continue; 
  353.  
  354. wpcf7_rmdir_p( path_join( $dir, $file ) ); 
  355. $count += 1; 
  356.  
  357. if ( $max <= $count ) { 
  358. break; 
  359.  
  360. closedir( $handle ); 
.