acceptance.php
16 years ago
captcha.php
16 years ago
checkbox.php
16 years ago
file.php
16 years ago
icl.php
16 years ago
quiz.php
16 years ago
select.php
16 years ago
submit.php
16 years ago
text.php
16 years ago
textarea.php
16 years ago
file.php
217 lines
| 1 | <?php |
| 2 | /** |
| 3 | ** A base module for [file] and [file*] |
| 4 | **/ |
| 5 | |
| 6 | function wpcf7_file_shortcode_handler( $tag ) { |
| 7 | global $wpcf7_contact_form; |
| 8 | |
| 9 | if ( ! is_array( $tag ) ) |
| 10 | return ''; |
| 11 | |
| 12 | $type = $tag['type']; |
| 13 | $name = $tag['name']; |
| 14 | $options = (array) $tag['options']; |
| 15 | $values = (array) $tag['values']; |
| 16 | |
| 17 | if ( empty( $name ) ) |
| 18 | return ''; |
| 19 | |
| 20 | $atts = ''; |
| 21 | $id_att = ''; |
| 22 | $class_att = ''; |
| 23 | |
| 24 | if ( 'file*' == $type ) |
| 25 | $class_att .= ' wpcf7-validates-as-required'; |
| 26 | |
| 27 | foreach ( $options as $option ) { |
| 28 | if ( preg_match( '%^id:([-0-9a-zA-Z_]+)$%', $option, $matches ) ) { |
| 29 | $id_att = $matches[1]; |
| 30 | |
| 31 | } elseif ( preg_match( '%^class:([-0-9a-zA-Z_]+)$%', $option, $matches ) ) { |
| 32 | $class_att .= ' ' . $matches[1]; |
| 33 | |
| 34 | } |
| 35 | } |
| 36 | |
| 37 | if ( $id_att ) |
| 38 | $atts .= ' id="' . trim( $id_att ) . '"'; |
| 39 | |
| 40 | if ( $class_att ) |
| 41 | $atts .= ' class="' . trim( $class_att ) . '"'; |
| 42 | |
| 43 | $html = '<input type="file" name="' . $name . '"' . $atts . ' value="1" />'; |
| 44 | |
| 45 | $validation_error = ''; |
| 46 | if ( is_a( $wpcf7_contact_form, 'WPCF7_ContactForm' ) ) |
| 47 | $validation_error = $wpcf7_contact_form->validation_error( $name ); |
| 48 | |
| 49 | $html = '<span class="wpcf7-form-control-wrap ' . $name . '">' . $html . $validation_error . '</span>'; |
| 50 | |
| 51 | return $html; |
| 52 | } |
| 53 | |
| 54 | wpcf7_add_shortcode( 'file', 'wpcf7_file_shortcode_handler', true ); |
| 55 | wpcf7_add_shortcode( 'file*', 'wpcf7_file_shortcode_handler', true ); |
| 56 | |
| 57 | |
| 58 | /* Encode type filter */ |
| 59 | |
| 60 | function wpcf7_file_form_enctype_filter( $enctype ) { |
| 61 | global $wpcf7_contact_form; |
| 62 | |
| 63 | $multipart = (bool) $wpcf7_contact_form->form_scan_shortcode( |
| 64 | array( 'type' => array( 'file', 'file*' ) ) ); |
| 65 | |
| 66 | if ( $multipart ) |
| 67 | $enctype = ' enctype="multipart/form-data"'; |
| 68 | |
| 69 | return $enctype; |
| 70 | } |
| 71 | |
| 72 | add_filter( 'wpcf7_form_enctype', 'wpcf7_file_form_enctype_filter' ); |
| 73 | |
| 74 | |
| 75 | /* Validation + upload handling filter */ |
| 76 | |
| 77 | function wpcf7_file_validation_filter( $result, $tag ) { |
| 78 | global $wpcf7_contact_form; |
| 79 | |
| 80 | $type = $tag['type']; |
| 81 | $name = $tag['name']; |
| 82 | $options = (array) $tag['options']; |
| 83 | |
| 84 | $file = $_FILES[$name]; |
| 85 | |
| 86 | if ( empty( $file['tmp_name'] ) && 'file*' == $type ) { |
| 87 | $result['valid'] = false; |
| 88 | $result['reason'][$name] = $wpcf7_contact_form->message( 'invalid_required' ); |
| 89 | return $result; |
| 90 | } |
| 91 | |
| 92 | if ( ! is_uploaded_file( $file['tmp_name'] ) ) |
| 93 | return $result; |
| 94 | |
| 95 | $file_type_pattern = ''; |
| 96 | $allowed_size = 1048576; // default size 1 MB |
| 97 | |
| 98 | foreach ( $options as $option ) { |
| 99 | if ( preg_match( '%^filetypes:(.+)$%', $option, $matches ) ) { |
| 100 | $file_types = explode( '|', $matches[1] ); |
| 101 | foreach ( $file_types as $file_type ) { |
| 102 | $file_type = trim( $file_type, '.' ); |
| 103 | $file_type = str_replace( |
| 104 | array( '.', '+', '*', '?' ), array( '\.', '\+', '\*', '\?' ), $file_type ); |
| 105 | $file_type_pattern .= '|' . $file_type; |
| 106 | } |
| 107 | |
| 108 | } elseif ( preg_match( '/^limit:([1-9][0-9]*)([kKmM]?[bB])?$/', $option, $matches ) ) { |
| 109 | $allowed_size = (int) $matches[1]; |
| 110 | |
| 111 | $kbmb = strtolower( $matches[2] ); |
| 112 | if ( 'kb' == $kbmb ) { |
| 113 | $allowed_size *= 1024; |
| 114 | } elseif ( 'mb' == $kbmb ) { |
| 115 | $allowed_size *= 1024 * 1024; |
| 116 | } |
| 117 | |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | /* File type validation */ |
| 122 | |
| 123 | // Default file-type restriction |
| 124 | if ( '' == $file_type_pattern ) |
| 125 | $file_type_pattern = 'jpg|jpeg|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv'; |
| 126 | |
| 127 | $file_type_pattern = trim( $file_type_pattern, '|' ); |
| 128 | $file_type_pattern = '(' . $file_type_pattern . ')'; |
| 129 | $file_type_pattern = '/\.' . $file_type_pattern . '$/i'; |
| 130 | |
| 131 | if ( ! preg_match( $file_type_pattern, $file['name'] ) ) { |
| 132 | $result['valid'] = false; |
| 133 | $result['reason'][$name] = $wpcf7_contact_form->message( 'upload_file_type_invalid' ); |
| 134 | return $result; |
| 135 | } |
| 136 | |
| 137 | /* File size validation */ |
| 138 | |
| 139 | if ( $file['size'] > $allowed_size ) { |
| 140 | $result['valid'] = false; |
| 141 | $result['reason'][$name] = $wpcf7_contact_form->message( 'upload_file_too_large' ); |
| 142 | return $result; |
| 143 | } |
| 144 | |
| 145 | $uploads_dir = wpcf7_upload_tmp_dir(); |
| 146 | wpcf7_init_uploads(); // Confirm upload dir |
| 147 | |
| 148 | $filename = wp_unique_filename( $uploads_dir, $file['name'] ); |
| 149 | |
| 150 | // If you get script file, it's a danger. Make it TXT file. |
| 151 | if ( preg_match( '/\.(php|pl|py|rb|cgi)\d?$/', $filename ) ) |
| 152 | $filename .= '.txt'; |
| 153 | |
| 154 | $new_file = trailingslashit( $uploads_dir ) . $filename; |
| 155 | |
| 156 | if ( false === @move_uploaded_file( $file['tmp_name'], $new_file ) ) { |
| 157 | $result['valid'] = false; |
| 158 | $result['reason'][$name] = $wpcf7_contact_form->message( 'upload_failed' ); |
| 159 | return $result; |
| 160 | } |
| 161 | |
| 162 | // Make sure the uploaded file is only readable for the owner process |
| 163 | @chmod( $new_file, 0400 ); |
| 164 | |
| 165 | $wpcf7_contact_form->uploaded_files[$name] = $new_file; |
| 166 | |
| 167 | return $result; |
| 168 | } |
| 169 | |
| 170 | add_filter( 'wpcf7_validate_file', 'wpcf7_file_validation_filter', 10, 2 ); |
| 171 | add_filter( 'wpcf7_validate_file*', 'wpcf7_file_validation_filter', 10, 2 ); |
| 172 | |
| 173 | |
| 174 | /* File uploading functions */ |
| 175 | |
| 176 | function wpcf7_init_uploads() { |
| 177 | $dir = wpcf7_upload_tmp_dir(); |
| 178 | wp_mkdir_p( trailingslashit( $dir ) ); |
| 179 | @chmod( $dir, 0733 ); |
| 180 | |
| 181 | $htaccess_file = trailingslashit( $dir ) . '.htaccess'; |
| 182 | if ( file_exists( $htaccess_file ) ) |
| 183 | return; |
| 184 | |
| 185 | if ( $handle = @fopen( $htaccess_file, 'w' ) ) { |
| 186 | fwrite( $handle, "Deny from all\n" ); |
| 187 | fclose( $handle ); |
| 188 | } |
| 189 | } |
| 190 | |
| 191 | function wpcf7_cleanup_upload_files() { |
| 192 | $dir = trailingslashit( wpcf7_upload_tmp_dir() ); |
| 193 | |
| 194 | if ( ! is_dir( $dir ) ) |
| 195 | return false; |
| 196 | if ( ! is_readable( $dir ) ) |
| 197 | return false; |
| 198 | if ( ! is_writable( $dir ) ) |
| 199 | return false; |
| 200 | |
| 201 | if ( $handle = @opendir( $dir ) ) { |
| 202 | while ( false !== ( $file = readdir( $handle ) ) ) { |
| 203 | if ( $file == "." || $file == ".." || $file == ".htaccess" ) |
| 204 | continue; |
| 205 | |
| 206 | $stat = stat( $dir . $file ); |
| 207 | if ( $stat['mtime'] + 60 < time() ) // 60 secs |
| 208 | @unlink( $dir . $file ); |
| 209 | } |
| 210 | closedir( $handle ); |
| 211 | } |
| 212 | } |
| 213 | |
| 214 | if ( ! is_admin() && 'GET' == $_SERVER['REQUEST_METHOD'] ) |
| 215 | wpcf7_cleanup_upload_files(); |
| 216 | |
| 217 | ?> |