'; $validation_error = ''; if ( is_a( $wpcf7_contact_form, 'WPCF7_ContactForm' ) ) $validation_error = $wpcf7_contact_form->validation_error( $name ); $html = '' . $html . $validation_error . ''; return $html; } wpcf7_add_shortcode( 'file', 'wpcf7_file_shortcode_handler', true ); wpcf7_add_shortcode( 'file*', 'wpcf7_file_shortcode_handler', true ); /* Encode type filter */ function wpcf7_file_form_enctype_filter( $enctype ) { global $wpcf7_contact_form; $multipart = (bool) $wpcf7_contact_form->form_scan_shortcode( array( 'type' => array( 'file', 'file*' ) ) ); if ( $multipart ) $enctype = ' enctype="multipart/form-data"'; return $enctype; } add_filter( 'wpcf7_form_enctype', 'wpcf7_file_form_enctype_filter' ); /* Validation + upload handling filter */ function wpcf7_file_validation_filter( $result, $tag ) { global $wpcf7_contact_form; $type = $tag['type']; $name = $tag['name']; $options = (array) $tag['options']; $file = $_FILES[$name]; if ( $file['error'] ) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message( 'upload_failed_php_error' ); return $result; } if ( empty( $file['tmp_name'] ) && 'file*' == $type ) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message( 'invalid_required' ); return $result; } if ( ! is_uploaded_file( $file['tmp_name'] ) ) return $result; $file_type_pattern = ''; $allowed_size = 1048576; // default size 1 MB foreach ( $options as $option ) { if ( preg_match( '%^filetypes:(.+)$%', $option, $matches ) ) { $file_types = explode( '|', $matches[1] ); foreach ( $file_types as $file_type ) { $file_type = trim( $file_type, '.' ); $file_type = str_replace( array( '.', '+', '*', '?' ), array( '\.', '\+', '\*', '\?' ), $file_type ); $file_type_pattern .= '|' . $file_type; } } elseif ( preg_match( '/^limit:([1-9][0-9]*)([kKmM]?[bB])?$/', $option, $matches ) ) { $allowed_size = (int) $matches[1]; $kbmb = strtolower( $matches[2] ); if ( 'kb' == $kbmb ) { $allowed_size *= 1024; } elseif ( 'mb' == $kbmb ) { $allowed_size *= 1024 * 1024; } } } /* File type validation */ // Default file-type restriction if ( '' == $file_type_pattern ) $file_type_pattern = 'jpg|jpeg|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv'; $file_type_pattern = trim( $file_type_pattern, '|' ); $file_type_pattern = '(' . $file_type_pattern . ')'; $file_type_pattern = '/\.' . $file_type_pattern . '$/i'; if ( ! preg_match( $file_type_pattern, $file['name'] ) ) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message( 'upload_file_type_invalid' ); return $result; } /* File size validation */ if ( $file['size'] > $allowed_size ) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message( 'upload_file_too_large' ); return $result; } $uploads_dir = wpcf7_upload_tmp_dir(); wpcf7_init_uploads(); // Confirm upload dir $filename = wp_unique_filename( $uploads_dir, $file['name'] ); // If you get script file, it's a danger. Make it TXT file. if ( preg_match( '/\.(php|pl|py|rb|cgi)\d?$/', $filename ) ) $filename .= '.txt'; $new_file = trailingslashit( $uploads_dir ) . $filename; if ( false === @move_uploaded_file( $file['tmp_name'], $new_file ) ) { $result['valid'] = false; $result['reason'][$name] = $wpcf7_contact_form->message( 'upload_failed' ); return $result; } // Make sure the uploaded file is only readable for the owner process @chmod( $new_file, 0400 ); $wpcf7_contact_form->uploaded_files[$name] = $new_file; return $result; } add_filter( 'wpcf7_validate_file', 'wpcf7_file_validation_filter', 10, 2 ); add_filter( 'wpcf7_validate_file*', 'wpcf7_file_validation_filter', 10, 2 ); /* File uploading functions */ function wpcf7_init_uploads() { $dir = wpcf7_upload_tmp_dir(); wp_mkdir_p( trailingslashit( $dir ) ); @chmod( $dir, 0733 ); $htaccess_file = trailingslashit( $dir ) . '.htaccess'; if ( file_exists( $htaccess_file ) ) return; if ( $handle = @fopen( $htaccess_file, 'w' ) ) { fwrite( $handle, "Deny from all\n" ); fclose( $handle ); } } function wpcf7_cleanup_upload_files() { $dir = trailingslashit( wpcf7_upload_tmp_dir() ); if ( ! is_dir( $dir ) ) return false; if ( ! is_readable( $dir ) ) return false; if ( ! is_writable( $dir ) ) return false; if ( $handle = @opendir( $dir ) ) { while ( false !== ( $file = readdir( $handle ) ) ) { if ( $file == "." || $file == ".." || $file == ".htaccess" ) continue; $stat = stat( $dir . $file ); if ( $stat['mtime'] + 60 < time() ) // 60 secs @unlink( $dir . $file ); } closedir( $handle ); } } if ( ! is_admin() && 'GET' == $_SERVER['REQUEST_METHOD'] ) wpcf7_cleanup_upload_files(); ?>