PageRenderTime 39ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/plugin/contact-form-7/modules/file.php

https://github.com/core2062/CORE-Website
PHP | 343 lines | 232 code | 96 blank | 15 comment | 51 complexity | 11d436faad8dd777a24324b61f61d0cd MD5 | raw file
Possible License(s): GPL-3.0, AGPL-1.0, GPL-2.0
  1. <?php
  2. /**
  3. ** A base module for [file] and [file*]
  4. **/
  5. /* Shortcode handler */
  6. add_action( 'init', 'wpcf7_add_shortcode_file', 5 );
  7. function wpcf7_add_shortcode_file() {
  8. wpcf7_add_shortcode( array( 'file', 'file*' ),
  9. 'wpcf7_file_shortcode_handler', true );
  10. }
  11. function wpcf7_file_shortcode_handler( $tag ) {
  12. $tag = new WPCF7_Shortcode( $tag );
  13. if ( empty( $tag->name ) )
  14. return '';
  15. $validation_error = wpcf7_get_validation_error( $tag->name );
  16. $class = wpcf7_form_controls_class( $tag->type );
  17. if ( $validation_error )
  18. $class .= ' wpcf7-not-valid';
  19. $atts = array();
  20. $atts['size'] = $tag->get_size_option( '40' );
  21. $atts['class'] = $tag->get_class_option( $class );
  22. $atts['id'] = $tag->get_option( 'id', 'id', true );
  23. $atts['tabindex'] = $tag->get_option( 'tabindex', 'int', true );
  24. if ( $tag->is_required() )
  25. $atts['aria-required'] = 'true';
  26. $atts['type'] = 'file';
  27. $atts['name'] = $tag->name;
  28. $atts['value'] = '1';
  29. $atts = wpcf7_format_atts( $atts );
  30. $html = sprintf(
  31. '<span class="wpcf7-form-control-wrap %1$s"><input %2$s />%3$s</span>',
  32. $tag->name, $atts, $validation_error );
  33. return $html;
  34. }
  35. /* Encode type filter */
  36. add_filter( 'wpcf7_form_enctype', 'wpcf7_file_form_enctype_filter' );
  37. function wpcf7_file_form_enctype_filter( $enctype ) {
  38. $multipart = (bool) wpcf7_scan_shortcode( array( 'type' => array( 'file', 'file*' ) ) );
  39. if ( $multipart )
  40. $enctype = ' enctype="multipart/form-data"';
  41. return $enctype;
  42. }
  43. /* Validation + upload handling filter */
  44. add_filter( 'wpcf7_validate_file', 'wpcf7_file_validation_filter', 10, 2 );
  45. add_filter( 'wpcf7_validate_file*', 'wpcf7_file_validation_filter', 10, 2 );
  46. function wpcf7_file_validation_filter( $result, $tag ) {
  47. $tag = new WPCF7_Shortcode( $tag );
  48. $name = $tag->name;
  49. $file = isset( $_FILES[$name] ) ? $_FILES[$name] : null;
  50. if ( $file['error'] && UPLOAD_ERR_NO_FILE != $file['error'] ) {
  51. $result['valid'] = false;
  52. $result['reason'][$name] = wpcf7_get_message( 'upload_failed_php_error' );
  53. return $result;
  54. }
  55. if ( empty( $file['tmp_name'] ) && $tag->is_required() ) {
  56. $result['valid'] = false;
  57. $result['reason'][$name] = wpcf7_get_message( 'invalid_required' );
  58. return $result;
  59. }
  60. if ( ! is_uploaded_file( $file['tmp_name'] ) )
  61. return $result;
  62. $allowed_file_types = array();
  63. if ( $file_types_a = $tag->get_option( 'filetypes' ) ) {
  64. foreach ( $file_types_a as $file_types ) {
  65. $file_types = explode( '|', $file_types );
  66. foreach ( $file_types as $file_type ) {
  67. $file_type = trim( $file_type, '.' );
  68. $file_type = str_replace( array( '.', '+', '*', '?' ),
  69. array( '\.', '\+', '\*', '\?' ), $file_type );
  70. $allowed_file_types[] = $file_type;
  71. }
  72. }
  73. }
  74. $allowed_file_types = array_unique( $allowed_file_types );
  75. $file_type_pattern = implode( '|', $allowed_file_types );
  76. $allowed_size = 1048576; // default size 1 MB
  77. if ( $file_size_a = $tag->get_option( 'limit' ) ) {
  78. $limit_pattern = '/^([1-9][0-9]*)([kKmM]?[bB])?$/';
  79. foreach ( $file_size_a as $file_size ) {
  80. if ( preg_match( $limit_pattern, $file_size, $matches ) ) {
  81. $allowed_size = (int) $matches[1];
  82. if ( ! empty( $matches[2] ) ) {
  83. $kbmb = strtolower( $matches[2] );
  84. if ( 'kb' == $kbmb )
  85. $allowed_size *= 1024;
  86. elseif ( 'mb' == $kbmb )
  87. $allowed_size *= 1024 * 1024;
  88. }
  89. break;
  90. }
  91. }
  92. }
  93. /* File type validation */
  94. // Default file-type restriction
  95. if ( '' == $file_type_pattern )
  96. $file_type_pattern = 'jpg|jpeg|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv';
  97. $file_type_pattern = trim( $file_type_pattern, '|' );
  98. $file_type_pattern = '(' . $file_type_pattern . ')';
  99. $file_type_pattern = '/\.' . $file_type_pattern . '$/i';
  100. if ( ! preg_match( $file_type_pattern, $file['name'] ) ) {
  101. $result['valid'] = false;
  102. $result['reason'][$name] = wpcf7_get_message( 'upload_file_type_invalid' );
  103. return $result;
  104. }
  105. /* File size validation */
  106. if ( $file['size'] > $allowed_size ) {
  107. $result['valid'] = false;
  108. $result['reason'][$name] = wpcf7_get_message( 'upload_file_too_large' );
  109. return $result;
  110. }
  111. $uploads_dir = wpcf7_upload_tmp_dir();
  112. wpcf7_init_uploads(); // Confirm upload dir
  113. $filename = $file['name'];
  114. // If you get script file, it's a danger. Make it TXT file.
  115. if ( preg_match( '/\.(php|pl|py|rb|cgi)\d?$/', $filename ) )
  116. $filename .= '.txt';
  117. $filename = wp_unique_filename( $uploads_dir, $filename );
  118. $new_file = trailingslashit( $uploads_dir ) . $filename;
  119. if ( false === @move_uploaded_file( $file['tmp_name'], $new_file ) ) {
  120. $result['valid'] = false;
  121. $result['reason'][$name] = wpcf7_get_message( 'upload_failed' );
  122. return $result;
  123. }
  124. // Make sure the uploaded file is only readable for the owner process
  125. @chmod( $new_file, 0400 );
  126. if ( $contact_form = wpcf7_get_current_contact_form() ) {
  127. $contact_form->uploaded_files[$name] = $new_file;
  128. if ( empty( $contact_form->posted_data[$name] ) )
  129. $contact_form->posted_data[$name] = $filename;
  130. }
  131. return $result;
  132. }
  133. /* Messages */
  134. add_filter( 'wpcf7_messages', 'wpcf7_file_messages' );
  135. function wpcf7_file_messages( $messages ) {
  136. return array_merge( $messages, array(
  137. 'upload_failed' => array(
  138. 'description' => __( "Uploading a file fails for any reason", 'wpcf7' ),
  139. 'default' => __( 'Failed to upload file.', 'wpcf7' )
  140. ),
  141. 'upload_file_type_invalid' => array(
  142. 'description' => __( "Uploaded file is not allowed file type", 'wpcf7' ),
  143. 'default' => __( 'This file type is not allowed.', 'wpcf7' )
  144. ),
  145. 'upload_file_too_large' => array(
  146. 'description' => __( "Uploaded file is too large", 'wpcf7' ),
  147. 'default' => __( 'This file is too large.', 'wpcf7' )
  148. ),
  149. 'upload_failed_php_error' => array(
  150. 'description' => __( "Uploading a file fails for PHP error", 'wpcf7' ),
  151. 'default' => __( 'Failed to upload file. Error occurred.', 'wpcf7' )
  152. )
  153. ) );
  154. }
  155. /* Tag generator */
  156. add_action( 'admin_init', 'wpcf7_add_tag_generator_file', 50 );
  157. function wpcf7_add_tag_generator_file() {
  158. if ( ! function_exists( 'wpcf7_add_tag_generator' ) )
  159. return;
  160. wpcf7_add_tag_generator( 'file', __( 'File upload', 'wpcf7' ),
  161. 'wpcf7-tg-pane-file', 'wpcf7_tg_pane_file' );
  162. }
  163. function wpcf7_tg_pane_file( &$contact_form ) {
  164. ?>
  165. <div id="wpcf7-tg-pane-file" class="hidden">
  166. <form action="">
  167. <table>
  168. <tr><td><input type="checkbox" name="required" />&nbsp;<?php echo esc_html( __( 'Required field?', 'wpcf7' ) ); ?></td></tr>
  169. <tr><td><?php echo esc_html( __( 'Name', 'wpcf7' ) ); ?><br /><input type="text" name="name" class="tg-name oneline" /></td><td></td></tr>
  170. </table>
  171. <table>
  172. <tr>
  173. <td><code>id</code> (<?php echo esc_html( __( 'optional', 'wpcf7' ) ); ?>)<br />
  174. <input type="text" name="id" class="idvalue oneline option" /></td>
  175. <td><code>class</code> (<?php echo esc_html( __( 'optional', 'wpcf7' ) ); ?>)<br />
  176. <input type="text" name="class" class="classvalue oneline option" /></td>
  177. </tr>
  178. <tr>
  179. <td><?php echo esc_html( __( "File size limit", 'wpcf7' ) ); ?> (<?php echo esc_html( __( 'bytes', 'wpcf7' ) ); ?>) (<?php echo esc_html( __( 'optional', 'wpcf7' ) ); ?>)<br />
  180. <input type="text" name="limit" class="filesize oneline option" /></td>
  181. <td><?php echo esc_html( __( "Acceptable file types", 'wpcf7' ) ); ?> (<?php echo esc_html( __( 'optional', 'wpcf7' ) ); ?>)<br />
  182. <input type="text" name="filetypes" class="filetype oneline option" /></td>
  183. </tr>
  184. </table>
  185. <div class="tg-tag"><?php echo esc_html( __( "Copy this code and paste it into the form left.", 'wpcf7' ) ); ?><br /><input type="text" name="file" class="tag" readonly="readonly" onfocus="this.select()" /></div>
  186. <div class="tg-mail-tag"><?php echo esc_html( __( "And, put this code into the File Attachments field below.", 'wpcf7' ) ); ?><br /><span class="arrow">&#11015;</span>&nbsp;<input type="text" class="mail-tag" readonly="readonly" onfocus="this.select()" /></div>
  187. </form>
  188. </div>
  189. <?php
  190. }
  191. /* Warning message */
  192. add_action( 'wpcf7_admin_notices', 'wpcf7_file_display_warning_message' );
  193. function wpcf7_file_display_warning_message() {
  194. if ( empty( $_GET['post'] ) || ! $contact_form = wpcf7_contact_form( $_GET['post'] ) )
  195. return;
  196. $has_tags = (bool) $contact_form->form_scan_shortcode(
  197. array( 'type' => array( 'file', 'file*' ) ) );
  198. if ( ! $has_tags )
  199. return;
  200. $uploads_dir = wpcf7_upload_tmp_dir();
  201. wpcf7_init_uploads();
  202. if ( ! is_dir( $uploads_dir ) || ! is_writable( $uploads_dir ) ) {
  203. $message = sprintf( __( 'This contact form contains file uploading fields, but the temporary folder for the files (%s) does not exist or is not writable. You can create the folder or change its permission manually.', 'wpcf7' ), $uploads_dir );
  204. echo '<div class="error"><p><strong>' . esc_html( $message ) . '</strong></p></div>';
  205. }
  206. }
  207. /* File uploading functions */
  208. function wpcf7_init_uploads() {
  209. $dir = wpcf7_upload_tmp_dir();
  210. wp_mkdir_p( trailingslashit( $dir ) );
  211. @chmod( $dir, 0733 );
  212. $htaccess_file = trailingslashit( $dir ) . '.htaccess';
  213. if ( file_exists( $htaccess_file ) )
  214. return;
  215. if ( $handle = @fopen( $htaccess_file, 'w' ) ) {
  216. fwrite( $handle, "Deny from all\n" );
  217. fclose( $handle );
  218. }
  219. }
  220. function wpcf7_upload_tmp_dir() {
  221. if ( defined( 'WPCF7_UPLOADS_TMP_DIR' ) )
  222. return WPCF7_UPLOADS_TMP_DIR;
  223. else
  224. return wpcf7_upload_dir( 'dir' ) . '/wpcf7_uploads';
  225. }
  226. function wpcf7_cleanup_upload_files() {
  227. $dir = trailingslashit( wpcf7_upload_tmp_dir() );
  228. if ( ! is_dir( $dir ) )
  229. return false;
  230. if ( ! is_readable( $dir ) )
  231. return false;
  232. if ( ! is_writable( $dir ) )
  233. return false;
  234. if ( $handle = @opendir( $dir ) ) {
  235. while ( false !== ( $file = readdir( $handle ) ) ) {
  236. if ( $file == "." || $file == ".." || $file == ".htaccess" )
  237. continue;
  238. $stat = stat( $dir . $file );
  239. if ( $stat['mtime'] + 60 < time() ) // 60 secs
  240. @unlink( $dir . $file );
  241. }
  242. closedir( $handle );
  243. }
  244. }
  245. if ( ! is_admin() && 'GET' == $_SERVER['REQUEST_METHOD'] )
  246. wpcf7_cleanup_upload_files();
  247. ?>