Yes, it seems that’s the case … they are deleted regardless. In classes.php in the submit() method lines 409, all uploaded files are deleted:
foreach ( (array) $this->uploaded_files as $name => $path ) {
@unlink( $path );
}
File that are too big can’t be attached so CF7 could offer the option of leaving them in the upload folder and place an url to them in the email. The email could have a url for download and one for delete, e.g. via a GET ?do=delete.
Something for you to consider.
Is there a way to add hooks/filters into CF7 so I can process the submitted data and modify the email body (e.g. to include such a URL to uploaded files)?
EDIT: Just found wpcf7_before_send_mail … I’ll see what I can do with that.
Cheers
The wpcf7_before_send_mail hook worked just fine. I had to move the file to another directory though so that CF7 won’t delete it.
You may still want to consider including something like this as a core feature (big file uploads as download URL in the email).
One small thing: I’m using SuPHP in a setup that requires 0644 for files and and 0755 for dirs. CF7 forces files to be 0400 and I understand the reason behind it, but it introduces some difficulty in SuPHP setups.
Cheers, and keep up the good work.
Please read the documentation first.
File Uploading and Attachment
After a user uploads a file through your contact form, Contact Form 7 checks to see if: 1.) Any PHP errors have occurred; 2.) the file type and file size are valid; and then, if the check turns out okay, Contact Form 7 moves the uploaded file to a temporary folder. At this point, Contact Form 7 attaches the file to the mail and sends it. After these procedures, Contact Form 7 then removes the file from the temporary folder.
You would make a big security/privacy risk if you left files uploaded through a public contact form.
normadize, actually I don’t care how you extend the code for your internal or experimental project, but as the plugin author I have a responsibility to warn other users of high-risk customizations.
You would make a bike security/privacy risk if you left files uploaded through a public contact form.
Not if you move the files to a folder outside the WP web space. You however chose to move them in the public WP uploads folder… which is not only unnecessary given you only want to attach them to the email, it actually creates some security risk (yes, I know there is a htaccess file).
It’s the 3rd time that you (oh so friendly) tell me that my suggestions are high-risk/security threats, being actually wrong and providing little explanation.
P.S. Your code actually does have security holes, which until now I was willing to report.
For anyone interested, if you want your uploaded files to be accessible after upload via a URL, and also to have that URL in the email sent by WPCF7, then here’s a solution I used in my plugin.
If you don’t use classes, then replace the array with just the function name. Note that this is for one file only, use a foreach() loop if your form has multiple upload files.
You may also want to change the chmod() permissions to suit your server. In my case, SuPHP requires 644 or else it denies access.
class MyPlugin
{
/**
* Relative to the WP uploads dir.
*/
public $dir_uploaded = 'foo';
function __construct ()
{
add_action('wpcf7_before_send_mail', array($this, 'WPCF7_BeforeSendMail'));
}
/**
* Fetch uploaded files and modify email body to point to uploaded file url.
* @param WPCF7_ContactForm $cf7
*/
public function WPCF7_BeforeSendMail (WPCF7_ContactForm $cf7)
{
if (empty($cf7->uploaded_files['fileupload']))
return;
$dest = wp_upload_dir();
$dest_dir = $dest['basedir'].$this->dir_uploaded;
$dest_url = $dest['baseurl'].$this->dir_uploaded;
wp_mkdir_p($dest_dir);
$dest_file = wp_unique_filename($dest_dir, basename($cf7->uploaded_files['fileupload']));
$dest_path = "$dest_dir/$dest_file";
@rename($cf7->uploaded_files['fileupload'], $dest_path);
// avoid SuPHP denying access since WPCF7 hardcodes 0400 (...)
chmod($dest_path, 0644);
$cf7->mail['body'] = "Uploaded: $dest_url/$dest_file\n\n" . $cf7->mail['body'];
}
}
Cheers.
Actually i dont get the link and the file on my form, but it is sent only containing the file name but no link at all.
