Forcing at least one file type … why?
-
Great plugin, really like it!
I want (actually need) to allow uploading ANY file type. I’m surprised to see that WPCF7 forces at least one file type, which then means I have to list all possible extensions out there 🙂
Looking at the code in
modules\file.php
inwpcf7_file_validation_filter()
, I notice that you escape the wildcard chars?, *, +, .
as well … not only that, but it also seems to require the file to have an extension since you do a regex match on/\.(escaped_pattern)$/
, whereas not all files actually have an extension.All these restrictions are unnecessary and hinder functionality. I can easily hack your code but you should really permit your plugin users to be able to allow all file types. A simple
.
or.*
as pattern would do.Also, the safe way to escape strings for use in
preg_*()
functions is to usepreg_quote()
rather than using str_replace() only on?, *, +, .
, which leaves quite a big security hole (you might want to revise that function).Otherwise, keep up the good work!
p.s. I admit I haven’t read all the docs (i did read some), but a quick question: can I hook into the email function so I can do some custom stuff? A simple pointer would suffice.
- The topic ‘Forcing at least one file type … why?’ is closed to new replies.