Drag and Drop Multiple File Upload – Contact Form 7

Version Description

Improved Security - ( Check valid filename & extensions, sanitations, Secured File deletions )
New - Allowed non ASCII file name
Improved styling on Progress Bar
Fixed - Conflict with WooCommerce Geo Location

Release Info

Developer	glenwpcoder
Plugin	Drag and Drop Multiple File Upload – Contact Form 7
Version	1.3.3.1
Comparing to
See all releases

Code changes from version 1.3.3 to 1.3.3.1

Files changed (6) hide show

assets/css/dnd-upload-cf7.css +22 -6
assets/js/codedropz-uploader-min.js +2 -2
assets/js/codedropz-uploader.js +2 -1
drag-n-drop-upload-cf7.php +2 -2
inc/dnd-upload-cf7.php +36 -23
readme.txt +25 -17

assets/css/dnd-upload-cf7.css CHANGED Viewed

	@@ -56,6 +56,18 @@
56	border-radius:100%;
57	position:relative;
58	}












59	.dnd-upload-status .dnd-upload-image span {
60	font-size:20px;
61	color:#222;
	@@ -66,14 +78,16 @@
66	-webkit-transform: translate(-50%,-50%);
67	left: 50%;
68	}

69
70	/* Progress bar - Image Details ( Name and Size ) */
71	.dnd-upload-status .dnd-upload-details {
72	padding-left:10px;
73	- width:100%;
74	}
75	- .dnd-upload-status .dnd-upload-details .name {color:#016d98; padding:4px 0; display:~~block~~; }
76	- .dnd-upload-status .dnd-upload-details .name em {~~color:#444242~~; ~~font~~-~~weight~~:~~700~~; padding-right:~~20px~~; }

77
78	/* Remove Upload File */
79	.dnd-upload-status .dnd-upload-details .remove-file {
	@@ -82,7 +96,7 @@
82	top:6px;
83	text-decoration:none;
84	box-shadow:none;
85	- outline:none ~~!important~~;
86	}
87
88	.dnd-upload-status .dnd-upload-details span.has-error { color:#f50505; }
	@@ -131,6 +145,8 @@
131	}
132	.codedropz-upload-inner h3 {
133	margin:5px 0;


134	}
135
136	/* Add border on dragenter, drag etc */
	@@ -140,7 +156,7 @@
140
141	.codedropz-upload-wrapper span.has-error-msg {
142	display:inline-block;
143	- color:#~~fd3939~~;
144	padding:5px 0;
145	font-style:italic;
146	}
	@@ -148,5 +164,5 @@
148	@media screen and (max-width: 767px) {
149	.dnd-upload-status .dnd-upload-details .name em { font-weight:normal; }
150	.dnd-upload-status .dnd-upload-details .name { padding-right:60px; }
151	- .codedropz-upload-inner h3 { font-size:~~20px~~; }
152	}


56	border-radius:100%;
57	position:relative;
58	}
59	+ .dnd-upload-status .dnd-upload-image.has-bg {
60	+ background-position:center center;
61	+ background-size:cover;
62	+ background-repeat:no-repeat;
63	+ border:0;
64	+ transition: transform 0.3s ease;
65	+ max-width:40px;
66	+ width:100%;
67	+ }
68	+ .dnd-upload-status .dnd-upload-image.has-bg:hover {
69	+ transform: scale(1.5);
70	+ }
71	.dnd-upload-status .dnd-upload-image span {
72	font-size:20px;
73	color:#222;

78	-webkit-transform: translate(-50%,-50%);
79	left: 50%;
80	}
81	+ .dnd-upload-status .dnd-upload-image.has-bg span { opacity:0; z-index:-200; }
82
83	/* Progress bar - Image Details ( Name and Size ) */
84	.dnd-upload-status .dnd-upload-details {
85	padding-left:10px;
86	+ width: calc(100% - 40px);
87	}
88	+ .dnd-upload-status .dnd-upload-details .name {color:#016d98; padding:4px 0; padding-right:25px; display:flex; }
89	+ .dnd-upload-status .dnd-upload-details .name span { text-overflow: ellipsis; white-space: nowrap; overflow: hidden; position: relative; padding-right:10px; }
90	+ .dnd-upload-status .dnd-upload-details .name em {color:#444242; font-weight:700; }
91
92	/* Remove Upload File */
93	.dnd-upload-status .dnd-upload-details .remove-file {

96	top:6px;
97	text-decoration:none;
98	box-shadow:none;
99	+ outline:none;
100	}
101
102	.dnd-upload-status .dnd-upload-details span.has-error { color:#f50505; }

145	}
146	.codedropz-upload-inner h3 {
147	margin:5px 0;
148	+ font-size:30px;
149	+ line-height:32px;
150	}
151
152	/* Add border on dragenter, drag etc */

156
157	.codedropz-upload-wrapper span.has-error-msg {
158	display:inline-block;
159	+ color:#ff0000;
160	padding:5px 0;
161	font-style:italic;
162	}

164	@media screen and (max-width: 767px) {
165	.dnd-upload-status .dnd-upload-details .name em { font-weight:normal; }
166	.dnd-upload-status .dnd-upload-details .name { padding-right:60px; }
167	+ .codedropz-upload-inner h3 { font-size:22px; }
168	}

assets/js/codedropz-uploader-min.js CHANGED Viewed

	@@ -2,10 +2,10 @@
2	* CodeDropz Uploader v1.3.3
3	* Copyright 2018 Glen Mongaya
4	* CodeDrop Drag&Drop Uploader
5	- * @version 1.2
6	* @author CodeDropz, Glen Don L. Mongaya
7	* @license The MIT License (MIT)
8	*/
9
10	// CodeDropz Drag and Drop Plugin
11	- !function(e){e.fn.CodeDropz_Uploader=function(a){this.each(function(){var r=e(this),d=e.extend({handler:r,color:"#000",background:"",server_max_error:"Uploaded file exceeds the maximum upload size of your server.",max_file:r.data("max")?r.data("max"):10,max_upload_size:r.data("limit")?r.data("limit"):"5242880",supported_type:r.data("type")?r.data("type"):"jpg\|jpeg\|JPG\|png\|gif\|pdf\|doc\|docx\|ppt\|pptx\|odt\|avi\|ogg\|m4a\|mov\|mp3\|mp4\|mpg\|wav\|wmv\|xls",text:"Drag & Drop Files Here",separator:"or",button_text:"Browse Files",on_success:""},a),o=r.data("name")+"_count_files";localStorage.setItem(o,1);var s='<div class="codedropz-upload-handler"><div class="codedropz-upload-container"><div class="codedropz-upload-inner"><h3>'+d.text+"</h3><span>"+d.separator+'</span><div class="codedropz-btn-wrap"><a class="cd-upload-btn" href="javascript:void(0)">'+d.button_text+"</a></div></div></div></div>";d.handler.wrapAll('<div class="codedropz-upload-wrapper"></div>');var t=d.handler.parents("form"),n=d.handler.parents(".codedropz-upload-wrapper"),p=e('input[type="submit"]',t);d.handler.after(s),e(".codedropz-upload-handler",n).on("drag dragstart dragend dragover dragenter dragleave drop",function(e){e.preventDefault(),e.stopPropagation()}),e(".codedropz-upload-handler",n).on("dragover dragenter",function(a){e(this).addClass("codedropz-dragover")}),e(".codedropz-upload-handler",n).on("dragleave dragend drop",function(a){e(this).removeClass("codedropz-dragover")}),e("a.cd-upload-btn",n).on("click",function(e){e.preventDefault(),d.handler.val(null),d.handler.click()}),e(".codedropz-upload-handler",n).on("drop",function(e){l(e.originalEvent.dataTransfer.files,"drop")}),d.handler.on("change",function(e){l(this.files,"click")});var l=function(a,s){if(!(!a.length>1)){var p=new FormData;p.append("supported_type",d.supported_type),p.append("size_limit",d.max_upload_size),p.append("action","dnd_codedropz_upload"),p.append("type",s),e("span.has-error",d.handler).remove(),e.each(a,function(a,s){if(void 0!==p.delete&&p.delete("upload-file"),localStorage.getItem(o)>d.max_file)return!e("span.has-error-msg",n).length>0&&(err_msg=dnd_cf7_uploader.drag_n_drop_upload.max_file_limit,n.append('<span class="has-error-msg">'+err_msg.replace("%count%",d.max_file)+"</span>")),!1;var l=i.createProgressBar(s),c=!1;if(s.size>d.max_upload_size&&(e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.large_file+"</span>"),c=!0),regex_type=new RegExp("(.?).("+d.supported_type+")$"),!1!==c\|\|regex_type.test(s.name.toLowerCase())\|\|(e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.inavalid_type+"</span>"),c=!0),localStorage.setItem(o,Number(localStorage.getItem(o))+1),!1===c){p.append("upload-file",s);e.ajax({url:d.ajax_url,type:t.attr("method"),data:p,dataType:"json",cache:!1,contentType:!1,processData:!1,xhr:function(){var e=new window.XMLHttpRequest;return e.upload.addEventListener("progress",function(e){if(e.lengthComputable){var a=e.loaded/e.total,r=parseInt(100a);i.setProgressBar(l,r)}},!1),e},complete:function(){i.setProgressBar(l,100)},success:function(a){a.success?e.isFunction(d.on_success)&&d.on_success.call(this,r,l,a):(e(".dnd-progress-bar",e("#"+l)).remove(),e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+a.data+"</span>"),e('input[type="submit"]',t).removeClass("disabled").prop("disabled",!1))},error:function(a,r,o){e(".dnd-progress-bar",e("#"+l)).remove(),e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+d.server_max_error+"</span>"),e('input[type="submit"]',t).removeClass("disabled").prop("disabled",!1)}})}})}},i={createProgressBar:function(a){var r=e(".codedropz-upload-handler",n),d="dnd-file-"+Math.random().toString(36).substr(2,9),s='<div class="dnd-upload-image"><span class="dnd-icon-blank-file"></span></div><div class="dnd-upload-details"><span class="name">'+a.name+" <em>("+i.bytesToSize(a.size)+')</em></span><a href="javascript:void(0)" title="Remove" class="remove-file" data-storage="'+o+'"><span class="dnd-icon-remove"></span></a><span class="dnd-progress-bar"><span></span></span></div>';return r.after('<div id="'+d+'" class="dnd-upload-status">'+s+"</div>"),d},setProgressBar:function(a,r){var d=e(".dnd-progress-bar",e("#"+a));return d.length>0&&(i.disableBtn(p),progress_width=r*d.width()/100,e("span",d).addClass("in-progress").animate({width:progress_width},10).text(r+"% "),100==r&&e("span",d).addClass("complete").removeClass("in-progress")),!1},bytesToSize:function(e){return 0===e?"0":(kBytes=e/1024,fileSize=kBytes>=1024?(kBytes/1024).toFixed(2)+"MB":kBytes.toFixed(2)+"KB",fileSize)},disableBtn:function(e){e.length>0&&e.addClass("disable").prop("disabled",!0)}}}),e(document).on("click",".dnd-icon-remove",function(r){var d=e(this),o=d.parents(".dnd-upload-status"),s=d.parents(".codedropz-upload-wrapper"),t=d.parent("a").attr("data-storage");return!(e("span.in-progress",o).length>0)&&(e(".has-error",o).length>0?(o.remove(),localStorage.setItem(t,Number(localStorage.getItem(t))-1),!1):(d.addClass("deleting").text("deleting..."),void e.post(a.ajax_url,{path:o.find('input[type="hidden"]').val(),action:"dnd_codedropz_upload_delete",security:dnd_cf7_uploader.ajax_nonce},function(a){a.success&&(o.remove(),localStorage.setItem(t,Number(localStorage.getItem(t))-1),e(".dnd-upload-status",s).length<=1&&e("span.has-error-msg",s).remove())})))})}}(jQuery);


2	* CodeDropz Uploader v1.3.3
3	* Copyright 2018 Glen Mongaya
4	* CodeDrop Drag&Drop Uploader
5	+ * @version 1.0
6	* @author CodeDropz, Glen Don L. Mongaya
7	* @license The MIT License (MIT)
8	*/
9
10	// CodeDropz Drag and Drop Plugin
11	+ !function(e){e.fn.CodeDropz_Uploader=function(a){this.each(function(){var d=e(this),r=e.extend({handler:d,color:"#000",background:"",server_max_error:"Uploaded file exceeds the maximum upload size of your server.",max_file:d.data("max")?d.data("max"):10,max_upload_size:d.data("limit")?d.data("limit"):"5242880",supported_type:d.data("type")?d.data("type"):"jpg\|jpeg\|JPG\|png\|gif\|pdf\|doc\|docx\|ppt\|pptx\|odt\|avi\|ogg\|m4a\|mov\|mp3\|mp4\|mpg\|wav\|wmv\|xls",text:"Drag & Drop Files Here",separator:"or",button_text:"Browse Files",on_success:""},a),o=d.data("name")+"_count_files";localStorage.setItem(o,1);var s='<div class="codedropz-upload-handler"><div class="codedropz-upload-container"><div class="codedropz-upload-inner"><h3>'+r.text+"</h3><span>"+r.separator+'</span><div class="codedropz-btn-wrap"><a class="cd-upload-btn" href="javascript:void(0)">'+r.button_text+"</a></div></div></div></div>";r.handler.wrapAll('<div class="codedropz-upload-wrapper"></div>');var t=r.handler.parents("form"),n=r.handler.parents(".codedropz-upload-wrapper"),p=e('input[type="submit"]',t);r.handler.after(s),e(".codedropz-upload-handler",n).on("drag dragstart dragend dragover dragenter dragleave drop",function(e){e.preventDefault(),e.stopPropagation()}),e(".codedropz-upload-handler",n).on("dragover dragenter",function(a){e(this).addClass("codedropz-dragover")}),e(".codedropz-upload-handler",n).on("dragleave dragend drop",function(a){e(this).removeClass("codedropz-dragover")}),e("a.cd-upload-btn",n).on("click",function(e){e.preventDefault(),r.handler.val(null),r.handler.click()}),e(".codedropz-upload-handler",n).on("drop",function(e){l(e.originalEvent.dataTransfer.files,"drop")}),r.handler.on("change",function(e){l(this.files,"click")});var l=function(a,s){if(!(!a.length>1)){var p=new FormData;p.append("supported_type",r.supported_type),p.append("size_limit",r.max_upload_size),p.append("action","dnd_codedropz_upload"),p.append("type",s),p.append("security",dnd_cf7_uploader.ajax_nonce),e("span.has-error",r.handler).remove(),e.each(a,function(a,s){if(void 0!==p.delete&&p.delete("upload-file"),localStorage.getItem(o)>r.max_file)return!e("span.has-error-msg",n).length>0&&(err_msg=dnd_cf7_uploader.drag_n_drop_upload.max_file_limit,n.append('<span class="has-error-msg">'+err_msg.replace("%count%",r.max_file)+"</span>")),!1;var l=i.createProgressBar(s),c=!1;if(s.size>r.max_upload_size&&(e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.large_file+"</span>"),c=!0),regex_type=new RegExp("(.?).("+r.supported_type+")$"),!1!==c\|\|regex_type.test(s.name.toLowerCase())\|\|(e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.inavalid_type+"</span>"),c=!0),localStorage.setItem(o,Number(localStorage.getItem(o))+1),!1===c){p.append("upload-file",s);e.ajax({url:r.ajax_url,type:t.attr("method"),data:p,dataType:"json",cache:!1,contentType:!1,processData:!1,xhr:function(){var e=new window.XMLHttpRequest;return e.upload.addEventListener("progress",function(e){if(e.lengthComputable){var a=e.loaded/e.total,d=parseInt(100a);i.setProgressBar(l,d)}},!1),e},complete:function(){i.setProgressBar(l,100)},success:function(a){a.success?e.isFunction(r.on_success)&&r.on_success.call(this,d,l,a):(e(".dnd-progress-bar",e("#"+l)).remove(),e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+a.data+"</span>"),e('input[type="submit"]',t).removeClass("disabled").prop("disabled",!1))},error:function(a,d,o){e(".dnd-progress-bar",e("#"+l)).remove(),e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+r.server_max_error+"</span>"),e('input[type="submit"]',t).removeClass("disabled").prop("disabled",!1)}})}})}},i={createProgressBar:function(a){var d=e(".codedropz-upload-handler",n),r="dnd-file-"+Math.random().toString(36).substr(2,9),s='<div class="dnd-upload-image"><span class="dnd-icon-blank-file"></span></div><div class="dnd-upload-details"><span class="name"><span>'+a.name+"</span><em>("+i.bytesToSize(a.size)+')</em></span><a href="javascript:void(0)" title="Remove" class="remove-file" data-storage="'+o+'"><span class="dnd-icon-remove"></span></a><span class="dnd-progress-bar"><span></span></span></div>';return d.after('<div id="'+r+'" class="dnd-upload-status">'+s+"</div>"),r},setProgressBar:function(a,d){var r=e(".dnd-progress-bar",e("#"+a));return r.length>0&&(i.disableBtn(p),progress_width=d*r.width()/100,e("span",r).addClass("in-progress").animate({width:progress_width},10).text(d+"% "),100==d&&e("span",r).addClass("complete").removeClass("in-progress")),!1},bytesToSize:function(e){return 0===e?"0":(kBytes=e/1024,fileSize=kBytes>=1024?(kBytes/1024).toFixed(2)+"MB":kBytes.toFixed(2)+"KB",fileSize)},disableBtn:function(e){e.length>0&&e.addClass("disable").prop("disabled",!0)}}}),e(document).on("click",".dnd-icon-remove",function(d){var r=e(this),o=r.parents(".dnd-upload-status"),s=r.parents(".codedropz-upload-wrapper"),t=r.parent("a").attr("data-storage");return!(e("span.in-progress",o).length>0)&&(e(".has-error",o).length>0?(o.remove(),localStorage.setItem(t,Number(localStorage.getItem(t))-1),!1):(r.addClass("deleting").text("deleting..."),void e.post(a.ajax_url,{path:o.find('input[type="hidden"]').val(),action:"dnd_codedropz_upload_delete",security:dnd_cf7_uploader.ajax_nonce},function(a){a.success&&(o.remove(),localStorage.setItem(t,Number(localStorage.getItem(t))-1),e(".dnd-upload-status",s).length<=1&&e("span.has-error-msg",s).remove())})))})}}(jQuery);

assets/js/codedropz-uploader.js CHANGED Viewed

	@@ -116,6 +116,7 @@
116	formData.append('size_limit', options.max_upload_size );
117	formData.append('action', 'dnd_codedropz_upload' );
118	formData.append('type', action );

119
120	// remove has error
121	$('span.has-error', options.handler ).remove();
	@@ -232,7 +233,7 @@
232	// Setup progressbar elements
233	var fileDetails = '<div class="dnd-upload-image"><span class="dnd-icon-blank-file"></span></div>'
234	+ '<div class="dnd-upload-details">'
235	- + '<span class="name">'+ file.name +' <em>('+ CodeDropz_Object.bytesToSize( file.size ) +')</em></span>'
236	+ '<a href="javascript:void(0)" title="Remove" class="remove-file" data-storage="'+ dataStorageName +'"><span class="dnd-icon-remove"></span></a>'
237	+ '<span class="dnd-progress-bar"><span></span></span>'
238	+ '</div>';


116	formData.append('size_limit', options.max_upload_size );
117	formData.append('action', 'dnd_codedropz_upload' );
118	formData.append('type', action );
119	+ formData.append('security', dnd_cf7_uploader.ajax_nonce );
120
121	// remove has error
122	$('span.has-error', options.handler ).remove();

233	// Setup progressbar elements
234	var fileDetails = '<div class="dnd-upload-image"><span class="dnd-icon-blank-file"></span></div>'
235	+ '<div class="dnd-upload-details">'
236	+ + '<span class="name"><span>'+ file.name +'</span><em>('+ CodeDropz_Object.bytesToSize( file.size ) +')</em></span>'
237	+ '<a href="javascript:void(0)" title="Remove" class="remove-file" data-storage="'+ dataStorageName +'"><span class="dnd-icon-remove"></span></a>'
238	+ '<span class="dnd-progress-bar"><span></span></span>'
239	+ '</div>';

drag-n-drop-upload-cf7.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	* Description: This simple plugin create Drag & Drop or choose Multiple File upload in your Confact Form 7 Forms.
7	* Text Domain: dnd-upload-cf7
8	* Domain Path: /languages
9	- * Version: 1.3.3
10	* Author: Glen Don L. Mongaya
11	* Author URI: http://codedropz.com
12	* License: GPL2
	@@ -21,7 +21,7 @@
21	define( 'dnd_upload_cf7', true );
22
23	/** Define plugin Version */
24	- define( 'dnd_upload_cf7_version', '1.3.3' );
25
26	/** Define constant Plugin Directories */
27	define( 'dnd_upload_cf7_directory', untrailingslashit( dirname( __FILE__ ) ) );


6	* Description: This simple plugin create Drag & Drop or choose Multiple File upload in your Confact Form 7 Forms.
7	* Text Domain: dnd-upload-cf7
8	* Domain Path: /languages
9	+ * Version: 1.3.3.1
10	* Author: Glen Don L. Mongaya
11	* Author URI: http://codedropz.com
12	* License: GPL2

21	define( 'dnd_upload_cf7', true );
22
23	/** Define plugin Version */
24	+ define( 'dnd_upload_cf7_version', '1.3.3.1' );
25
26	/** Define constant Plugin Directories */
27	define( 'dnd_upload_cf7_directory', untrailingslashit( dirname( __FILE__ ) ) );

inc/dnd-upload-cf7.php CHANGED Viewed

	@@ -47,7 +47,6 @@
47
48	// Load plugin text-domain
49	function dnd_load_plugin_textdomain() {
50	- setlocale( LC_CTYPE, get_locale() . '.utf8' );
51	load_plugin_textdomain( 'dnd-upload-cf7', false, dirname( dirname( plugin_basename( __FILE__ ) ) ) . '/languages' );
52	}
53
	@@ -71,7 +70,7 @@
71	$field_name = $field->name;
72	if( $field->basetype == 'mfile' && isset( $posted_data[$field_name] ) && ! empty( $posted_data[$field_name] ) ) {
73	foreach( $posted_data[$field_name] as $key => $file ) {
74	- $posted_data[$field_name][$key] = trailingslashit( $uploads_dir['upload_url'] ) . ~~basename~~( $file );
75	}
76	}
77	}
	@@ -280,7 +279,7 @@
280	foreach( $_POST[ $field->name ] as $_file ) {
281
282	// Join dir and a new file name ( get from <input type="hidden" name="upload-file-333"> )
283	- $new_file_name = trailingslashit( $uploads_dir['upload_dir'] ) . ~~basename~~( $_file );
284
285	// Check if submitted and file exists then file is ready.
286	if ( $submission && file_exists( $new_file_name ) ) {
	@@ -406,10 +405,10 @@
406	$name = $tag->name;
407	$id = $tag->get_id_option();
408
409	- $multiple_files = ( isset( $_POST[ $name ] ) ? $_POST[ $name ] : null );
410
411	// Check if we have files or if it's empty
412	- if( ( is_null( $multiple_files ) ~~\|\| count( $multiple_files ) == 0 )~~ && $tag->is_required() ) {
413	$result->invalidate( $tag, wpcf7_get_message( 'invalid_required' ) );
414	return $result;
415	}
	@@ -499,6 +498,9 @@
499	// Begin process upload
500	function dnd_upload_cf7_upload() {
501



502	// Get upload dir
503	$path = dnd_get_upload_dir();
504
	@@ -526,9 +528,12 @@
526	}
527
528	// Create file name
529	- $filename = $file['name'];
530	$filename = wpcf7_canonicalize( $filename, 'as-is' );
531	- ~~$filename = wpcf7_antiscript_file_name( $filename );~~



532
533	// Add filter on upload file name
534	$filename = apply_filters( 'wpcf7_upload_file_name', $filename, $file['name'] );
	@@ -544,7 +549,7 @@
544
545	$files = array(
546	'path' => basename( $path['upload_dir'] ),
547	- 'file' => str_replace('/','-', $filename )
548	);
549
550	// Change file permission to 0400
	@@ -562,26 +567,34 @@
562	// check and verify ajax request
563	check_ajax_referer( 'dnd-cf7-security-nonce', 'security' );
564
565	- // ~~Check~~ ~~valid filename & extensions~~
566	- if( ~~preg_match_all~~('~~/wp-\|(\.php\|\.exe\|\.js\|\.asp)/~~', $_POST['path'] ) ) {
567	- die('file not safe');
568	- }
569	-
570	- // Get upload dir
571	- $upload_dir = dnd_get_upload_dir();
572	- $path = preg_replace( '/\..\/\|\/..\//', '', $_POST['path'] ); // remove extra character
573	- $directory = dirname( $upload_dir['upload_dir'] );
574
575	- // ~~Clean~~ or ~~convert to realpath if there's /../../ in $path;~~
576	- $~~path~~ = ~~realpath~~( ~~trailingslashit( $directory~~ ) ~~. $path )~~;
577	- $folder_name = basename( dirname( $path ) );
578
579	// Make sure path is set
580	- if( ~~isset( $_POST['path'] ) &&~~ ! ~~empty~~( $~~_POST['~~path'] ) ) {
581	- ~~$file_path = path_join( trailingslashit( $directory ) . $folder_name, basename( $path ) );~~














582	if( file_exists( $file_path ) ){
583	wp_delete_file( $file_path );
584	- ~~wp_send_json_success~~( ~~'true'~~ );


585	}
586	}
587


47
48	// Load plugin text-domain
49	function dnd_load_plugin_textdomain() {

50	load_plugin_textdomain( 'dnd-upload-cf7', false, dirname( dirname( plugin_basename( __FILE__ ) ) ) . '/languages' );
51	}
52

70	$field_name = $field->name;
71	if( $field->basetype == 'mfile' && isset( $posted_data[$field_name] ) && ! empty( $posted_data[$field_name] ) ) {
72	foreach( $posted_data[$field_name] as $key => $file ) {
73	+ $posted_data[$field_name][$key] = trailingslashit( $uploads_dir['upload_url'] ) . wp_basename( $file );
74	}
75	}
76	}

279	foreach( $_POST[ $field->name ] as $_file ) {
280
281	// Join dir and a new file name ( get from <input type="hidden" name="upload-file-333"> )
282	+ $new_file_name = trailingslashit( $uploads_dir['upload_dir'] ) . wp_basename( $_file );
283
284	// Check if submitted and file exists then file is ready.
285	if ( $submission && file_exists( $new_file_name ) ) {

405	$name = $tag->name;
406	$id = $tag->get_id_option();
407
408	+ $multiple_files = ( ( isset( $_POST[ $name ] ) && count( $_POST[ $name ] ) > 0 ) ? sanitize_text_field( $_POST[ $name ] ) : null );
409
410	// Check if we have files or if it's empty
411	+ if( is_null( $multiple_files ) && $tag->is_required() ) {
412	$result->invalidate( $tag, wpcf7_get_message( 'invalid_required' ) );
413	return $result;
414	}

498	// Begin process upload
499	function dnd_upload_cf7_upload() {
500
501	+ // check and verify ajax request
502	+ check_ajax_referer( 'dnd-cf7-security-nonce', 'security' );
503	+
504	// Get upload dir
505	$path = dnd_get_upload_dir();
506

528	}
529
530	// Create file name
531	+ $filename = wp_basename( $file['name'] );
532	$filename = wpcf7_canonicalize( $filename, 'as-is' );
533	+
534	+ if( mb_check_encoding( $filename, 'ASCII' ) ){
535	+ $filename = wpcf7_antiscript_file_name( $filename );
536	+ }
537
538	// Add filter on upload file name
539	$filename = apply_filters( 'wpcf7_upload_file_name', $filename, $file['name'] );

549
550	$files = array(
551	'path' => basename( $path['upload_dir'] ),
552	+ 'file' => str_replace('/','-', $filename)
553	);
554
555	// Change file permission to 0400

567	// check and verify ajax request
568	check_ajax_referer( 'dnd-cf7-security-nonce', 'security' );
569
570	+ // Sanitize Path
571	+ $path = ( isset( $_POST['path'] ) ? sanitize_text_field( $_POST['path'] ) : null );







572
573	+ // Get folder directory
574	+ $dir = dnd_get_upload_dir();

575
576	// Make sure path is set
577	+ if( ! is_null( $path ) ) {
578	+
579	+ // Check valid filename & extensions
580	+ if( preg_match_all('/wp-\|(\.php\|\.exe\|\.js\|\.phtml\|\.cgi\|\.aspx\|\.asp\|\.bat)/', $path ) ) {
581	+ die('File not safe');
582	+ }
583	+
584	+ // Concatenate path and upload directory
585	+ $file_path = realpath( trailingslashit( dirname( $dir['upload_dir'] ) ) . trim( $path ) );
586	+
587	+ // Check if is in the correct upload_dir
588	+ if( ! preg_match("/". wpcf7_dnd_dir ."/i", $file_path ) ) {
589	+ die('It\'s not a valid upload directory');
590	+ }
591	+
592	+ // Check if file exists
593	if( file_exists( $file_path ) ){
594	wp_delete_file( $file_path );
595	+ if( ! file_exists( $file_path ) ) {
596	+ wp_send_json_success('File Deleted!');
597	+ }
598	}
599	}
600

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Donate link : http://codedropz.com/donation
3	Tags: drag and drop, contact form 7, ajax uploader, multiple file, upload, contact form 7 uploader
4	Requires at least: 3.0.1
5	- Tested up to: 5.~~3.2~~
6	- Stable tag: 1.3.3
7	Requires PHP: 5.2.4
8	License: GPLv2 or later
9	License URI: https://www.gnu.org/licenses/gpl-2.0.html
	@@ -37,23 +37,23 @@ Here's a little [DEMO](http://codedropz.com/contact).
37	Checkout available features on PRO version.
38
39	* Image Preview - Show Thumbnail for images
40	- * Auto Delete Files - After Form Submission
41	- - 1 hour, 4 hours, 8 hours or 1 ~~day~~ etc
42	* Zip Files ( Compressed File )
43	- * Save Files To Media Library
44	* Change Upload Directory
45	- - Generated Name - ~~timestamp~~
46	- Random Folder
47	- - By User ~~( must login )~~
48	- - Custom Folder
49	- * Send to email as individual attachment, ~~zip~~ archive or as a links
50	* Improved Security
51	* Optimized Code and Performance
52	* 1 Month Premium Support
53	- * Chunks Upload ( Break large files into smaller Chunks ) - Coming Soon
54	- * Max Total Size ( All Uploaded Files ) - Coming Soon
55	- * Parallel/Sequential Upload ( Number of files to simultaneously upload ) - Coming Soon
56	- * Change Filename Pattern ({filename}, {ip_address}, {random}, {post_id}, {post_slug}, etc.) ~~Coming Soon~~
57
58
59	You can get [PRO Version here](https://www.codedropz.com/purchase-plugin/)!
	@@ -71,19 +71,21 @@ For any bug reports go to <a href="https://wordpress.org/support/plugin/drag-and
71
72	= How can I limit file size? =
73
74	- To limit file size in `multiple file upload` field generator under Contact Form 7, there's a field `File size limit (bytes)`. ~~Please take note it should be `Bytes` you may use any converter just Google (MB to Bytes converter) default of this plugin is 5MB(5242880 Bytes).~~


75
76	= How can I limit the number of files in my Upload? =
77
78	You can limit the number of files in your file upload by adding this parameter `max-file:3` to your shortcode :
79
80	- Example: [mfile upload-file-344 max-file:3] - this option will limit the user to upload only 3 files.
81
82	= How can I Add or Limit file types =
83
84	You can add or change file types in cf7 Form-tag Generator Options by adding `jpeg\|png\|jpg\|gif` in `Acceptable file types field`.
85
86	- Example : [mfile upload-file-433 filetypes:jpeg\|png\|jpg\|gif]
87
88	= How can I change text in Drag and Drop Uploading area? =
89
	@@ -91,7 +93,7 @@ You can change text `Drag & Drop Files Here or Browse Files` text in Wordpress A
91
92	= How can I change email attachment as links? =
93
94	- Go to WP Admin `Contact->Drag & Drop Upload` settings then check "Send Attachment as links?" option.
95
96	To manage mail template, go to Contact Forms edit specific form and Select `Mail` tab. In Message Body add generated code from mfile. ( Example Below )
97
	@@ -121,6 +123,12 @@ To install this plugin see below:
121
122	== Changelog ==
123






124	= 1.3.3 =
125	* SECURITY UPDATES ( issues reported by : Robert L Mathews )
126	- The issues inside `dnd_codedropz_upload_delete` function, that will execute any POST remotely.


2	Donate link : http://codedropz.com/donation
3	Tags: drag and drop, contact form 7, ajax uploader, multiple file, upload, contact form 7 uploader
4	Requires at least: 3.0.1
5	+ Tested up to: 5.4
6	+ Stable tag: 1.3.3.1
7	Requires PHP: 5.2.4
8	License: GPLv2 or later
9	License URI: https://www.gnu.org/licenses/gpl-2.0.html

37	Checkout available features on PRO version.
38
39	* Image Preview - Show Thumbnail for images
40	+ * Auto Delete Files - After Form Submission
41	+ - (1 hour, 4 hours, 8 hours , days, months etc)
42	* Zip Files ( Compressed File )
43	+ * Save Files to Wordpress Media Library
44	* Change Upload Directory
45	+ - Generated Name - Timestamp
46	- Random Folder
47	+ - By User
48	+ - Custom Folder
49	+ * Send to email as individual attachment, ZIP archive or as a links
50	* Improved Security
51	* Optimized Code and Performance
52	* 1 Month Premium Support
53	+ * Chunks Upload ( Break large files into smaller Chunks )
54	+ * Max Total Size ( All Uploaded Files )
55	+ * Parallel/Sequential Upload ( Number of files to simultaneously upload )
56	+ * Change Filename Pattern ({filename}, {ip_address}, {random}, {post_id}, {post_slug}, etc.)
57
58
59	You can get [PRO Version here](https://www.codedropz.com/purchase-plugin/)!

71
72	= How can I limit file size? =
73
74	+ To limit file size in `multiple file upload` field generator under Contact Form 7, there's a field `File size limit (bytes)`.
75	+
76	+ Please take note it should be `Bytes` you may use any converter just Google (MB to Bytes converter) default of this plugin is 5MB(5242880 Bytes).
77
78	= How can I limit the number of files in my Upload? =
79
80	You can limit the number of files in your file upload by adding this parameter `max-file:3` to your shortcode :
81
82	+ Example: [mfile upload-file-344 max-file:3] - this option will limit the user to upload only 3 files.
83
84	= How can I Add or Limit file types =
85
86	You can add or change file types in cf7 Form-tag Generator Options by adding `jpeg\|png\|jpg\|gif` in `Acceptable file types field`.
87
88	+ Example : [mfile upload-file-433 filetypes:jpeg\|png\|jpg\|gif]
89
90	= How can I change text in Drag and Drop Uploading area? =
91

93
94	= How can I change email attachment as links? =
95
96	+ Go to WP Admin `Contact -> Drag & Drop Upload` settings then check "Send Attachment as links?" option.
97
98	To manage mail template, go to Contact Forms edit specific form and Select `Mail` tab. In Message Body add generated code from mfile. ( Example Below )
99

123
124	== Changelog ==
125
126	+ = 1.3.3.1 =
127	+ * Improved Security - ( Check valid filename & extensions, sanitations, Secured File deletions )
128	+ * New - Allowed non ASCII file name
129	+ * Improved styling on Progress Bar
130	+ * Fixed - Conflict with WooCommerce Geo Location
131	+
132	= 1.3.3 =
133	* SECURITY UPDATES ( issues reported by : Robert L Mathews )
134	- The issues inside `dnd_codedropz_upload_delete` function, that will execute any POST remotely.

Drag and Drop Multiple File Upload – Contact Form 7 - Version 1.3.3.1

Version Description

Release Info

Code changes from version 1.3.3 to 1.3.3.1