CODEWITHSUNDEEP
formsemailattachment
Riffaz Starr
Riffaz Starr

Reputation: 611

attachement restriction is not working. how to solve this?

I am using following code to make sure that the attachment is jpg, png, pdf and the size is below 1mb. the following code says "invalid file" if the file size exceed 1mb but it just send all the files. It's not showing the error message if the attachment is NOT jpg, png or pdf.

$attachments = array(WP_CONTENT_DIR ."/uploads/".$_FILES["attachment"]["name"]);
$allowedExts = array("pdf", "jpg", "png");

        $temp = explode(".", $_FILES["attachment"]["name"]);
        $extension = end($temp);

        if ((($_FILES["file"]["type"] != "image/pdf")
        && ($_FILES["file"]["type"] != "image/jpg")
        && ($_FILES["file"]["type"] != "image/png"))
        && ($_FILES["file"]["size"] > 1000000)
        && in_array($extension, $allowedExts)) {
                $errors['attachment'] = "invalid file!";
        }
        $headers = array('From: '.$_POST['sendername'].' <'.$_POST['senderEmail'].'>');                  
        $mail_sent = wp_mail( $to, $subject, $mailBody, $headers, $attachments );

Why this code is not restricting the mail if the attachment is not jpg, png or pdf?

and the form uploding field part is:

<form action="">
    <label for='uploaded_file'>Select A File To Upload:</label>
    <input type="file" name="attachment">
    <?php if(isset($errors['attachment'])) { echo '<span style="color: red">'.$errors['attachment'].'</span>'; } ?>

    <input type="submit" value="Submit" name="submit">
</form>

Upvotes: 0

Views: 26

Answers (1)

klarki
klarki

Reputation: 915

The code should be:

    if ((($_FILES["file"]["type"] != "image/pdf")
         && ($_FILES["file"]["type"] != "image/jpg")
         && ($_FILES["file"]["type"] != "image/png"))
    || ($_FILES["file"]["size"] > 1000000)
    || !in_array($extension, $allowedExts)) {
            $errors['attachment'] = "invalid file!";
    } else {
        $headers = array('From: '.$_POST['sendername'].' <'.$_POST['senderEmail'].'>');                  
        $mail_sent = wp_mail( $to, $subject, $mailBody, $headers, $attachments );
    }

In your original code every condition had to be true and that was never the case: the file had to neither be pdf, jpg nor png while at the same time the extension had to be either pdf jpg or png. That is mutually exclusive.

Also you didn't make the action of sending an email dependent on whether the error was set or not, so the email would be sent anyways.

Upvotes: 1

Related Questions