WordPress.org
Get WordPress

Plugin Directory

Changeset 3020507


Ignore:
Timestamp:
01/11/2024 04:06:26 PM (2 years ago)
Author:
piotnetdotcom
Message:

Update 1.0.29

Location:
piotnetforms/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • piotnetforms/trunk/inc/forms/ajax-form-builder.php

    r3013279 r3020507  
    464464                $attachment = array();
    465465
    466                 $not_allowed_extensions = array('php', 'phpt', 'php5', 'php7', 'exe');
     466                $allowed_extensions = ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'mp3', 'wav', 'ogg', 'mp4', 'avi', 'mkv', 'mov', 'txt', 'pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx', 'csv', 'json', 'xml', 'css', 'zip', 'rar', 'tar.gz'];
     467                $allowed_extensions = apply_filters( 'piotnetforms/form_builder/allowed_upload_file_extensions', $allowed_extensions );
    467468
    468469                if( !empty($_FILES) ) {
     
    472473                            $file_name_san = sanitize_file_name($file['name'][$i]);
    473474                            $file_extension = pathinfo( $file_name_san, PATHINFO_EXTENSION );
    474                             $mime_types = wp_get_mime_types();
    475                             $wp_extension_allowed = false;
    476                             foreach ($mime_types as $extensions => $mime_type) {
    477                                 $extensions_array = explode('|', $extensions);
    478                                 if (in_array($file_extension, $extensions_array)) {
    479                                     $wp_extension_allowed = true;
    480                                 }
    481                             }
    482 
    483                             if(in_array(strtolower($file_extension), $not_allowed_extensions) || !$wp_extension_allowed){
     475
     476                            if(!in_array(strtolower($file_extension), $allowed_extensions)) {
    484477                                wp_die();
    485478                            }

  • piotnetforms/trunk/piotnetforms.php

    r3013279 r3020507  
    44 * Description: Piotnet Forms - Highly Customizable WordPress Form Builder
    55 * Plugin URI:  https://piotnetforms.com/
    6  * Version:     1.0.28
     6 * Version:     1.0.29
    77 * Author:      Piotnet
    88 * Author URI:  https://piotnet.com/
     
    1515require_once __DIR__ . '/inc/variables.php';
    1616
    17 define( 'PIOTNETFORMS_VERSION', '1.0.28' );
     17define( 'PIOTNETFORMS_VERSION', '1.0.29' );
    1818
    1919class Piotnetforms extends Piotnetforms_Variables {

  • piotnetforms/trunk/readme.txt

    r3020504 r3020507  
    55Tested up to: 6.1
    66Requires PHP: 5.4
    7 Stable tag: 1.0.27
     7Stable tag: 1.0.29
    88License: GPLv3
    99License URI: https://www.gnu.org/licenses/gpl-3.0.html
     
    7777
    7878== Changelog ==
     79= 1.0.29 =
     80* Add allowed Upload file extensions filter hook.
    7981= 1.0.28 =
    8082* Improvement security issue.
Note: See TracChangeset for help on using the changeset viewer.