Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3475121

Timestamp:

03/05/2026 05:19:49 AM (3 weeks ago)

Author:

glenwpcoder

Message:

Releasing Version 1.3.96

Bug Fix - replaced cookies with localstorage.
Security Issue Fixed (User able to upload php5-php8 and bypass blacklist extension)

Location:

drag-and-drop-multiple-file-upload-contact-form-7

Files:

: 33 added
: 7 edited

tags/1.3.9.6 (added)
tags/1.3.9.6/admin (added)
tags/1.3.9.6/admin/form-generator-v1.php (added)
tags/1.3.9.6/admin/form-generator-v2.php (added)
tags/1.3.9.6/assets (added)
tags/1.3.9.6/assets/css (added)
tags/1.3.9.6/assets/css/dnd-upload-cf7.css (added)
tags/1.3.9.6/assets/images (added)
tags/1.3.9.6/assets/js (added)
tags/1.3.9.6/assets/js/codedropz-uploader-jquery.js (added)
tags/1.3.9.6/assets/js/codedropz-uploader-min.js (added)
tags/1.3.9.6/assets/js/dev (added)
tags/1.3.9.6/assets/js/dev/jquery-dev.js (added)
tags/1.3.9.6/assets/js/dev/native-dev.js (added)
tags/1.3.9.6/drag-n-drop-upload-cf7.php (added)
tags/1.3.9.6/inc (added)
tags/1.3.9.6/inc/dnd-mime-types.php (added)
tags/1.3.9.6/inc/dnd-upload-cf7.php (added)
tags/1.3.9.6/languages (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-de_DE.mo (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-de_DE.po (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-fr_FR.mo (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-fr_FR.po (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-ko_KR.mo (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-ko_KR.po (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-nl_NL.mo (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-nl_NL.po (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-ru_RU.mo (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-ru_RU.po (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-zh_TW.mo (added)
tags/1.3.9.6/languages/drag-and-drop-multiple-file-upload-contact-form-7-zh_TW.po (added)
tags/1.3.9.6/readme.txt (added)
tags/1.3.9.6/uninstall.php (added)
trunk/assets/js/codedropz-uploader-jquery.js (modified) (3 diffs)
trunk/assets/js/codedropz-uploader-min.js (modified) (5 diffs)
trunk/assets/js/dev/jquery-dev.js (modified) (7 diffs)
trunk/assets/js/dev/native-dev.js (modified) (8 diffs)
trunk/drag-n-drop-upload-cf7.php (modified) (2 diffs)
trunk/inc/dnd-upload-cf7.php (modified) (17 diffs)
trunk/readme.txt (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

drag-and-drop-multiple-file-upload-contact-form-7/trunk/assets/js/codedropz-uploader-jquery.js

-                      r3428236
+                      r3475121
  * Copyright 2018 Glen Mongaya
  * CodeDrop Drag&Drop Uploader
  * @version 1.3.9.3
+ * @version 1.3.9.6
  * @author CodeDropz, Glen Don L. Mongaya
  * @license The MIT License (MIT)
 …
 // CodeDropz Drag and Drop Plugin
+!function(e){e.fn.CodeDropz_Uploader=function(a){this.each(function(){var d=e(this),r=e.extend({handler:d,color:"#000",background:"",server_max_error:"Uploaded file exceeds the maximum upload size of your server.",max_file:d.data("max")?d.data("max"):10,max_upload_size:d.data("limit")?d.data("limit"):"10485760",supported_type:d.data("type")?d.data("type"):"jpg|jpeg|JPG|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv|xls",text:"Drag & Drop Files Here",separator:"or",button_text:"Browse Files",on_success:""},a),t=d.data("name")+"_count_files";localStorage.setItem(t,1);var s='<div class="codedropz-upload-handler"><div class="codedropz-upload-container"><div class="codedropz-upload-inner"><'+dnd_cf7_uploader.drag_n_drop_upload.tag+">"+r.text+"</"+dnd_cf7_uploader.drag_n_drop_upload.tag+"><span>"+r.separator+'</span><div class="codedropz-btn-wrap"><a class="cd-upload-btn" href="#">'+r.button_text+'</a></div></div></div><span class="dnd-upload-counter"><span>0</span> '+dnd_cf7_uploader.dnd_text_counter+" "+parseInt(r.max_file)+"</span></div>";r.handler.wrapAll('<div class="codedropz-upload-wrapper"></div>'),r.supported_type=r.supported_type.replace(/[^a-zA-Z0-9| ]/g,"");var o=r.handler.parents("form"),n=r.handler.parents(".codedropz-upload-wrapper"),p=e('input[type="submit"], button[type="submit"]',o);r.handler.after(s),e(".codedropz-upload-handler",n).on("drag dragstart dragend dragover dragenter dragleave drop",function(e){e.preventDefault(),e.stopPropagation()}),e(".codedropz-upload-handler",n).on("dragover dragenter",function(a){e(this).addClass("codedropz-dragover")}),e(".codedropz-upload-handler",n).on("dragleave dragend drop",function(a){e(this).removeClass("codedropz-dragover")}),e("a.cd-upload-btn",n).on("click",function(e){e.preventDefault(),r.handler.val(null),r.handler.click()}),e(".codedropz-upload-handler",n).on("drop",function(e){l(e.originalEvent.dataTransfer.files,"drop")}),r.handler.on("change",function(e){l(this.files,"click")}),/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)&&d.removeAttr("accept"),d.attr("data-random-id",function(e=20){let a="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",d=a.length,r="";for(let t=0;t<e;t++){let s=Math.floor(Math.random()*d);r+=a[s]}let o=Math.floor(Date.now()/1e3);return r+o}());var l=function(a,s){if(!(!a.length>1)){var p=new FormData;p.append("action","dnd_codedropz_upload"),p.append("type",s),p.append("security",dnd_cf7_uploader.ajax_nonce),p.append("form_id",d.data("id")),p.append("upload_name",d.data("name")),p.append("upload_folder",d.data("random-id")),d.data("black-list")&&p.append("blacklist-types",d.data("black-list")),e("span.has-error",r.handler).remove(),e.each(a,function(a,s){if(void 0!==p.delete&&p.delete("upload-file"),localStorage.getItem(t)>r.max_file)return!e("span.has-error-msg",n).length>0&&(err_msg=dnd_cf7_uploader.drag_n_drop_upload.max_file_limit,e(".codedropz-upload-handler",n).next('<span class="has-error-msg">'+err_msg.replace("%count%",r.max_file)+"</span>")),!1;var l=i.createProgressBar(s),u=!1;s.size>r.max_upload_size&&(e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.large_file+"</span>"),u=!0),regex_type=RegExp("(.*?).("+r.supported_type+")$"),!1!==u||regex_type.test(s.name.toLowerCase())||(e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.inavalid_type+"</span>"),u=!0),localStorage.setItem(t,Number(localStorage.getItem(t))+1),!1===u&&(p.append("upload-file",s),e.ajax({url:r.ajax_url,type:o.attr("method"),data:p,dataType:"json",cache:!1,contentType:!1,processData:!1,xhr:function(){var e=new window.XMLHttpRequest;return e.upload.addEventListener("progress",function(e){if(e.lengthComputable){var a=parseInt(100*(e.loaded/e.total));i.setProgressBar(l,a-1)}},!1),e},complete:function(){i.setProgressBar(l,100)},success:function(a){a.success?(i.setProgressBar(l,100),e.isFunction(r.on_success)&&r.on_success.call(this,d,l,a)):(e(".dnd-progress-bar",e("#"+l)).remove(),e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+a.data+"</span>"),e('input[type="submit"], button[type="submit"]',o).removeClass("disabled").prop("disabled",!1),e("#"+l).removeClass("in-progress"))},error:function(a,d,t){e(".dnd-progress-bar",e("#"+l)).remove(),e(".dnd-upload-details",e("#"+l)).append('<span class="has-error">'+r.server_max_error+"</span>"),e('input[type="submit"],button[type="submit"]',o).removeClass("disabled").prop("disabled",!1),e("#"+l).removeClass("in-progress")}}))})}},i={createProgressBar:function(a){var d=e(".codedropz-upload-handler",n),r="dnd-file-"+Math.random().toString(36).substr(2,9),s='<div class="dnd-upload-image"><span class="file"></span></div><div class="dnd-upload-details"><span class="name"><span>'+a.name+"</span><em>("+i.bytesToSize(a.size)+')</em></span><a href="#" title="'+dnd_cf7_uploader.drag_n_drop_upload.delete.title+'" class="remove-file" data-storage="'+t+'"><span class="dnd-icon-remove"></span></a><span class="dnd-progress-bar"><span></span></span></div>';return d.after('<div id="'+r+'" class="dnd-upload-status">'+s+"</div>"),r},setProgressBar:function(a,d){var r=e(".dnd-progress-bar",e("#"+a));return r.length>0&&(p&&i.disableBtn(p),progress_width=d*r.width()/100,e("#"+a).addClass("in-progress"),100==d?e("span",r).width("100%").text(d+"% "):e("span",r).animate({width:progress_width},10).text(d+"% "),100==d&&e("#"+a).addClass("complete").removeClass("in-progress")),!1},bytesToSize:function(e){return 0===e?"0":fileSize=(kBytes=e/1024)>=1024?(kBytes/1024).toFixed(2)+"MB":kBytes.toFixed(2)+"KB"},disableBtn:function(e){e.length>0&&e.addClass("disable").prop("disabled",!0)}}}),e(document).on("click",".dnd-icon-remove",function(d){d.preventDefault();var r=e(this),t=r.parents(".dnd-upload-status"),s=r.parents(".codedropz-upload-wrapper"),o=r.parent("a").attr("data-storage"),n=Number(localStorage.getItem(o));if(t.hasClass("in-progress"))return!1;if(e(".has-error",t).length>0)return t.remove(),localStorage.setItem(o,n-1),!1;r.addClass("deleting").text(dnd_cf7_uploader.drag_n_drop_upload.delete.text+"...");var p={path:t.find('input[type="hidden"]').val(),action:"dnd_codedropz_upload_delete",security:dnd_cf7_uploader.ajax_nonce};e.post(a.ajax_url,p,function(a){a.success?(t.remove(),localStorage.setItem(o,n-1),e(".dnd-upload-status",s).length<=1&&e("span.has-error-msg",s).remove(),e(".dnd-upload-counter span",s).text(Number(localStorage.getItem(o))-1)):e(".dnd-upload-details",t).append('<span class="has-error-msg">'+a.data+"</span>")}),e("span.has-error-msg").remove()})}}(jQuery);
+// End CodeDropz fn.
+!function(e){e.fn.CodeDropz_Uploader=function(a){this.each(function(){var d=e(this),r=e.extend({handler:d,color:"#000",background:"",server_max_error:"Uploaded file exceeds the maximum upload size of your server.",max_file:d.data("max")?d.data("max"):10,max_upload_size:d.data("limit")?d.data("limit"):"10485760",supported_type:d.data("type")?d.data("type"):"jpg|jpeg|JPG|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv|xls",text:"Drag & Drop Files Here",separator:"or",button_text:"Browse Files",on_success:""},a);let t=function(e=20){let a=new Uint8Array(16);crypto.getRandomValues(a),a[6]=15&a[6]|64,a[8]=63&a[8]|128;let d=Array.from(a,e=>e.toString(16).padStart(2,"0")).join("");return d.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/,"$1-$2-$3-$4-$5")};var s=d.data("name")+"_count_files";localStorage.setItem(s,1);var n=dnd_upload_cf7_unique_id();n||(n=t(),localStorage.setItem("dnd_wpcf7_session_id",JSON.stringify({value:n,savedAt:Date.now()})));var o='<div class="codedropz-upload-handler"><div class="codedropz-upload-container"><div class="codedropz-upload-inner"><'+dnd_cf7_uploader.drag_n_drop_upload.tag+">"+r.text+"</"+dnd_cf7_uploader.drag_n_drop_upload.tag+"><span>"+r.separator+'</span><div class="codedropz-btn-wrap"><a class="cd-upload-btn" href="#">'+r.button_text+'</a></div></div></div><span class="dnd-upload-counter"><span>0</span> '+dnd_cf7_uploader.dnd_text_counter+" "+parseInt(r.max_file)+"</span></div>";r.handler.wrapAll('<div class="codedropz-upload-wrapper"></div>'),r.supported_type=r.supported_type.replace(/[^a-zA-Z0-9| ]/g,"");var p=r.handler.parents("form"),l=r.handler.parents(".codedropz-upload-wrapper"),i=e('input[type="submit"], button[type="submit"]',p);r.handler.after(o),e(".codedropz-upload-handler",l).on("drag dragstart dragend dragover dragenter dragleave drop",function(e){e.preventDefault(),e.stopPropagation()}),e(".codedropz-upload-handler",l).on("dragover dragenter",function(a){e(this).addClass("codedropz-dragover")}),e(".codedropz-upload-handler",l).on("dragleave dragend drop",function(a){e(this).removeClass("codedropz-dragover")}),e("a.cd-upload-btn",l).on("click",function(e){e.preventDefault(),r.handler.val(null),r.handler.click()}),e(".codedropz-upload-handler",l).on("drop",function(e){u(e.originalEvent.dataTransfer.files,"drop")}),r.handler.on("change",function(e){u(this.files,"click")}),/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)&&d.removeAttr("accept"),d.attr("data-random-id",t());var u=function(a,t){if(!(!a.length>1)){var o=new FormData;o.append("action","dnd_codedropz_upload"),o.append("type",t),o.append("security",dnd_cf7_uploader.ajax_nonce),o.append("form_id",d.data("id")),o.append("upload_name",d.data("name")),o.append("upload_folder",n),d.data("black-list")&&o.append("blacklist-types",d.data("black-list")),e("span.has-error",r.handler).remove(),e.each(a,function(a,t){if(void 0!==o.delete&&o.delete("upload-file"),localStorage.getItem(s)>r.max_file)return!e("span.has-error-msg",l).length>0&&(err_msg=dnd_cf7_uploader.drag_n_drop_upload.max_file_limit,e(".codedropz-upload-handler",l).next('<span class="has-error-msg">'+err_msg.replace("%count%",r.max_file)+"</span>")),!1;var n=c.createProgressBar(t),i=!1;t.size>r.max_upload_size&&(e(".dnd-upload-details",e("#"+n)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.large_file+"</span>"),i=!0),regex_type=RegExp("(.*?).("+r.supported_type+")$"),!1!==i||regex_type.test(t.name.toLowerCase())||(e(".dnd-upload-details",e("#"+n)).append('<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.inavalid_type+"</span>"),i=!0),localStorage.setItem(s,Number(localStorage.getItem(s))+1),!1===i&&(o.append("upload-file",t),e.ajax({url:r.ajax_url,type:p.attr("method"),data:o,dataType:"json",cache:!1,contentType:!1,processData:!1,xhr:function(){var e=new window.XMLHttpRequest;return e.upload.addEventListener("progress",function(e){if(e.lengthComputable){var a=parseInt(100*(e.loaded/e.total));c.setProgressBar(n,a-1)}},!1),e},complete:function(){c.setProgressBar(n,100)},success:function(a){a.success?(c.setProgressBar(n,100),e.isFunction(r.on_success)&&r.on_success.call(this,d,n,a)):(e(".dnd-progress-bar",e("#"+n)).remove(),e(".dnd-upload-details",e("#"+n)).append('<span class="has-error">'+a.data+"</span>"),e('input[type="submit"], button[type="submit"]',p).removeClass("disabled").prop("disabled",!1),e("#"+n).removeClass("in-progress"))},error:function(a,d,t){e(".dnd-progress-bar",e("#"+n)).remove(),e(".dnd-upload-details",e("#"+n)).append('<span class="has-error">'+r.server_max_error+"</span>"),e('input[type="submit"],button[type="submit"]',p).removeClass("disabled").prop("disabled",!1),e("#"+n).removeClass("in-progress")}}))})}},c={createProgressBar:function(a){var d=e(".codedropz-upload-handler",l),r="dnd-file-"+Math.random().toString(36).substr(2,9),t='<div class="dnd-upload-image"><span class="file"></span></div><div class="dnd-upload-details"><span class="name"><span>'+a.name+"</span><em>("+c.bytesToSize(a.size)+')</em></span><a href="#" title="'+dnd_cf7_uploader.drag_n_drop_upload.delete.title+'" class="remove-file" data-storage="'+s+'"><span class="dnd-icon-remove"></span></a><span class="dnd-progress-bar"><span></span></span></div>';return d.after('<div id="'+r+'" class="dnd-upload-status">'+t+"</div>"),r},setProgressBar:function(a,d){var r=e(".dnd-progress-bar",e("#"+a));return r.length>0&&(i&&c.disableBtn(i),progress_width=d*r.width()/100,e("#"+a).addClass("in-progress"),100==d?e("span",r).width("100%").text(d+"% "):e("span",r).animate({width:progress_width},10).text(d+"% "),100==d&&e("#"+a).addClass("complete").removeClass("in-progress")),!1},bytesToSize:function(e){return 0===e?"0":fileSize=(kBytes=e/1024)>=1024?(kBytes/1024).toFixed(2)+"MB":kBytes.toFixed(2)+"KB"},disableBtn:function(e){e.length>0&&e.addClass("disabled").prop("disabled",!0)}}}),e(document).on("click",".dnd-icon-remove",function(d){d.preventDefault();var r=e(this),t=r.parents(".dnd-upload-status"),s=r.parents(".codedropz-upload-wrapper"),n=r.parent("a").attr("data-storage"),o=Number(localStorage.getItem(n)),p=dnd_upload_cf7_unique_id();if(t.hasClass("in-progress"))return!1;if(e(".has-error",t).length>0)return t.remove(),localStorage.setItem(n,o-1),!1;r.addClass("deleting").text(dnd_cf7_uploader.drag_n_drop_upload.delete.text+"...");var l={path:t.find('input[type="hidden"]').val(),action:"dnd_codedropz_upload_delete",security:dnd_cf7_uploader.ajax_nonce,upload_folder:p};e.post(a.ajax_url,l,function(a){a.success?(t.remove(),localStorage.setItem(n,o-1),e(".dnd-upload-status",s).length<=1&&e("span.has-error-msg",s).remove(),e(".dnd-upload-counter span",s).text(Number(localStorage.getItem(n))-1)):e(".dnd-upload-details",t).append('<span class="has-error-msg">'+a.data+"</span>")}),e("span.has-error-msg").remove()})}}(jQuery);
+// End: CodeDropz Uploader
+// Get unique id. (reset after 24hours)
+function dnd_upload_cf7_unique_id() {
+    const item = localStorage.getItem('dnd_wpcf7_session_id');
+    if ( ! item ) {
+        return null;
+    }
+    // Parse item
+    const data = JSON.parse( item );
+    // Compare date
+    if ( Date.now() - data.savedAt > ( 24 * 60 * 60 * 1000 ) ) {
+        localStorage.removeItem('dnd_wpcf7_session_id');
+        return null;
+    }
+    return data.value;
+}
 jQuery(document).ready(function($){
 …
                         const buttonSubmit = $('input[type="submit"], button[type="submit"]', $form);
                         if( buttonSubmit ){
                             buttonSubmit.removeAttr('disabled');
+                            buttonSubmit.removeClass('disabled').removeAttr('disabled');
+                        }
                     }, 1);

drag-and-drop-multiple-file-upload-contact-form-7/trunk/assets/js/codedropz-uploader-min.js

-                      r3428236
+                      r3475121
  * Copyright 2018 Glen Mongaya
  * CodeDrop Drag&Drop Uploader
  * @version 1.3.9.3
+ * @version 1.3.9.6
  * @author CodeDropz, Glen Don L. Mongaya
  * @license The MIT License (MIT)
 …
 // CodeDropz Drag and Drop Plugin
 !function(){let e=function(e){let t=document.querySelector("form.wpcf7-form");if(t){let r=new FormData;r.append("action","_wpcf7_check_nonce"),r.append("_ajax_nonce",dnd_cf7_uploader.ajax_nonce),fetch(dnd_cf7_uploader.ajax_url,{method:"POST",body:r}).then(e=>e.json()).then(({data:e,success:t})=>t&&(dnd_cf7_uploader.ajax_nonce=e)).catch(console.error)}var a=this;let d={handler:a,color:"#000",background:"",server_max_error:"Uploaded file exceeds the maximum upload size of your server.",max_file:a.dataset.max?a.dataset.max:10,max_upload_size:a.dataset.limit?a.dataset.limit:"10485760",supported_type:a.dataset.type?a.dataset.type:"jpg|jpeg|JPG|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv|xls",text:"Drag & Drop Files Here",separator:"or",button_text:"Browse Files",on_success:""},o=Object.assign({},d,e);var n=a.dataset.name+"_count_files";localStorage.setItem(n,1);let s=`
+!function(){let e=function(e){let t=document.querySelector("form.wpcf7-form");if(t){let a=new FormData;a.append("action","_wpcf7_check_nonce"),a.append("_ajax_nonce",dnd_cf7_uploader.ajax_nonce),fetch(dnd_cf7_uploader.ajax_url,{method:"POST",body:a}).then(e=>e.json()).then(({data:e,success:t})=>t&&(dnd_cf7_uploader.ajax_nonce=e)).catch(console.error)}var r=this;let d={handler:r,color:"#000",background:"",server_max_error:"Uploaded file exceeds the maximum upload size of your server.",max_file:r.dataset.max?r.dataset.max:10,max_upload_size:r.dataset.limit?r.dataset.limit:"10485760",supported_type:r.dataset.type?r.dataset.type:"jpg|jpeg|JPG|png|gif|pdf|doc|docx|ppt|pptx|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv|xls",text:"Drag & Drop Files Here",separator:"or",button_text:"Browse Files",on_success:""},o=Object.assign({},d,e);var n=r.dataset.name+"_count_files";localStorage.setItem(n,1);var s=dnd_upload_cf7_unique_id();s||(s=function(e=20){let t=new Uint8Array(16);crypto.getRandomValues(t),t[6]=15&t[6]|64,t[8]=63&t[8]|128;let a=Array.from(t,e=>e.toString(16).padStart(2,"0")).join("");return a.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/,"$1-$2-$3-$4-$5")}(),localStorage.setItem("dnd_wpcf7_session_id",JSON.stringify({value:s,savedAt:Date.now()})));let l=`
             <div class="codedropz-upload-handler">
                 <div class="codedropz-upload-container">
 …
                 <span class="dnd-upload-counter"><span>0</span> ${dnd_cf7_uploader.dnd_text_counter} ${parseInt(o.max_file)}</span>
             </div>
         `,l=document.createElement("div");l.classList.add("codedropz-upload-wrapper"),o.handler.parentNode.insertBefore(l,o.handler),l.appendChild(o.handler),o.supported_type=o.supported_type.replace(/[^a-zA-Z0-9_| ]/g,"");let p=o.handler.closest("form"),i=o.handler.closest(".codedropz-upload-wrapper"),c=p.querySelector('input[type="submit"], button[type="submit"]');o.handler.insertAdjacentHTML("afterend",s),["drag","dragstart","dragend","dragover","dragenter","dragleave","drop"].forEach(function(e){i.querySelector(".codedropz-upload-handler").addEventListener(e,function(e){e.preventDefault(),e.stopPropagation()})}),["dragover","dragenter"].forEach(function(e){i.querySelector(".codedropz-upload-handler").addEventListener(e,function(e){i.querySelector(".codedropz-upload-handler").classList.add("codedropz-dragover")})}),["dragleave","dragend","drop"].forEach(function(e){i.querySelector(".codedropz-upload-handler").addEventListener(e,function(e){i.querySelector(".codedropz-upload-handler").classList.remove("codedropz-dragover")})}),i.querySelector(".cd-upload-btn").addEventListener("click",function(e){e.preventDefault(),o.handler.value=null,o.handler.click()}),i.querySelector(".codedropz-upload-handler").addEventListener("drop",function(e){u(e.dataTransfer.files,"drop")}),o.handler.addEventListener("change",function(e){u(this.files,"click")}),/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)&&a.removeAttribute("accept"),a.setAttribute("data-random-id",function(e=20){let t="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",r=t.length,a="";for(let d=0;d<e;d++){let o=Math.floor(Math.random()*r);a+=t[o]}let n=Math.floor(Date.now()/1e3);return a+n}());var u=function(e,t){if(0==e.length)return;var r=new FormData;r.append("action","dnd_codedropz_upload"),r.append("type",t),r.append("security",dnd_cf7_uploader.ajax_nonce),r.append("form_id",a.dataset.id),r.append("upload_name",a.dataset.name),r.append("upload_folder",a.getAttribute("data-random-id"));let d=o.handler.querySelector(".has-error"),s=i.querySelector(".codedropz-upload-handler");for(let l of(d&&d.remove(),e)){if(void 0!==r.delete&&r.delete("upload-file"),Number(localStorage.getItem(n))>o.max_file){if(!i.querySelector("span.has-error-msg")){var c=dnd_cf7_uploader.drag_n_drop_upload.max_file_limit,u=document.createElement("span");u.className="has-error-msg",u.textContent=c.replace("%count%",o.max_file),s.parentNode.insertBefore(u,s.nextSibling)}return!1}let f=m.createProgressBar(l);var g=!1;if(l.size>o.max_upload_size){let v=document.getElementById(f),h=document.createElement("span");h.classList.add("has-error"),h.textContent=dnd_cf7_uploader.drag_n_drop_upload.large_file,v.querySelector(".dnd-upload-details").appendChild(h),g=!0}if(regex_type=RegExp("(.*?).("+o.supported_type+")$"),!1!==g||regex_type.test(l.name.toLowerCase())||(document.querySelector("#"+f+" .dnd-upload-details").insertAdjacentHTML("beforeend",'<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.inavalid_type+"</span>"),g=!0),localStorage.setItem(n,Number(localStorage.getItem(n))+1),!1===g){r.append("upload-file",l);var y=new XMLHttpRequest;let x=document.getElementById(f),b=x.querySelector(".dnd-progress-bar"),S=x.querySelector(".dnd-upload-details"),$=p.querySelector('input[type="submit"], button[type="submit"]');y.open(p.getAttribute("method"),o.ajax_url),y.onreadystatechange=function(){if(4===this.readyState){if(200===this.status){var e=JSON.parse(this.responseText);e.success?(m.setProgressBar(f,100),"function"==typeof o.on_success&&o.on_success.call(this,a,f,e)):(b.remove(),S.insertAdjacentHTML("beforeend",'<span class="has-error">'+e.data+"</span>"),$&&($.classList.remove("disabled"),$.removeAttribute("disabled")),x.classList.remove("in-progress"))}else b.remove(),S.insertAdjacentHTML("beforeend",'<span class="has-error">'+o.server_max_error+"</span>"),$&&($.classList.remove("disabled"),$.removeAttribute("disabled")),x.classList.remove("in-progress")}},y.upload.addEventListener("progress",function(e){if(e.lengthComputable){var t=parseInt(100*(e.loaded/e.total));m.setProgressBar(f,t-1)}},!1),y.send(r)}}},m={createProgressBar:function(e){var t=i.querySelector(".codedropz-upload-handler"),r="dnd-file-"+Math.random().toString(36).substr(2,9),a=`
+        `,p=document.createElement("div");p.classList.add("codedropz-upload-wrapper"),o.handler.parentNode.insertBefore(p,o.handler),p.appendChild(o.handler),o.supported_type=o.supported_type.replace(/[^a-zA-Z0-9| ]/g,"");let i=o.handler.closest("form"),c=o.handler.closest(".codedropz-upload-wrapper"),u=i.querySelector('input[type="submit"], button[type="submit"]');o.handler.insertAdjacentHTML("afterend",l),["drag","dragstart","dragend","dragover","dragenter","dragleave","drop"].forEach(function(e){c.querySelector(".codedropz-upload-handler").addEventListener(e,function(e){e.preventDefault(),e.stopPropagation()})}),["dragover","dragenter"].forEach(function(e){c.querySelector(".codedropz-upload-handler").addEventListener(e,function(e){c.querySelector(".codedropz-upload-handler").classList.add("codedropz-dragover")})}),["dragleave","dragend","drop"].forEach(function(e){c.querySelector(".codedropz-upload-handler").addEventListener(e,function(e){c.querySelector(".codedropz-upload-handler").classList.remove("codedropz-dragover")})}),c.querySelector(".cd-upload-btn").addEventListener("click",function(e){e.preventDefault(),o.handler.value=null,o.handler.click()}),c.querySelector(".codedropz-upload-handler").addEventListener("drop",function(e){m(e.dataTransfer.files,"drop")}),o.handler.addEventListener("change",function(e){m(this.files,"click")}),/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)&&r.removeAttribute("accept");var m=function(e,t){if(0==e.length)return;var a=new FormData;a.append("action","dnd_codedropz_upload"),a.append("type",t),a.append("security",dnd_cf7_uploader.ajax_nonce),a.append("form_id",r.dataset.id),a.append("upload_name",r.dataset.name),a.append("upload_folder",s);let d=o.handler.querySelector(".has-error"),l=c.querySelector(".codedropz-upload-handler");for(let p of(d&&d.remove(),e)){if(void 0!==a.delete&&a.delete("upload-file"),Number(localStorage.getItem(n))>o.max_file){if(!c.querySelector("span.has-error-msg")){var u=dnd_cf7_uploader.drag_n_drop_upload.max_file_limit,m=document.createElement("span");m.className="has-error-msg",m.textContent=u.replace("%count%",o.max_file),l.parentNode.insertBefore(m,l.nextSibling)}return!1}let g=f.createProgressBar(p);var v=!1;if(p.size>o.max_upload_size){let h=document.getElementById(g),y=document.createElement("span");y.classList.add("has-error"),y.textContent=dnd_cf7_uploader.drag_n_drop_upload.large_file,h.querySelector(".dnd-upload-details").appendChild(y),v=!0}if(regex_type=RegExp("(.*?).("+o.supported_type+")$"),!1!==v||regex_type.test(p.name.toLowerCase())||(document.querySelector("#"+g+" .dnd-upload-details").insertAdjacentHTML("beforeend",'<span class="has-error">'+dnd_cf7_uploader.drag_n_drop_upload.inavalid_type+"</span>"),v=!0),localStorage.setItem(n,Number(localStorage.getItem(n))+1),!1===v){a.append("upload-file",p);var x=new XMLHttpRequest;let $=document.getElementById(g),S=$.querySelector(".dnd-progress-bar"),b=$.querySelector(".dnd-upload-details"),q=i.querySelector('input[type="submit"], button[type="submit"]');x.open(i.getAttribute("method"),o.ajax_url),x.onreadystatechange=function(){if(4===this.readyState){if(200===this.status){var e=JSON.parse(this.responseText);e.success?(f.setProgressBar(g,100),"function"==typeof o.on_success&&o.on_success.call(this,r,g,e)):(S.remove(),b.insertAdjacentHTML("beforeend",'<span class="has-error">'+e.data+"</span>"),q&&(q.classList.remove("disabled"),q.removeAttribute("disabled")),$.classList.remove("in-progress"))}else S.remove(),b.insertAdjacentHTML("beforeend",'<span class="has-error">'+o.server_max_error+"</span>"),q&&(q.classList.remove("disabled"),q.removeAttribute("disabled")),$.classList.remove("in-progress")}},x.upload.addEventListener("progress",function(e){if(e.lengthComputable){var t=parseInt(100*(e.loaded/e.total));f.setProgressBar(g,t-1)}},!1),x.send(a)}}},f={createProgressBar:function(e){var t=c.querySelector(".codedropz-upload-handler"),a="dnd-file-"+Math.random().toString(36).substr(2,9),r=`
                     <div class="dnd-upload-image">
                         <span class="file"></span>
                     </div>
                     <div class="dnd-upload-details">
                         <span class="name"><span>${e.name}</span><em>(${m.bytesToSize(e.size)})</em></span>
+                        <span class="name"><span>${e.name}</span><em>(${f.bytesToSize(e.size)})</em></span>
                         <a href="#" title="${dnd_cf7_uploader.drag_n_drop_upload.delete.title}" class="remove-file" data-storage="${n}">
                         <span class="dnd-icon-remove"></span>
 …
                         <span class="dnd-progress-bar"><span></span></span>
                     </div>
                 `,d=document.createElement("div");return d.id=r,d.className="dnd-upload-status",d.innerHTML=a,t.parentNode.insertBefore(d,t.nextSibling),r},setProgressBar:function(e,t){let r=document.getElementById(e),a=r.querySelector(".dnd-progress-bar");if(a){c&&m.disableBtn(c);let d=t*a.offsetWidth/100;r.classList.add("in-progress"),100==t?(a.querySelector("span").style.width="100%",a.querySelector("span").textContent=`${t}% `):(a.querySelector("span").style.width=d+"px",a.querySelector("span").textContent=`${t}% `),100==t&&(r.classList.add("complete"),r.classList.remove("in-progress"))}return!1},bytesToSize:function(e){return 0===e?"0":fileSize=(kBytes=e/1024)>=1024?(kBytes/1024).toFixed(2)+"MB":kBytes.toFixed(2)+"KB"},disableBtn:function(e){e&&(e.classList.add("disabled"),e.disabled=!0)}}};document.addEventListener("click",function(e){if(e.target.classList.contains("dnd-icon-remove")){e.preventDefault();var t=e.target,r=t.closest(".dnd-upload-status"),a=t.closest(".codedropz-upload-wrapper"),d=t.parentElement.getAttribute("data-storage"),o=Number(localStorage.getItem(d));if(r.classList.contains("in-progress")||r.querySelector(".has-error"))return r.remove(),localStorage.setItem(d,o-1),!1;t.classList.add("deleting"),t.textContent=dnd_cf7_uploader.drag_n_drop_upload.delete.text+"...";var n=new XMLHttpRequest;n.open("POST",dnd_cf7_uploader.ajax_url),n.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),n.onload=function(){if(200===this.status){var e=JSON.parse(this.responseText);if(e.success)r.remove(),localStorage.setItem(d,o-1),a.querySelectorAll(".dnd-upload-status").length<=1&&a.querySelector(".has-error-msg")&&a.querySelector(".has-error-msg").remove(),a.querySelector(".dnd-upload-counter span").textContent=Number(localStorage.getItem(d))-1;else{let t=r.querySelector(".dnd-upload-details");if(t){let n=document.createElement("span");n.classList.add("has-error-msg"),n.textContent=e.data,t.appendChild(n)}}}},n.send("path="+r.querySelector('input[type="hidden"]').value+"&action=dnd_codedropz_upload_delete&security="+dnd_cf7_uploader.ajax_nonce),document.querySelectorAll(".has-error-msg").forEach(function(e){e.remove()})}}),HTMLElement.prototype.CodeDropz_Uploader=e}();
+                `,d=document.createElement("div");return d.id=a,d.className="dnd-upload-status",d.innerHTML=r,t.parentNode.insertBefore(d,t.nextSibling),a},setProgressBar:function(e,t){let a=document.getElementById(e),r=a.querySelector(".dnd-progress-bar");if(r){u&&f.disableBtn(u);let d=t*r.offsetWidth/100;a.classList.add("in-progress"),100==t?(r.querySelector("span").style.width="100%",r.querySelector("span").textContent=`${t}% `):(r.querySelector("span").style.width=d+"px",r.querySelector("span").textContent=`${t}% `),100==t&&(a.classList.add("complete"),a.classList.remove("in-progress"))}return!1},bytesToSize:function(e){return 0===e?"0":fileSize=(kBytes=e/1024)>=1024?(kBytes/1024).toFixed(2)+"MB":kBytes.toFixed(2)+"KB"},disableBtn:function(e){e&&(e.classList.add("disabled"),e.disabled=!0)}}};document.addEventListener("click",function(e){if(e.target.classList.contains("dnd-icon-remove")){e.preventDefault();var t=e.target,a=t.closest(".dnd-upload-status"),r=t.closest(".codedropz-upload-wrapper"),d=t.parentElement.getAttribute("data-storage"),o=Number(localStorage.getItem(d)),n=dnd_upload_cf7_unique_id();if(a.classList.contains("in-progress")||a.querySelector(".has-error"))return a.remove(),localStorage.setItem(d,o-1),!1;t.classList.add("deleting"),t.textContent=dnd_cf7_uploader.drag_n_drop_upload.delete.text+"...";var s=new XMLHttpRequest;s.open("POST",dnd_cf7_uploader.ajax_url),s.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),s.onload=function(){if(200===this.status){var e=JSON.parse(this.responseText);if(e.success)a.remove(),localStorage.setItem(d,o-1),r.querySelectorAll(".dnd-upload-status").length<=1&&r.querySelector(".has-error-msg")&&r.querySelector(".has-error-msg").remove(),r.querySelector(".dnd-upload-counter span").textContent=Number(localStorage.getItem(d))-1;else{let t=a.querySelector(".dnd-upload-details");if(t){let n=document.createElement("span");n.classList.add("has-error-msg"),n.textContent=e.data,t.appendChild(n)}}}},s.send("path="+a.querySelector('input[type="hidden"]').value+"&action=dnd_codedropz_upload_delete&security="+dnd_cf7_uploader.ajax_nonce+"&upload_folder="+n),document.querySelectorAll(".has-error-msg").forEach(function(e){e.remove()})}}),HTMLElement.prototype.CodeDropz_Uploader=e}();
 // END: CodeDropz Uploader function
 …
     });
     target.dispatchEvent(event);
+}
+// Get unique id. (reset after 24hours)
+function dnd_upload_cf7_unique_id() {
+    const item = localStorage.getItem('dnd_wpcf7_session_id');
+    if ( ! item ) {
+        return null;
+    }
+    // Parse item
+    const data = JSON.parse( item );
+    // Compare date
+    if ( Date.now() - data.savedAt > ( 24 * 60 * 60 * 1000 ) ) {
+        localStorage.removeItem('dnd_wpcf7_session_id');
+        return null;
+    }
+    return data.value;
+}

drag-and-drop-multiple-file-upload-contact-form-7/trunk/assets/js/dev/jquery-dev.js

-                      r3391555
+                      r3475121
  * Copyright 2018 Glen Mongaya
  * CodeDrop Drag&Drop Uploader
  * @version 1.3.8.7
+ * @version 1.3.9.6
  * @author CodeDropz, Glen Don L. Mongaya
  * @license The MIT License (MIT)
 …
             }, settings);
+            // Generate random string
+            const generateRandomFolder = function( length = 20 ) {
+                const bytes = new Uint8Array(16);
+                crypto.getRandomValues(bytes);
+                bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4
+                bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant 10
+                const hex = Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+                return hex.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, '$1-$2-$3-$4-$5');
+            }
             // Get storage name
             var dataStorageName = input.data('name') + '_count_files';
 …
             localStorage.setItem( dataStorageName, 1);
+            // Generate random string
+            const generateRandomFolder = function( length = 20 ) {
+                const characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+                const charactersLength = characters.length;
+                let randomString = '';
+                // Generate a random string
+                for (let i = 0; i < length; i++) {
+                    const randomIndex = Math.floor(Math.random() * charactersLength);
+                    randomString += characters[randomIndex];
+                }
+                // Append the current timestamp (in seconds)
+                const timestamp = Math.floor(Date.now() / 1000); // Get Unix timestamp in seconds
+                return randomString + timestamp;
+            // Get unique id from local storage.
+            var sessionID = dnd_upload_cf7_unique_id();
+            // Unique upload session_id
+            if ( ! sessionID ) {
+                sessionID = generateRandomFolder();
+                localStorage.setItem( 'dnd_wpcf7_session_id', JSON.stringify({ value: sessionID, savedAt: Date.now() }) );
+            }
 …
                 formData.append('form_id', input.data('id'));
                 formData.append('upload_name', input.data('name'));
                 formData.append('upload_folder', input.data('random-id') );
+                formData.append('upload_folder', sessionID );
                 // black list file types
 …
             e.preventDefault();
             var _self = $(this),
                 _dnd_status = _self.parents('.dnd-upload-status'),
                 _parent_wrap = _self.parents('.codedropz-upload-wrapper'),
+                _dnd_status       = _self.parents('.dnd-upload-status'),
+                _parent_wrap      = _self.parents('.codedropz-upload-wrapper'),
                 removeStorageData = _self.parent('a').attr('data-storage'),
+                storageCount = Number( localStorage.getItem( removeStorageData ) );
+                storageCount      = Number( localStorage.getItem( removeStorageData ) ),
+                sessionId         = dnd_upload_cf7_unique_id();
             // If file upload is in progress don't delete
 …
             // Request ajax image delete
             var delData = {
+                path        : _dnd_status.find('input[type="hidden"]').val(),
+                action      : 'dnd_codedropz_upload_delete',
+                security    : dnd_cf7_uploader.ajax_nonce
+                path          : _dnd_status.find('input[type="hidden"]').val(),
+                action        : 'dnd_codedropz_upload_delete',
+                security      : dnd_cf7_uploader.ajax_nonce,
+                upload_folder : sessionId
             };
 …
 }( jQuery ));
+// Get unique id. (reset after 24hours)
+function dnd_upload_cf7_unique_id() {
+    const item = localStorage.getItem('dnd_wpcf7_session_id');
+    if ( ! item ) {
+        return null;
+    }
+    // Parse item
+    const data = JSON.parse( item );
+    // Compare date
+    if ( Date.now() - data.savedAt > ( 24 * 60 * 60 * 1000 ) ) {
+        localStorage.removeItem('dnd_wpcf7_session_id');
+        return null;
+    }
+    return data.value;
+}
 jQuery(document).ready(function($){

drag-and-drop-multiple-file-upload-contact-form-7/trunk/assets/js/dev/native-dev.js

-                      r3450209
+                      r3475121
  * Copyright 2018 Glen Mongaya
  * CodeDrop Drag&Drop Uploader
  * @version 1.3.8.7
+ * @version 1.3.9.6
  * @author CodeDropz, Glen Don L. Mongaya
  * @license The MIT License (MIT)
 …
         // Generate random string
         const generateRandomFolder = function( length = 20 ) {
+            const characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+            const charactersLength = characters.length;
+            let randomString = '';
+            // Generate a random string
+            for (let i = 0; i < length; i++) {
+                const randomIndex = Math.floor(Math.random() * charactersLength);
+                randomString += characters[randomIndex];
+            }
+            // Append the current timestamp (in seconds)
+            const timestamp = Math.floor(Date.now() / 1000); // Get Unix timestamp in seconds
+            return randomString + timestamp;
+            const bytes = new Uint8Array(16);
+            crypto.getRandomValues(bytes);
+            bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4
+            bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant 10
+            const hex = Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
+            return hex.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, '$1-$2-$3-$4-$5');
+        }
 …
         localStorage.setItem( dataStorageName, 1);
+        // Get unique id from local storage.
+        var sessionID = dnd_upload_cf7_unique_id();
+        // Unique upload session_id
+        if ( ! sessionID ) {
+            sessionID = generateRandomFolder();
+            localStorage.setItem( 'dnd_wpcf7_session_id', JSON.stringify({ value: sessionID, savedAt: Date.now() }) );
+        }
         // Template Container
         const cdropz_template = `
 …
+        }
-        // Add unique ID or random string
-        input.setAttribute( 'data-random-id', generateRandomFolder() );
         // Setup Uploader
         var DND_Setup_Uploader = function( files, action ) {
 …
             formData.append('form_id', input.dataset.id);
             formData.append('upload_name', input.dataset.name);
             formData.append('upload_folder', input.getAttribute('data-random-id') );
+            formData.append('upload_folder', sessionID );
             // black list file types
 …
         e.preventDefault();
         var _self = e.target,
             _dnd_status = _self.closest(".dnd-upload-status"),
             _parent_wrap = _self.closest(".codedropz-upload-wrapper"),
+        var _self             = e.target,
+            _dnd_status       = _self.closest(".dnd-upload-status"),
+            _parent_wrap      = _self.closest(".codedropz-upload-wrapper"),
             removeStorageData = _self.parentElement.getAttribute("data-storage"),
+            storageCount = Number(localStorage.getItem(removeStorageData));
+            storageCount      = Number(localStorage.getItem(removeStorageData)),
+            sessionId         = dnd_upload_cf7_unique_id();
         // Direct remove the file if there's any error.
 …
             "path=" + _dnd_status.querySelector('input[type="hidden"]').value +
             "&action=dnd_codedropz_upload_delete" +
+            "&security=" + dnd_cf7_uploader.ajax_nonce
+            "&security=" + dnd_cf7_uploader.ajax_nonce +
+            "&upload_folder=" + sessionId
         );
 …
     });
     target.dispatchEvent(event);
+}
+// Get unique id. (reset after 24hours)
+function dnd_upload_cf7_unique_id() {
+    const item = localStorage.getItem('dnd_wpcf7_session_id');
+    if ( ! item ) {
+        return null;
+    }
+    // Parse item
+    const data = JSON.parse( item );
+    // Compare date
+    if ( Date.now() - data.savedAt > ( 24 * 60 * 60 * 1000 ) ) {
+        localStorage.removeItem('dnd_wpcf7_session_id');
+        return null;
+    }
+    return data.value;
+}

drag-and-drop-multiple-file-upload-contact-form-7/trunk/drag-n-drop-upload-cf7.php

-                      r3450244
+                      r3475121
     * Text Domain: drag-and-drop-multiple-file-upload-contact-form-7
     * Domain Path: /languages
     * Version: 1.3.9.5
+    * Version: 1.3.9.6
     * Author: Glen Don L. Mongaya
     * Author URI: http://codedropz.com
 …
     /**  Define plugin Version */
     define( 'dnd_upload_cf7_version', '1.3.9.5' );
+    define( 'dnd_upload_cf7_version', '1.3.9.6' );
     /**  Define constant Plugin Directories  */

drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php

-                      r3450244
+                      r3475121
     add_action( 'wpcf7_init', 'dnd_cf7_upload_add_form_tag_file' );
     add_action( 'wpcf7_enqueue_scripts', 'dnd_cf7_scripts' );
-    add_action( 'wpcf7_enqueue_scripts', 'dnd_cf7_cookie_scripts', 50 );
     // Hook on plugins loaded
 …
     // Return created cookie with unique id.
     function dnd_cf7_get_unique_id() {
+        if ( isset( $_COOKIE['wpcf7_guest_user_id'] ) ) {
+            return $_COOKIE['wpcf7_guest_user_id'];
+        }
+        print_r( $_POST );
+    }
 …
                     if ( is_array( $posted_data ) ) {
                         foreach( $posted_data[$field_name] as $key => $file ) {
-                            if ( strpos( dirname($file), 'wpcf7-files' ) !== false ) {
-                                $file = wp_basename( $file ); // remove duplicate path "/12/file.jpg" to just "/file.jpg"
+                            }
                             $posted_data[$field_name][$key] = trailingslashit( $uploads_dir['upload_url'] ) . $file;
+                        }
 …
     // Get folder path
     function dnd_get_upload_dir( $dir = false ) {
+    function dnd_get_upload_dir( $dir = '' ) {
         $upload      = wp_upload_dir();
         $uploads_dir = wpcf7_dnd_dir . '/wpcf7-files';
+        $uploads_dir = wpcf7_dnd_dir . '/wpcf7-files'; // ie: "/wp_dndcf7_uploads/wpcf7-files"
         // Send file as links is enabled.
 …
         // Setup random/unique folder, only created if user uploading.
         if ( true === $dir ) {
             $unique_id = dnd_cf7_get_unique_id();
+        if ( $dir ) {
+            $unique_id = sanitize_file_name( $dir );
             if ( ! empty( $unique_id ) ) {
+                $unique_id = preg_replace( '/[^a-zA-Z0-9_-]/', '', $unique_id );
+                if ( '' !== $unique_id ) {
+                    $uploads_dir = trailingslashit( $uploads_dir ) . sanitize_file_name( $unique_id );
+                }
+            }
+        }
+                $unique_id   = preg_replace( '/[^a-zA-Z0-9_-]/', '', $unique_id );
+                $uploads_dir = trailingslashit( $uploads_dir ) . $unique_id;
+            }
+        }
+        // Get full dir and url
+        $full_dir = wp_normalize_path( trailingslashit( $upload['basedir'] ) . $uploads_dir );
+        $full_url = trailingslashit( $upload['baseurl'] ) . $uploads_dir;
         // Create directory if not exists.
         if ( ! is_dir( trailingslashit( $upload['basedir'] ) . $uploads_dir ) ) {
             wp_mkdir_p( trailingslashit( $upload['basedir'] ) . $uploads_dir );
             chmod( trailingslashit( $upload['basedir'] ) . $uploads_dir, 0755 );
+        if ( ! is_dir( $full_dir ) ) {
+            wp_mkdir_p( $full_dir );
+            @chmod( $full_dir, 0755 );
+        }
         // Make sure directory exist before returning
         if( file_exists( trailingslashit( $upload['basedir'] ) . $uploads_dir ) ) {
+        if( file_exists( $full_dir ) ) {
             return array(
                 'upload_dir'    =>  trailingslashit( $upload['basedir'] ) . $uploads_dir,
                 'upload_url'    =>  trailingslashit( $upload['baseurl'] ) . $uploads_dir
+                'upload_dir'    =>  $full_dir,
+                'upload_url'    =>  $full_url
             );
+        }
         return trailingslashit( $upload['basedir'] ) . $uploads_dir;
+        return $full_dir;
+    }
 …
+    }
-    // Add inline js for cookie script.
-    function dnd_cf7_cookie_scripts() {
-        wp_add_inline_script( 'codedropz-uploader',
+            "
-            function dnd_cf7_generateUUIDv4() {
-                const bytes = new Uint8Array(16);
-                crypto.getRandomValues(bytes);
-                bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4
-                bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant 10
-                const hex = Array.from(bytes, b => b.toString(16).padStart(2, '0')).join('');
-                return hex.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, '$1-$2-$3-$4-$5');
+            }
-            document.addEventListener('DOMContentLoaded', function() {
-                if ( ! document.cookie.includes('wpcf7_guest_user_id')) {
-                    document.cookie = 'wpcf7_guest_user_id=' + dnd_cf7_generateUUIDv4() + '; path=/; max-age=' + (12 * 3600) + '; samesite=Lax';
+                }
-            });
+            "
-        );
+    }
     // Generate tag
     function dnd_cf7_upload_add_form_tag_file() {
 …
         // Get upload dir
+        $path = dnd_get_upload_dir( true ); // ok
+        $folder = isset( $_POST['upload_folder'] ) ? sanitize_text_field( $_POST['upload_folder'] ) : null;
+        $path   = dnd_get_upload_dir( $folder ); // ok
         // input type file 'name'
 …
         $filename = wp_basename( $file['name'] );
         $filename = wpcf7_canonicalize( $filename, 'as-is' );
+        $filename = sanitize_file_name( $filename ); // sanitize filename
+        // Check unique name
+        $filename = wp_unique_filename( $path['upload_dir'], $filename );
         // Get file extension
         $extension = strtolower( pathinfo( $filename, PATHINFO_EXTENSION ) );
-        // Check unique name
-        $filename = wp_unique_filename( $path['upload_dir'], $filename );
         // Validate File Types (if supported type is set to "*")
         if ( $supported_type == '*' ) {
             $file_type          = wp_check_filetype( $file['name'] );
             $not_allowed_ext    = array( 'phar', 'svg',  ); // not allowed file type.
+            $file_type          = wp_check_filetype( $filename );
+            $not_allowed_ext    = array( 'phar', 'svg', 'php5', 'php7', 'php8' ); // not allowed file type.
             $type_ext           = ( $file_type['ext'] !== false ? strtolower( $file_type['ext'] ) : $extension );
             $error_invalid_type = dnd_cf7_settings('drag_n_drop_error_invalid_file') ?: dnd_cf7_error_msg('invalid_type');
 …
         // validate file type
         if ( ( ! preg_match( $file_type_pattern, $file['name'] ) || ! dnd_cf7_validate_type( $extension, $supported_type ) ) && $supported_type != '*' ) {
+        if ( ( ! preg_match( $file_type_pattern, $filename ) || ! dnd_cf7_validate_type( $extension, $supported_type ) ) && $supported_type != '*' ) {
             wp_send_json_error( dnd_cf7_settings('drag_n_drop_error_invalid_file') ? dnd_cf7_settings('drag_n_drop_error_invalid_file') : dnd_cf7_error_msg('invalid_type') );
+        }
         // validate mime type
         if( $supported_type && $supported_type != '*' ){
+        if ( $supported_type && $supported_type != '*' ){
             // wheather if we validate mime type
             $validate_mime = apply_filters('dnd_cf7_validate_mime', false );
+            if( $validate_mime ){
+                if( ! function_exists('wp_check_filetype_and_ext') ){
+            if ( $validate_mime ) {
+                if ( ! function_exists('wp_check_filetype_and_ext') ){
                     require_once ABSPATH .'wp-admin/includes/file.php';
+                }
 …
                 $valid_mimes = explode('|', $supported_type); // array[png, jpg]
                 if( empty( $wp_filetype['type'] ) || empty( $wp_filetype['ext'] ) || ! in_array( $wp_filetype['ext'], $valid_mimes ) ){
+                if ( empty( $wp_filetype['type'] ) || empty( $wp_filetype['ext'] ) || ! in_array( $wp_filetype['ext'], $valid_mimes ) ){
                     wp_send_json_error( dnd_cf7_settings('drag_n_drop_error_invalid_file') ? dnd_cf7_settings('drag_n_drop_error_invalid_file') : dnd_cf7_error_msg('invalid_type') );
+                }
 …
         // validate file size limit
         if( isset( $size_limit["$cf7_upload_name"] ) && $file['size'] > $size_limit["$cf7_upload_name"] ) {
+        if ( isset( $size_limit["$cf7_upload_name"] ) && $file['size'] > $size_limit["$cf7_upload_name"] ) {
             wp_send_json_error( dnd_cf7_settings('drag_n_drop_error_files_too_large') ? dnd_cf7_settings('drag_n_drop_error_files_too_large') : dnd_cf7_error_msg('large_file') );
+        }
         // Check if string is ascii then proceed with antiscript function ( remove or clean filename )
+        if( dnd_cf7_check_ascii( $filename ) ){
+            $filename = wpcf7_antiscript_file_name( $filename );
+        $ascii_name = dnd_cf7_remove_icons( $filename );
+        if ( dnd_cf7_check_ascii( $ascii_name ) ) {
+            $filename = wpcf7_antiscript_file_name( $ascii_name );
+        }
 …
+    }
+    // Force to remove emoji in the filename.
+    function dnd_cf7_remove_icons( $filename ) {
+        return preg_replace(
+            '/[\x{1F000}-\x{1FAFF}'
+            . '\x{2600}-\x{27BF}'
+            . '\x{1F1E6}-\x{1F1FF}'
+            . '\x{200D}'
+            . '\x{FE00}-\x{FE0F}'
+            . '\x{1F3FB}-\x{1F3FF}]/u',
+            '',
+            $filename
+        );
+    }
     // Check if a string is ASCII.
     function dnd_cf7_check_ascii( $string ) {
+        $string = sanitize_file_name( $string );
         if ( function_exists( 'mb_check_encoding' ) ) {
             if ( mb_check_encoding( $string, 'ASCII' ) ) {
 …
             // Validate path if it's match on the current folder
             $unique_id      = dnd_cf7_get_unique_id();
+            $unique_id      = isset( $_POST['upload_folder'] ) ? sanitize_file_name( $_POST['upload_folder'] ) : '';
             $current_folder = trim( dirname( $path ) );
             $file_name      = wp_basename( $path ); // added Aug 2025
             $current_path   = $dir['upload_dir'] .'/'. sanitize_file_name( $unique_id ) .'/'. $file_name;
+            $current_path   = $dir['upload_dir'] .'/'. $unique_id .'/'. $file_name;
             // Validate unique id.
 …
+            }
             // Validate cookie and current_folder to ensure they match.
+            // Validate unique id and current_folder to ensure they match.
             if ( ( $unique_id !== $current_folder ) || ! file_exists( $current_path ) || preg_match( '#\.\.[/\\\\]#', $path ) ) {
                 wp_send_json_error( 'Error: Unauthorized Request!' );
 …
     // list of not allowed extensions.
     function dnd_cf7_not_allowed_ext() {
         return array( 'svg', 'phar', 'php', 'php3','php4','phtml','exe','script', 'app', 'asp', 'bas', 'bat', 'cer', 'cgi', 'chm', 'cmd', 'com', 'cpl', 'crt', 'csh', 'csr', 'dll', 'drv', 'fxp', 'flv', 'hlp', 'hta', 'htaccess', 'htm', 'htpasswd', 'inf', 'ins', 'isp', 'jar', 'js', 'jse', 'jsp', 'ksh', 'lnk', 'mdb', 'mde', 'mdt', 'mdw', 'msc', 'msi', 'msp', 'mst', 'ops', 'pcd', 'pif', 'pl', 'prg', 'ps1', 'ps2', 'py', 'rb', 'reg', 'scr', 'sct', 'sh', 'shb', 'shs', 'sys', 'swf', 'tmp', 'torrent', 'url', 'vb', 'vbe', 'vbs', 'vbscript', 'wsc', 'wsf', 'wsf', 'wsh' );
+        return array( 'html', 'svg', 'phar', 'php', 'php3','php4','pht', 'php5', 'php7', 'php8', 'xhtml','shtml', 'mhtml', 'dhtml', 'phtml','exe','script', 'app', 'asp', 'bas', 'bat', 'cer', 'cgi', 'chm', 'cmd', 'com', 'cpl', 'crt', 'csh', 'csr', 'dll', 'drv', 'fxp', 'flv', 'hlp', 'hta', 'htaccess', 'htm', 'htpasswd', 'inf', 'ins', 'isp', 'jar', 'js', 'jse', 'jsp', 'ksh', 'lnk', 'mdb', 'mde', 'mdt', 'mdw', 'msc', 'msi', 'msp', 'mst', 'ops', 'pcd', 'pif', 'pl', 'prg', 'ps1', 'ps2', 'py', 'rb', 'reg', 'scr', 'sct', 'sh', 'shb', 'shs', 'sys', 'swf', 'tmp', 'torrent', 'url', 'vb', 'vbe', 'vbs', 'vbscript', 'wsc', 'wsf', 'wsf', 'wsh' );
+    }
 …
+    }
+    // Get the default Media max upload size.
     function dnd_cf7_max_upload() {
         $max    = wp_max_upload_size();
 …
         return round( $max_mb, 2 ) . ' MB';
+    }
-    // Generate cookie (Cookie expiration 12 Hours)
-    function dnd_cf7_generate_cookie() {
-    ?>
-        <script type="text/javascript">
-            function dnd_cf7_generateUUIDv4() {
-                const bytes = new Uint8Array(16);
-                crypto.getRandomValues(bytes);
-                bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4
-                bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant 10
-                const hex = Array.from(bytes, b => b.toString(16).padStart(2, "0")).join("");
-                return hex.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, "$1-$2-$3-$4-$5");
+            }
-            document.addEventListener("DOMContentLoaded", function() {
-                if ( ! document.cookie.includes("wpcf7_guest_user_id")) {
-                    document.cookie = "wpcf7_guest_user_id=" + dnd_cf7_generateUUIDv4() + "; path=/; max-age=" + (12 * 3600) + "; samesite=Lax";
+                }
-            });
-        </script>
-    <?php
+    }

drag-and-drop-multiple-file-upload-contact-form-7/trunk/readme.txt

-                      r3465187
+                      r3475121
 Requires at least: 3.0.1
 Tested up to: 6.9
 Stable tag: 1.3.9.5
+Stable tag: 1.3.9.6
 Requires PHP: 5.2.4
 License: GPLv2 or later
 …
 * [Order Files for WooCommerce](https://www.codedropz.com/woo-order-files/)
 An extension that attach files to existing WooCommerce orders, allowing both customers and admins to upload and manage files easily.
+An extension that attach files to existing **WooCommerce orders**, allowing both customers and admins to upload and manage files easily.
 * [Easy File Upload & Approval](https://wordpress.org/plugins/easy-file-upload-approval/)
 …
 == Changelog ==
+= 1.3.9.6 =
+- New : Replaced cookies with localStorage for unique upload folder generation.
+- Security :  Unauthenticated Arbitrary File Upload (Reported by Thomas Sanzey via WordFence) - user able to upload "php5 - php8" for non ascii filename by bypassing extensions present in the blacklists.
 = 1.3.9.5 =
 - Hot Fix: Minor spelling mistakes.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: