Here is my problem:
In a form made by Contact Form 7 I allow the download of a pdf, jpg, or jpeg file type.
My concern is that the extension control is not fully performed.
Indeed, if I take a "test.exe" file and rename it "text.jpg", I can submit my form and there's no errors...
Is there a solution to test this? (e.g. by the mime test)
And if so where should I implement code?
Thank you in advance for your answers and sorry for my English (I am French...)
For those who have the same question, here my solution :
In wp-includes/functions.php :
add_filter('wpcf7_validate_file*', 'cf7_custom_file_validation', 10, 2);
add_filter('wpcf7_validate_file', 'cf7_custom_file_validation', 10, 2);
function cf7_custom_file_validation ($result, $tag) {
if ($tag->name === 'file-586') {
$contentType = mime_content_type($_FILES[$tag->name]['tmp_name']);
if ($contentType !== 'image/png' && $contentType !== 'image/jpeg' && $contentType !== 'application/pdf') {
$result->invalidate($tag, 'Ce type de fichier n\'est pas supporté');
}
}
return $result;
}
I found for you some usefull answers in our forum:
PHP Uploading files - image only checking
Try this answer:
<?php
function isImage($img){
return (bool)getimagesize($img);
}
?>
Posted by Jeremy Harris.
Here is manual of getimagesize()
http://php.net/manual/pl/function.getimagesize.php
Wordpress uses the filter upload_mimes to control what MIME types are allowed site-wide. You can customize this list by adding the following to wp-includes/functions.php:
function safe_mime_types($mime_types){
unset($mime_types['exe']); //remove .exe support
return $mime_types;
}
add_filter('upload_mimes', 'safe_mime_types', 1, 1);
You can also add acceptable MIME types:
function safe_mime_types($mime_types){
$mime_types['svg'] = 'image/svg+xml'; //add .svg support
unset($mime_types['exe']);
return $mime_types;
}
add_filter('upload_mimes', 'safe_mime_types', 1, 1);
Related
I'm working on a multilingual wordpress website using the Polylang plug-in on pages and custom post types.
What I'm looking for is a way to have every post synch automatically, without user input. When creating a new post type, a translation would be automatically created and all contents copied.
So the user wouldn't see this panel at all, or at least not have the chance to edit the translation or (especially) turn the sync off. I guess this could be done by changing user roles privileges but the post would definitely have to automatically sync.
I checked this article but it didn't do anything.
Needed something similar, dug up this undocumented function:
global $polylang;
// third parameter sets synchronisation
$polylang->sync_post_model->copy_post($post_id, $lang, true);
This duplicates the content to the chosen language and enables synchronisation.
Example using 'save_post:
function auto_translate($post_id, $post, $update)
{
if (!$update) {
return;
}
// prevent recursion when publishing translations
remove_action('save_post', 'auto_translate', 999, 3);
global $polylang;
$langs = ['nb', 'se', 'dk'];
$current_translations = pll_get_post_translations($post_id);
foreach ($langs as $lang) {
if (!isset($current_translations[$lang])) {
$polylang->sync_post_model->copy_post($post_id, $lang, true);
}
}
}
// needs low priority or the synchronisation option wont be saved
add_action('save_post', 'auto_translate', 999, 3);
The solution offered by steinoy is good but generates an additional unwanted draft post. Here's an improved solution:
function auto_translate($post_id, $post, $update)
{
if (!$update) {
return;
}
// prevent creation of additional duplicate draft posts
if ( $post->post_status == 'draft' ){
return;
}
// prevent recursion when publishing translations
remove_action('save_post', 'auto_translate', 999, 3);
global $polylang;
$langs = ['nb', 'se', 'dk'];
$current_translations = pll_get_post_translations($post_id);
$post_type = get_post_type($post_id);
if ($post_type == 'post') {
foreach ($langs as $lang) {
if (!isset($current_translations[$lang])) {
$polylang->sync_post_model->copy_post($post_id, $lang, true);
}
}
}
}
// needs low priority or the synchronisation option wont be saved
add_action('save_post', 'auto_translate', 999, 3);
I am trying to write a wordpress filter that would change the post status to trash if it contains explicit words, but I can't manage to get it to work. Could you please help me?
This is what I got so far:
add_filter('wp_insert_post_data', 'delete_invalid_posts', '99');
function delete_invalid_posts($data) {
$false_titles = array("*****", "******");
if (in_array($data['post_title'], $false_titles) {
// If post data is invalid then
$data['post_status'] = 'trash';
}
return $data;
}
If you want to search the title for Explicit Words, you may use this code:
add_filter('wp_insert_post_data', 'delete_invalid_posts', 99);
function delete_invalid_posts($data) {
$false_titles = array("*****", "******");
$title_arr = explode(' ', $data['post_title']);
$found = array_intersect($false_titles, $title_arr);
if (!empty($found)) {
$data['post_status'] = 'trash';
}
return $data;
}
I've not tested the code, So try it and if you have any question don't hesitate to ask.
I might be wrong, but I think you are missing a closing parentheses here...?
Are you getting an error message?
if (in_array($data['post_title'], $false_titles) // <--- HERE should be a ")"
Like I said, I could be mistaken or there may be other issues...
I need to find the file uploaded path on node_presave hook
function hooks_example_node_presave(EntityInterface $node) {
var_dump($node->field_image_upload->getValue()); exit;
}
This is what I tried. Help would be appreciated.
Thanks
Raj
I found solutions. Following will get the uploaded file url.
$node->field_image_upload->entity->url()
You need to write this
function hooks_example_node_presave(Drupal\Core\Entity\EntityInterface $entity) {
$image = $entity->field_seedit_thumbnail_image->getValue();
$fid = !empty($image[0]['target_id']) ? $image[0]['target_id'] : '';
}
I'm trying to load a RSS feed with Wordpress's built-in SimplePie.
include_once(ABSPATH . WPINC . '/feed.php');
$rssURL = 'http://missionstkitts.blogspot.com//feeds/posts/default';
$rss = fetch_feed($rssURL);
To debug, I used print_r($rss); and I get a WordPress error object:
WP_Error Object
(
[errors] => Array
(
[simplepie-error] => Array
(
[0] => WP HTTP Error: A valid URL was not provided.
)
)
[error_data] => Array
(
)
)
But, frustratingly, if I print $rssURL and then copy and paste it it goes straight to the correct feed. What is going on?
Since this is the first hit in google, probably worth me adding this possible solution:
For our instance - an intranet site, pulling an rss feed from another internal page, which in-turn resolves to an RFC1918 private address the feed was being blocked by Wordpress's URL checker for security reasons.
The easiest fix in my instance was to add the following to functions.php, but this does have security implications so be sure you understand it before you add it:
add_filter( 'http_request_args', function( $args ) {
$args['reject_unsafe_urls'] = false;
return $args;
} );
Further discussion and more information at - https://core.trac.wordpress.org/ticket/24646
By adding preg_match for specific urls we can minimize the amount of parsed unsafed urls:
function http_request_local( $args, $url ) {
if ( preg_match('/xml|rss|feed/', $url) ){
$args['reject_unsafe_urls'] = false;
}
return $args;
}
add_filter( 'http_request_args', 'http_request_local', 5, 2 );
So, while the above answers work, I think that there's a way to do this that is better to make sure that you're limiting the scope of where you're making the URL request to instead of allowing everything to go. So I'm proving the following information to anyone who stumbles across this just in case it helps.
This answer is useful if the resulting calls are to internal servers cross-communicating on private IPs but are still publicly accessible.
The snippet below is to be run on the site that's calling the RSS feed. The site that is providing the feed does not need this.
add_filter('http_request_host_is_external', function($bool, $host, $url){
if($url === 'https://www.example.com/news/feed/' && $host === 'www.example.com'){
return true;
}
}, 10, 3);
I am using Drupal 6.16 with a number of modules installed. I was trying to find out if there is a way to change the output of a node when a different file extension is added to the url. For example:
http://example.com/drupal?q=foo/bar - returns a normal drupal node
http://example.com/drupal?q=foo/bar.xml - returns xml output of the node
Is this even possible with Drupal? Do I have to hack the core code to get this working?
You should not need to hack the core code. There are probably several contributed modules that can do this for you.
To output an XML version of a node, check out the Views Bonus Pack module, which extends the Views module. It has basic export capabilities, including CSV, TXT, DOC, and XML. The documentation is brief, but there is a README.txt file in the views_bonus/export/ directory that gives the basic steps for creating a feed in a view that will output XML.
You can set the path for the feed, so while I don't believe the .xml extension will work, you could set up a path with an additional component like this:
http://example.com/drupal?q=foo/bar <-- normal output
http://example.com/drupal?q=foo/bar/xml <-- XML output
To change the template file that is used for a node based on the path, you can use a preprocess function in your template.php file to add a template suggestion based on the path. This takes a bit more understanding of how the template files work, but ultimately you'll have more control of the output than you will with a view.
Here is how I fixed this.
Add the custom_url_rewrite_inbound function to check for incoming request ending with .xml. If it finds a request ending with .xml it strips that off, so that the correct data can be located by the rest of the drupal machinery. It also sets 'subsite_xml_request' to true so that the appropriate theme template can be used later.
function custom_url_rewrite_inbound (&$result, $path, $path_language) {
if(preg_match('/\.xml$/', $path)) {
$search = preg_replace('/^(.*)\.xml$/', "$1", $path);
if ($src = drupal_lookup_path('source', $search, $path_language)) {
$_REQUEST['xml_request'] = true;
$result = $src;
}
}
Modify the phptemplate_preprocess_page function in your template.php to add additional '-xml' templates.
function phptemplate_preprocess_page(&$vars) {
if ($_REQUEST['xml_request']) {
if (module_exists('path')) {
$path = str_replace('/edit','',$_GET['q']);
$alias = drupal_get_path_alias($path);
if ($alias != $_GET['q']) {
$template_filename = 'page';
foreach (explode('/', $alias) as $path_part) {
$template_filename = $template_filename . '-' . $path_part;
$vars['template_files'][] = $template_filename . '-xml';
}
$vars['template_files'][] = 'page-xml';
}
}
}
}
Create the required page-xml.tpl.php