Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

namespace WPForms\Forms\Fields\Traits;

[2] Fix | Delete

[3] Fix | Delete

/**

[4] Fix | Delete

* File Entry Preview Trait.

[5] Fix | Delete

[6] Fix | Delete

* Contains common methods for displaying file uploads in entries and emails.

[7] Fix | Delete

[8] Fix | Delete

* @since 1.9.8

[9] Fix | Delete

[10] Fix | Delete

trait FileDisplayTrait {

[11] Fix | Delete

[12] Fix | Delete

/**

[13] Fix | Delete

* Format field value for display in Entries.

[14] Fix | Delete

[15] Fix | Delete

* @since 1.9.8

[16] Fix | Delete

[17] Fix | Delete

* @param string|mixed $val Field value.

[18] Fix | Delete

* @param array $field Field data.

[19] Fix | Delete

* @param array $form_data Form data.

[20] Fix | Delete

* @param string $context Display context.

[21] Fix | Delete

[22] Fix | Delete

* @return string

[23] Fix | Delete

[24] Fix | Delete

public function html_field_value( $val, array $field, array $form_data = [], string $context = '' ): string {

[25] Fix | Delete

[26] Fix | Delete

$val = (string) $val;

[27] Fix | Delete

[28] Fix | Delete

if ( $field['type'] !== $this->type ) {

[29] Fix | Delete

return $val;

[30] Fix | Delete

}

[31] Fix | Delete

[32] Fix | Delete

$field = $this->entry_preview_prepare_field_value( $field, $form_data, $context );

[33] Fix | Delete

[34] Fix | Delete

// Return early if there is no value at all.

[35] Fix | Delete

if ( empty( $field['value'] ) && empty( $field['value_raw'] ) ) {

[36] Fix | Delete

return $val;

[37] Fix | Delete

}

[38] Fix | Delete

[39] Fix | Delete

// Process modern uploader.

[40] Fix | Delete

if ( ! empty( $field['value_raw'] ) ) {

[41] Fix | Delete

return $this->process_modern_uploader( $field, $context );

[42] Fix | Delete

}

[43] Fix | Delete

[44] Fix | Delete

// Process classic uploader.

[45] Fix | Delete

if ( $this->is_entry_preview( $context ) ) {

[46] Fix | Delete

return $this->entry_preview_file_link_html( $field, $this->get_file_url( $field ) );

[47] Fix | Delete

}

[48] Fix | Delete

[49] Fix | Delete

return $this->get_file_link_html( $field, $context );

[50] Fix | Delete

}

[51] Fix | Delete

[52] Fix | Delete

/**

[53] Fix | Delete

* Get file link HTML.

[54] Fix | Delete

[55] Fix | Delete

* @since 1.9.8

[56] Fix | Delete

[57] Fix | Delete

* @param array $file File data.

[58] Fix | Delete

* @param string $context Value display context.

[59] Fix | Delete

[60] Fix | Delete

* @return string

[61] Fix | Delete

* @noinspection HtmlUnknownTarget

[62] Fix | Delete

[63] Fix | Delete

private function get_file_link_html( array $file, string $context ): string {

[64] Fix | Delete

[65] Fix | Delete

$html = in_array( $context, [ 'email-html', 'entry-single' ], true ) ? $this->file_icon_html( $file ) : '';

[66] Fix | Delete

[67] Fix | Delete

$html .= sprintf(

[68] Fix | Delete

'<a href="%s" rel="noopener noreferrer" target="_blank" style="%s">%s</a>',

[69] Fix | Delete

esc_url( $this->get_file_url( $file ) ),

[70] Fix | Delete

$context === 'email-html' ? 'padding-left:10px;' : '',

[71] Fix | Delete

esc_html( $this->get_file_name( $file ) )

[72] Fix | Delete

);

[73] Fix | Delete

[74] Fix | Delete

return $html;

[75] Fix | Delete

}

[76] Fix | Delete

[77] Fix | Delete

/**

[78] Fix | Delete

* Get the URL of a file.

[79] Fix | Delete

[80] Fix | Delete

* @since 1.9.8

[81] Fix | Delete

[82] Fix | Delete

* @param array $file File data.

[83] Fix | Delete

* @param array $args Additional query arguments.

[84] Fix | Delete

[85] Fix | Delete

* @return string

[86] Fix | Delete

[87] Fix | Delete

public function get_file_url( array $file, array $args = [] ): string {

[88] Fix | Delete

[89] Fix | Delete

$file_url = $file['value'] ?? '';

[90] Fix | Delete

[91] Fix | Delete

if ( ! empty( $file['protection_hash'] ) ) {

[92] Fix | Delete

$args = wp_parse_args(

[93] Fix | Delete

$args,

[94] Fix | Delete

[

[95] Fix | Delete

'wpforms_uploaded_file' => $file['protection_hash'],

[96] Fix | Delete

]

[97] Fix | Delete

);

[98] Fix | Delete

[99] Fix | Delete

$file_url = add_query_arg( $args, home_url() );

[100] Fix | Delete

}

[101] Fix | Delete

[102] Fix | Delete

/**

[103] Fix | Delete

* Allow modifying the URL of a file.

[104] Fix | Delete

[105] Fix | Delete

* @since 1.9.8

[106] Fix | Delete

[107] Fix | Delete

* @param string $file_url File URL.

[108] Fix | Delete

* @param array $file File data.

[109] Fix | Delete

[110] Fix | Delete

return (string) apply_filters( 'wpforms_pro_fields_file_upload_get_file_url', $file_url, $file );

[111] Fix | Delete

}

[112] Fix | Delete

[113] Fix | Delete

/**

[114] Fix | Delete

* Get the name of a file.

[115] Fix | Delete

[116] Fix | Delete

* @since 1.9.8

[117] Fix | Delete

[118] Fix | Delete

* @param array $file File data.

[119] Fix | Delete

[120] Fix | Delete

* @return string

[121] Fix | Delete

[122] Fix | Delete

public function get_file_name( array $file ): string {

[123] Fix | Delete

[124] Fix | Delete

if ( ! $this->is_file_protected( $file ) ) {

[125] Fix | Delete

return $file['file_original'];

[126] Fix | Delete

}

[127] Fix | Delete

[128] Fix | Delete

$ext = $file['ext'] ?? '';

[129] Fix | Delete

[130] Fix | Delete

return sprintf( '%s.%s', hash( 'crc32b', $file['file_original'] ), $ext );

[131] Fix | Delete

}

[132] Fix | Delete

[133] Fix | Delete

/**

[134] Fix | Delete

* Check if the file is protected.

[135] Fix | Delete

[136] Fix | Delete

* @since 1.9.8

[137] Fix | Delete

[138] Fix | Delete

* @param array $file_data File data.

[139] Fix | Delete

[140] Fix | Delete

* @return bool True if the file is protected, false otherwise.

[141] Fix | Delete

[142] Fix | Delete

private function is_file_protected( array $file_data ): bool {

[143] Fix | Delete

[144] Fix | Delete

return ! empty( $file_data['protection_hash'] );

[145] Fix | Delete

}

[146] Fix | Delete

[147] Fix | Delete

/**

[148] Fix | Delete

* Get file icon HTML.

[149] Fix | Delete

[150] Fix | Delete

* @since 1.9.8

[151] Fix | Delete

[152] Fix | Delete

* @param array $file_data File data.

[153] Fix | Delete

[154] Fix | Delete

* @return string

[155] Fix | Delete

* @noinspection HtmlUnknownTarget

[156] Fix | Delete

[157] Fix | Delete

public function file_icon_html( array $file_data ): string {

[158] Fix | Delete

[159] Fix | Delete

$src = esc_url( $file_data['value'] );

[160] Fix | Delete

$ext_types = wp_get_ext_types();

[161] Fix | Delete

[162] Fix | Delete

if ( $this->is_file_protected( $file_data ) || ! in_array( $file_data['ext'], $ext_types['image'], true ) ) {

[163] Fix | Delete

$src = wp_mime_type_icon( wp_ext2type( $file_data['ext'] ) ?? '' );

[164] Fix | Delete

} elseif ( ! empty( $file_data['attachment_id'] ) ) {

[165] Fix | Delete

$image = wp_get_attachment_image_src( $file_data['attachment_id'], [ 16, 16 ], true );

[166] Fix | Delete

$src = $image ? $image[0] : $src;

[167] Fix | Delete

}

[168] Fix | Delete

[169] Fix | Delete

return sprintf( '<img width="16" height="16" src="%s" alt="" />', esc_url( $src ) );

[170] Fix | Delete

}

[171] Fix | Delete

[172] Fix | Delete

/**

[173] Fix | Delete

* Prepare field value for entry preview.

[174] Fix | Delete

[175] Fix | Delete

* @since 1.9.9

[176] Fix | Delete

[177] Fix | Delete

* @param array $field Field data.

[178] Fix | Delete

* @param array $form_data Form data.

[179] Fix | Delete

* @param string $context Display context.

[180] Fix | Delete

[181] Fix | Delete

* @return array

[182] Fix | Delete

[183] Fix | Delete

private function entry_preview_prepare_field_value( array $field, array $form_data, string $context ): array {

[184] Fix | Delete

[185] Fix | Delete

if ( ! empty( $field['value'] ) || ! empty( $field['value_raw'] ) || ! $this->is_entry_preview( $context ) ) {

[186] Fix | Delete

return $field;

[187] Fix | Delete

}

[188] Fix | Delete

[189] Fix | Delete

$this->form_id = absint( $form_data['id'] );

[190] Fix | Delete

$this->field_id = absint( $field['id'] );

[191] Fix | Delete

$input_name = $this->get_input_name();

[192] Fix | Delete

[193] Fix | Delete

// Modern uploader: data (JSON) in $_POST.

[194] Fix | Delete

$raw_json = isset( $_POST[ $input_name ] ) ? sanitize_text_field( wp_unslash( $_POST[ $input_name ] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Missing

[195] Fix | Delete

[196] Fix | Delete

if ( $raw_json !== '' && wpforms_is_json( $raw_json ) ) {

[197] Fix | Delete

$files = json_decode( $raw_json, true );

[198] Fix | Delete

[199] Fix | Delete

if ( ! empty( $files ) ) {

[200] Fix | Delete

$field['value_raw'] = array_map(

[201] Fix | Delete

static function ( $file ) {

[202] Fix | Delete

$name = $file['name'] ?? '';

[203] Fix | Delete

[204] Fix | Delete

return [

[205] Fix | Delete

'value' => $file['url'] ?? '',

[206] Fix | Delete

'file_original' => $name,

[207] Fix | Delete

'ext' => strtolower( pathinfo( $name, PATHINFO_EXTENSION ) ),

[208] Fix | Delete

];

[209] Fix | Delete

[210] Fix | Delete

$files

[211] Fix | Delete

);

[212] Fix | Delete

}

[213] Fix | Delete

[214] Fix | Delete

return $field;

[215] Fix | Delete

}

[216] Fix | Delete

[217] Fix | Delete

// Classic uploader: data in $_FILES.

[218] Fix | Delete

$files = $_FILES[ $input_name ]['name'] ?? []; // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

[219] Fix | Delete

$files = is_array( $files ) ? $files : [ $files ];

[220] Fix | Delete

$files = array_filter( array_map( 'sanitize_file_name', $files ) );

[221] Fix | Delete

[222] Fix | Delete

if ( ! empty( $files ) ) {

[223] Fix | Delete

$field['value_raw'] = array_map(

[224] Fix | Delete

static function ( $file ) {

[225] Fix | Delete

[226] Fix | Delete

return [

[227] Fix | Delete

'value' => '', // No public URL available.

[228] Fix | Delete

'file_original' => $file,

[229] Fix | Delete

'ext' => strtolower( pathinfo( $file, PATHINFO_EXTENSION ) ),

[230] Fix | Delete

];

[231] Fix | Delete

[232] Fix | Delete

$files

[233] Fix | Delete

);

[234] Fix | Delete

}

[235] Fix | Delete

[236] Fix | Delete

return $field;

[237] Fix | Delete

}

[238] Fix | Delete

[239] Fix | Delete

/**

[240] Fix | Delete

* Process modern uploader.

[241] Fix | Delete

[242] Fix | Delete

* @since 1.9.9

[243] Fix | Delete

[244] Fix | Delete

* @param array $field Field data.

[245] Fix | Delete

* @param string $context Value display context.

[246] Fix | Delete

[247] Fix | Delete

* @return string

[248] Fix | Delete

[249] Fix | Delete

private function process_modern_uploader( array $field, string $context ): string {

[250] Fix | Delete

[251] Fix | Delete

$values = $context === 'entry-table' ? array_slice( $field['value_raw'], 0, 3, true ) : $field['value_raw'];

[252] Fix | Delete

$html = '';

[253] Fix | Delete

$submitted_fields = ! empty( $_POST['wpforms'] ) ? stripslashes_deep( $_POST['wpforms'] ) : []; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Missing

[254] Fix | Delete

$is_entry_preview = $this->is_entry_preview( $context );

[255] Fix | Delete

[256] Fix | Delete

foreach ( $values as $key => $file ) {

[257] Fix | Delete

[258] Fix | Delete

$src = $this->get_file_url( $file );

[259] Fix | Delete

[260] Fix | Delete

// If the temp file doesn't exist, fallback to submitted field data if set.

[261] Fix | Delete

if ( $is_entry_preview && ! file_exists( $src ) && isset( $submitted_fields['complete'][ $field['id'] ]['value_raw'][ $key ] ) ) {

[262] Fix | Delete

$file = $submitted_fields['complete'][ $field['id'] ]['value_raw'][ $key ];

[263] Fix | Delete

$src = $this->get_file_url( $file );

[264] Fix | Delete

}

[265] Fix | Delete

[266] Fix | Delete

// Normalize structure ( pre-submit uses url/name; post-submit uses value/file_original ).

[267] Fix | Delete

if ( empty( $file['value'] ) && ! empty( $file['url'] ) ) {

[268] Fix | Delete

$file['value'] = $file['url'];

[269] Fix | Delete

}

[270] Fix | Delete

[271] Fix | Delete

if ( empty( $file['file_original'] ) && ! empty( $file['name'] ) ) {

[272] Fix | Delete

$file['file_original'] = $file['name'];

[273] Fix | Delete

}

[274] Fix | Delete

[275] Fix | Delete

if ( empty( $file['ext'] ) ) {

[276] Fix | Delete

$source = $file['file_original'] ?? ( $file['name'] ?? '' );

[277] Fix | Delete

$file['ext'] = strtolower( pathinfo( $source, PATHINFO_EXTENSION ) );

[278] Fix | Delete

}

[279] Fix | Delete

[280] Fix | Delete

if ( empty( $file['file_original'] ) ) {

[281] Fix | Delete

continue;

[282] Fix | Delete

}

[283] Fix | Delete

[284] Fix | Delete

if ( $is_entry_preview ) {

[285] Fix | Delete

$html .= $this->entry_preview_file_link_html( $file, $src );

[286] Fix | Delete

[287] Fix | Delete

continue;

[288] Fix | Delete

}

[289] Fix | Delete

[290] Fix | Delete

$html .= $this->get_file_link_html( $file, $context ) . ' ';

[291] Fix | Delete

}

[292] Fix | Delete

[293] Fix | Delete

if ( count( $values ) < count( $field['value_raw'] ) ) {

[294] Fix | Delete

$html .= '…';

[295] Fix | Delete

}

[296] Fix | Delete

[297] Fix | Delete

return $html;

[298] Fix | Delete

}

[299] Fix | Delete

[300] Fix | Delete

/**

[301] Fix | Delete

* Get file link HTML for entry preview.

[302] Fix | Delete

* Show image previews, non-images as plain text.

[303] Fix | Delete

[304] Fix | Delete

* @since 1.9.9

[305] Fix | Delete

[306] Fix | Delete

* @param array $file File data.

[307] Fix | Delete

* @param string $src File source.

[308] Fix | Delete

[309] Fix | Delete

* @return string

[310] Fix | Delete

[311] Fix | Delete

private function entry_preview_file_link_html( array $file, string $src ): string {

[312] Fix | Delete

[313] Fix | Delete

$filename = esc_html( $this->get_file_name( $file ) );

[314] Fix | Delete

$is_image = in_array( $file['ext'] ?? '', wp_get_ext_types()['image'], true );

[315] Fix | Delete

[316] Fix | Delete

// If we have a URL, display an inline thumbnail preview.

[317] Fix | Delete

if ( $is_image && ! empty( $src ) ) {

[318] Fix | Delete

return sprintf(

[319] Fix | Delete

'<img src="%1$s" alt="%2$s"/>%2$s',

[320] Fix | Delete

esc_url( $src ),

[321] Fix | Delete

esc_html( $filename )

[322] Fix | Delete

);

[323] Fix | Delete

}

[324] Fix | Delete

[325] Fix | Delete

// Show the file name otherwise.

[326] Fix | Delete

return sprintf( '%1$s', $filename );

[327] Fix | Delete

}

[328] Fix | Delete

[329] Fix | Delete

/**

[330] Fix | Delete

* Check if the context is an entry preview.

[331] Fix | Delete

[332] Fix | Delete

* @since 1.9.9

[333] Fix | Delete

[334] Fix | Delete

* @param string $context Value display context.

[335] Fix | Delete

[336] Fix | Delete

* @return bool True if the context is entry preview, false otherwise.

[337] Fix | Delete

[338] Fix | Delete

private function is_entry_preview( string $context ): bool {

[339] Fix | Delete

[340] Fix | Delete

return $context === 'entry-preview';

[341] Fix | Delete

}

[342] Fix | Delete

[343] Fix | Delete

/**

[344] Fix | Delete

* Get the input name for the field.

[345] Fix | Delete

[346] Fix | Delete

* @since 1.9.9

[347] Fix | Delete

[348] Fix | Delete

* @return string

[349] Fix | Delete

[350] Fix | Delete

public function get_input_name(): string {

[351] Fix | Delete

[352] Fix | Delete

return sprintf( 'wpforms_%d_%d', $this->form_id, $this->field_id );

[353] Fix | Delete

}

[354] Fix | Delete

}

[355] Fix | Delete

[356] Fix | Delete