namespace WPForms\Forms\Fields\Traits;
* File extensions that are not allowed.
* Get all allowed extensions.
* Check against user-entered extensions.
protected function get_extensions(): array {
// Allowed file extensions by default.
$default_extensions = $this->get_default_extensions();
// Allowed file extensions.
$extensions = ! empty( $this->field_data['extensions'] ) ? explode( ',', $this->field_data['extensions'] ) : $default_extensions;
return wpforms_chain( $extensions )
static function ( $ext ) {
return strtolower( preg_replace( '/[^A-Za-z0-9_-]/', '', $ext ) );
->array_intersect( $default_extensions )
* Determine the max-allowed file size in bytes as per field options.
* @return int Number of bytes allowed.
public function max_file_size(): int {
if ( ! empty( $this->field_data['max_size'] ) ) {
// Strip any suffix provided (e.g., M, MB, etc.), which leaves us with the raw MB value.
$max_size = preg_replace( '/[^0-9.]/', '', $this->field_data['max_size'] );
return wpforms_size_to_bytes( $max_size . 'M' );
return (int) wpforms_max_upload( true );
* Get default extensions supported by WordPress
* without those that we manually denylist.
protected function get_default_extensions(): array {
return wpforms_chain( get_allowed_mime_types() )
->array_diff( $this->denylist )
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
