How to allow specific extensions and file size to wp_mail attachment?

I am trying to create a form with an attachment option that will be sent to an email when the form is submitted on a word press site.

My code work fine and it sends email in a HTML table format to my email address. Also I am able to send attachment using the code. The issue arises when I consider the attachment file extensions and file size. I do not know that how to restrict big size of files and set attachments for some allowed extensions only.

Read More

My code is:

<?php
//Setup an empty array.
$errors = array(); 
    if($_POST["submit"]) {
    $to = "myemail@gmail.com";
    $subject = "New reservations request";
    $hotel = $_POST["hotel_url"];
    $sender = $_POST["sendername"];
    $senderEmail = $_POST["senderEmail"];

    //Check the name and make sure that it isn't a blank/empty string.
    if(empty($sender)){
        //Blank string, add error to $errors array.        
        $errors['sendername'] = "Please enter your name!";
    }

    /*  attachment */   
    move_uploaded_file($_FILES["attachment"]["tmp_name"],WP_CONTENT_DIR .'/uploads/'.basename($_FILES['attachment']['name']));
    $attachments = array(WP_CONTENT_DIR ."/uploads/".$_FILES["attachment"]["name"]);    

    if(empty($errors)){

        $mailBody = "<table border='1'>
                       <tr>
                        <th>No</td>
                        <th>Item</td>
                        <th>Description</td>
                       </tr>
                       <tr>
                        <td>01</td>
                        <td>Hotel</td>
                        <td>$hotel</td>
                       </tr>
                       <tr>
                        <td>02</td>
                        <td>Name</td>
                        <td>$sender</td>
                       </tr>
                       <tr>
                        <td>03</td>
                        <td>E-Mail</td>
                        <td>$senderEmail</td>
                       </tr>
                    </table>";  

            $headers = array('From: '.$_POST['sendername'].' <'.$_POST['senderEmail'].'>');

            $mail_sent = wp_mail( $to, $subject, $mailBody, $headers, $attachments );   
        }
    }

    if ($mail_sent) {
?>
    <p>Request sent</p>

<?php 
} else {
?>

<form id="" name="" action="<?php echo get_permalink(); ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="hotel_url" value="<?php echo get_permalink();?>" />

    <div class="section-heading"><h6>Your Details</h6></div>    
    <div class="label-input-wrapper">
        <div class="form-label">Name</div>
        <div class="form-input">
            <input type="text" name="sendername"/>
            <?php if(isset($errors['sendername'])) { echo '<span style="color: red">'.$errors['sendername'].'</span>'; } ?>
        </div>
    </div>

    <div class="label-input-wrapper">
        <div class="form-label">E-Mail</div>
            <div class="form-input">
                <input type="email" name="senderEmail" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+.[a-z]{2,4}$" required value="<?PHP if(!empty($errors)) { echo $senderEmail;} ?>"/>
            </div>
    </div>  

    <label for='uploaded_file'>Select A File To Upload:</label>
    <input type="file" name="attachment">

    <input type="submit" value="Submit" name="submit">
</form>

<?php
}
?>

The above code send the attachment to my mail and gets saved into my uploads directory.
I know I have to do something around this area /* attachment */ to allow specific extensions and size of the file. but how to do that?
eg: if I have to allow .png, .jpg, .pdf only and the maximum file is 1mb how can I do that? where and what code I have to amend into the above codes?

Related posts

Leave a Reply

1 comment

  1. It is possible to check the extension of the uploaded file, however this is not a good guarantee that it is actually that file type (since you are trusting the client to send you the info). A better way to do this would be to check the file on the server after it has been uploaded, but before it is attached to the email. You can do this for images with exif_imagetype(). The file size can be gotten in bytes using the aptly named filesize() function.

    To check for different image mime types (assuming they are all images from your question)

    // some number of max bytes for the attachment (1mb)
    $file_max_bytes = 1000000;
    // valid mime types for the upload
    $mime_types = array( IMAGETYPE_PDF, IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF );
    
    // tmp uploaded file
    $file_name = $_FILES['attachment']['tmp_name'];
    
    // info about the uploaded file, type and size
    $mime_type = exif_imagetype( $file_name );
    $file_size_bytes = filesize( $file_name );
    
    // in list of valid types and less than max size?
    if ( in_array( $mime_type, $mime_types ) && ( $file_size_bytes < $file_max_bytes ) ){
        // valid, attach and send here
    } else {
        // invalid, wrong type or too big, respond with error
    }