Can somebody please help in blocking the binary files in contact form 7 i.e if game.exe is renamed as game.docx and uploaded then it has to be blocked
So far i've tried adding the below code in wp-includes/functions.php
add_filter('wpcf7_validate_file*', 'cf7_custom_file_validation', 10, 2);
add_filter('wpcf7_validate_file', 'cf7_custom_file_validation', 10, 2);
function cf7_custom_file_validation ($result, $tag) {
if ($tag->name === 'your-file') {
$contentType = mime_content_type($_FILES[$tag->name]['tmp_name']);
if ($contentType !== 'application/docx' && $contentType !== 'application/pdf' && $contentType !== 'application/doc'&& $contentType !== 'application/rtf') {
$result->invalidate($tag, 'This file type is not supported');
}
}
return $result;
}
This allows me to upload the pdf files and it checks for pdf if binary and blocks. but in rtf, doc and docx it doesn't work
This is because you are checking for wrong mime-types.
.doc: application/msword
.docx: application/vnd.openxmlformats-officedocument.wordprocessingml.document