fix: file upload field allowed extension

[sapayth]

file upload field allowed extension

Summary by CodeRabbit

• Bug Fixes
  • Improved file format detection to properly recognize audio, video, office documents, and archive files regardless of file extension case. Files with extensions like .MP3, .XLSX, or .ZIP are now correctly identified and processed.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

File extension comparisons are normalized to lowercase using strtolower(), and comma-separated extension lists are converted to trimmed, case-insensitive arrays via array_map(). Extension validation now checks against consolidated, merged arrays for audio, video, office, and zip file types.

Changes

Cohort / File(s)	Summary
Extension normalization and validation wpuf-functions.php	Adds strtolower() to path extension extraction; transforms comma-separated extension strings into lowercase trimmed arrays; consolidates extension checks against merged arrays for case-insensitive file type validation across audio, video, office, and zip formats. Minor formatting adjustments with blank line additions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify that strtolower() is applied consistently to all extension comparisons
• Confirm array merge operations preserve intended extension lists without duplication or loss
• Check that in_array() calls correctly reference the normalized arrays

Poem

🐰 Extensions lowered, arrays trimmed with care,
No case confusion floating in the air—
From strings to arrays, normalized and neat,
File validation now complete! 🎉

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: normalizing file extension comparisons for file upload field validation to ensure case-insensitive extension matching.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

wpuf-functions.php (1)

1037-1056: Good fix for case-insensitive extension matching.

The normalization logic correctly handles file extensions regardless of case:

• Converts the file extension to lowercase (line 1037)
• Normalizes allowed extensions to lowercase and trims whitespace (lines 1042-1049)
• Uses strict comparison with normalized values (line 1054)

This will properly recognize files like .MP3, .Mp3, or .mp3 as playable media.

Optional performance optimization:

Consider moving the extension normalization (lines 1041-1052) outside the foreach loop at line 1027, since the same processing repeats for every attachment:

                        foreach ( $field_value as $attachment_id ) {
+                           if ( ! isset( $allowed_extensions ) ) {
+                               $wpuf_allowed_extensions  = wpuf_allowed_extensions();
+                               $allowed_audio_extensions = array_map(
+                                   'strtolower',
+                                   array_map( 'trim', explode( ',', $wpuf_allowed_extensions['audio']['ext'] ) )
+                               );
+                               $allowed_video_extensions = array_map(
+                                   'strtolower',
+                                   array_map( 'trim', explode( ',', $wpuf_allowed_extensions['video']['ext'] ) )
+                               );
+                               $allowed_extensions       = array_merge(
+                                   $allowed_audio_extensions, $allowed_video_extensions
+                               );
+                           }
                            if ( 'image_upload' === $attr['input_type'] ) {
                                $image_size = wpuf_get_option( 'insert_photo_size', 'wpuf_frontend_posting', 'thumbnail' );
                                $thumb      = wp_get_attachment_image( $attachment_id, $image_size );
                            } else {
                                $thumb = get_post_field( 'post_title', $attachment_id );
                            }

                            $full_size = wp_get_attachment_url( $attachment_id );
                            $path      = parse_url( $full_size, PHP_URL_PATH );
                            $extension = strtolower( pathinfo( $path, PATHINFO_EXTENSION ) );

                            if ( $thumb ) {
                                $playable                 = isset( $attr['playable_audio_video'] ) ? $attr['playable_audio_video'] : 'no';
-                               $wpuf_allowed_extensions  = wpuf_allowed_extensions();
-                               $allowed_audio_extensions = array_map(
-                                   'strtolower',
-                                   array_map( 'trim', explode( ',', $wpuf_allowed_extensions['audio']['ext'] ) )
-                               );
-                               $allowed_video_extensions = array_map(
-                                   'strtolower',
-                                   array_map( 'trim', explode( ',', $wpuf_allowed_extensions['video']['ext'] ) )
-                               );
-                               $allowed_extensions       = array_merge(
-                                   $allowed_audio_extensions, $allowed_video_extensions
-                               );

                                if ( 'yes' === $playable && in_array( $extension, $allowed_extensions, true ) ) {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b427741 and 0547a20.

📒 Files selected for processing (1)

• wpuf-functions.php (4 hunks)

🧰 Additional context used

🪛 GitHub Actions: Inspections

wpuf-functions.php

[warning] 1-1: The method parameter $post_id is never used

---

[error] 1-1: Processing form data without nonce verification.

🔇 Additional comments (2)

wpuf-functions.php (2)

531-568: LGTM: Formatting cleanup of extension lists.

The trailing comma removals in the extension strings are purely cosmetic changes with no functional impact.

---

4076-4087: LGTM: Array dependency support added with backward compatibility.

The implementation correctly handles both array and string dependencies:

• Array dependencies are JSON-encoded and placed in data-depends-on (line 4081)
• String dependencies retain existing behavior (line 4084)
• Both are properly escaped with esc_attr()
• Single quotes in the HTML attribute (line 4087) safely contain JSON with double quotes

This maintains backward compatibility while adding new functionality.