File

modules/content/content.module, line 1450

Code

function content_edit_content_form_validate(&$form, &$form_state) {

  // If we are submitting any files, make sure they have allowed extensions.
  $values = $form_state ['values'];
  $type = $values ["type"];
  $types = content_get_types();

  foreach ($types [$type]['fields'] as $fieldname => $details) {
    if ($details ['type'] != 'cfieldset') {

      // If this field type is "file" then we are going to do something special with it
      // don't need to do this if we are just editing an existing content node and hitting "save"
      if ($details ['type'] == 'file') {

        $uploaded_files = fp_re_array_files($_FILES [$fieldname]); // makes them easier to work with.

        $allowed = '';

        if (isset($details ['allowed'])) {
          $allowed = trim($details ['allowed']);
        }
        if (!$allowed) {
          $allowed = "txt, pdf, doc, docx, xls, xlsx, ppt, pptx, rtf, odt, jpg, jpeg, png, gif, zip, 7z";
        }

        $allowed = str_replace(".", "", strtolower($allowed)); // get rid of dots and make lowercase.
        $allowed = str_replace(" ", "", $allowed);
        $allowed_csv = csv_to_array($allowed);

        $fid = "";
        foreach ($uploaded_files as $file) {
          if (trim($file ['name']) == "") {
            continue; // blank, so skip it.
          }
          // Get the extension for the file.
          $temp = explode(".", $file ['name']);
          $ext = strtolower(trim($temp [count($temp) - 1]));

          if (!in_array($ext, $allowed_csv)) {
            form_error($fieldname, t("Sorry, but the file %file is not allowed to be uploaded (file extension \"%ext\" not allowed).  Please see the list of allowed file types/extensions.", array("%file" => $file ['name'], "%ext" => $ext)));
            return;
          }


        } // foreach uploaded files
      } // if a file
    } // if not a cfieldset
  } // foreach


}