File Uploads

Lesson 13 of 25 2 min read
  • JNext lesson
  • KPrevious lesson
  • FSearch lessons
  • EscClear search

The File Upload extension lets forms accept file uploads. Uploaded files are stored as WordPress media attachments.

Adding a File Upload Field

Add a standard HTML file input to your form:

<p>
    <label for="resume">Upload your resume</label>
    <input type="file" name="resume" id="resume" />
</p>

For multiple file uploads, use the multiple attribute and array-style naming:

<p>
    <label for="documents">Upload documents</label>
    <input type="file" name="documents[]" id="documents" multiple />
</p>

How It Works

  1. When a user selects a file and submits the form, the file is uploaded via AJAX.
  2. The plugin creates a WordPress media attachment for the file.
  3. The attachment ID and file metadata are stored in the submission data.
  4. The form submission continues with the file information included.

File Data in Submissions

Uploaded files are stored in the submission data as an object:

{
    "resume": {
        "name": "john-doe-resume.pdf",
        "size": 204800,
        "type": "application/pdf",
        "attachment_id": 456,
        "url": "https://example.com/wp-content/uploads/2024/01/john-doe-resume.pdf"
    }
}

In the admin submission view, files are displayed as clickable links. By default, file links point to the WordPress attachment edit screen. You can change this to use direct file URLs with the cf_file_upload_use_direct_links filter:

add_filter( 'cf_file_upload_use_direct_links', '__return_true' );

Files in Email Notifications

When you use a file field variable like [resume] in an email action, the file is rendered as an HTML link. For this to work properly, set the email’s Content Type to text/html.

The link text shows the file name (truncated to 20 characters if longer) and the file size in human-readable format (e.g., “john-doe-resume.pdf (200kB)”).

Validation

The extension provides two validation messages that can be customized in the Messages tab:

  • File too large (file_too_large): “Uploaded file is too large.”
  • File upload error (file_upload_error): “An upload error occurred. Please try again later.”

File size limits and allowed file types are controlled through the extension’s admin settings.

Security

  • Files are uploaded through WordPress’s standard media handling, which respects the allowed MIME types configured in WordPress.
  • The attachment existence is verified when displaying file links. If an attachment is deleted, “File not found” is shown instead.
  • File URLs in the admin link to the attachment edit screen by default, not the direct file URL. This adds a layer of access control.