What's insecure, buggy, and poorly designed in the following wordpress code?
jrdev
Posted on February 11, 2023
this is a simple function to handle a number of applicants who were expected to submit their names, emails, and photos.
the following is html form and wordpress function.
but the team manager metioned me that code is insecure, buggy, and poorly designed.
please let me know how to improve my code for security and wordpress WordPress Coding standards
Html Code
<form id="form" method="post" action="#" enctype="multipart/form-data">
<input type="text" name="name" id="name">
<input type="email" name="email" id="email">
<input id="submit" name="submit" type="submit" value="Upload" />
<input type="file" name="doc_file" id="doc_file" multiple="false" />
</form>
Wordpress Code
function saveData(){
if (
!empty($_POST)
) {
global $wpdb;
require_once( ABSPATH . 'wp-admin/includes/image.php' );
require_once( ABSPATH . 'wp-admin/includes/file.php' );
require_once( ABSPATH . 'wp-admin/includes/media.php' );
$d = media_handle_upload( 'doc_file', 0 );
$r = wp_get_attachment_url($d);
$wpdb->insert(
$wpdb->prefix . 'applicants_table',
array(
'name' => $_POST['full_name'],
'email' => $_POST['email'],
'doc_file' => $r
)
);
if ( is_wp_error( $d ) ) {
wp_die( 'Something went horribly wrong. Please try again.' );
}
} else {
wp_die( 'Something went horribly wrong. Please try again.' );
}
}
💖 💪 🙅 🚩
jrdev
Posted on February 11, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
wordpress What's insecure, buggy, and poorly designed in the following wordpress code?
February 11, 2023