DEV Community

jrdev
jrdev

Posted on

What's insecure, buggy, and poorly designed in the following wordpress code?

this is a simple function to handle a number of applicants who were expected to submit their names, emails, and photos.
the following is html form and wordpress function.
but the team manager metioned me that code is insecure, buggy, and poorly designed.

please let me know how to improve my code for security and wordpress WordPress Coding standards

Html Code

<form id="form" method="post" action="#" enctype="multipart/form-data">
    <input type="text" name="name" id="name">
    <input type="email" name="email" id="email">
    <input id="submit" name="submit" type="submit" value="Upload" />
    <input type="file" name="doc_file" id="doc_file"  multiple="false" />
</form>
Enter fullscreen mode Exit fullscreen mode

Wordpress Code

function saveData(){
    if ( 
        !empty($_POST)
    ) {           
        global $wpdb;
        require_once( ABSPATH . 'wp-admin/includes/image.php' );
        require_once( ABSPATH . 'wp-admin/includes/file.php' );
        require_once( ABSPATH . 'wp-admin/includes/media.php' );
        $d = media_handle_upload( 'doc_file', 0 );
        $r = wp_get_attachment_url($d);
        $wpdb->insert( 
            $wpdb->prefix . 'applicants_table', 
            array( 
                'name' => $_POST['full_name'], 
                'email' => $_POST['email'], 
                'doc_file' => $r
            ) 
        );
        if ( is_wp_error( $d ) ) {
            wp_die( 'Something went horribly wrong. Please try again.' );   
        } 
    } else {
        wp_die( 'Something went horribly wrong. Please try again.' );   
    }
}
Enter fullscreen mode Exit fullscreen mode

Top comments (0)