Providing upload functionality in our plugin is always tricky business. We need to be able to provide a good user experience (UX) for uploading, while also keeping an eye on the security concerns that come with it. If it's not done properly, we could potentially put the site at risk for any security vulnerabilities that arise.
Instead of building the whole solution from scratch, we can leverage the WordPress core code to our advantage to speed up the development, specifically utilising async-upload.php file that's located in the wp-admin directory.
Using the async-upload.php file has several advantages. Firstly, since it's used by WordPress core itself for async uploading in the media library, we can be assured that the code is up to standard. Plus, all the validation and privilege checking has been done so we don't need to do that ourselves.
Continue reading %Enabling AJAX File Uploads in Your WordPress Plugin%
by Firdaus Zahari via SitePoint
No comments:
Post a Comment