tommcfarlin/00-nonce.php Secret

## 00-nonce.php
<form method="post"
      enctype="multipart/form-data"
      action="<?php echo esc_html(admin_url('admin-post.php')); ?>"">
    <!-- Snip For Brevity --->
    <?php
    wp_nonce_field(
        'acme-item-upload',
        'acme-item-importer'
    );
    ?>
</form>

## 01-save-part1.php
<?php

/**
 * Assuming the user has permission, verifies the security nonce and uploads the PDF file to the `uploads`
 * directory and the Media Library.
 */
public function save()
{
  if (!$this->userCanSave('acme-item-importer', 'acme-item-upload')) {
    return;
  }

  // More to come...

}

## 01-userCanSave.php
<?php

/**
 * Determines if the current user has permission to upload a file based on their current role and the values
 * of the security nonce.
 *
 * @param  string $nonce     The WordPress-generated nonce.
 * @param  string $action    The developer-generated action name.
 * @return bool              True if the user has permission to save; otherwise, false.
 */
private function userCanSave($nonce, $action)
{
    $isNonceSet   = isset($_POST[$nonce]);
    $isValidNonce = false;

    if ($isNonceSet) {
        $isValidNonce = wp_verify_nonce($_POST[$nonce], $action);
    }

    return ($isNonceSet && $isValidNonce);
}

## 02-save-part2.php
<?php

$file        = $_FILES['acme-item-file']['tmp_name'];
$filename    = basename($_FILES['acme-item-file']['name']);
$uploadFile  = wp_upload_bits($filename, null, file_get_contents($file));

## 03-save-part3.php
<?php

$file_type = explode('.', $filename);
$file_type = strtolower($file_type[count($file_type) - 1]);
if ('pdf' !== $file_type) {
  // Give your feedback of choice here.
}

## 04-save-part4.php
<?php

if ($uploadFile['error']) {
  // Your preferred method of feedback here.
}

## 05-save-part4.php
<?php

require_once(ABSPATH . "wp-admin" . '/includes/file.php');
$attachment  = array(
    'post_mime_type' => 'pdf',
    'post_title'     => preg_replace('/\.[^.]+$/', '', $filename),
    'post_status'    => 'inherit'
);

## 05-save-part5.php
<?php

require_once(ABSPATH . "wp-admin" . '/includes/file.php');
$attachment  = array(
    'post_mime_type' => 'pdf',
    'post_title'     => preg_replace('/\.[^.]+$/', '', $filename),
    'post_status'    => 'inherit'
);
$attachment_id = wp_insert_attachment($attachment, $uploadFile['file']);

## 06-save-part6.php
<?php
wp_safe_redirect(
    $_REQUEST['_wp_http_referer'],
    301
);
exit;
	<form method="post"
	enctype="multipart/form-data"
	action="<?php echo esc_html(admin_url('admin-post.php')); ?>"">
	<!-- Snip For Brevity --->
	<?php
	wp_nonce_field(
	'acme-item-upload',
	'acme-item-importer'
	);
	?>
	</form>
	<?php

	/**
	* Assuming the user has permission, verifies the security nonce and uploads the PDF file to the `uploads`
	* directory and the Media Library.
	*/
	public function save()
	{
	if (!$this->userCanSave('acme-item-importer', 'acme-item-upload')) {
	return;
	}

	// More to come...

	}
	<?php

	/**
	* Determines if the current user has permission to upload a file based on their current role and the values
	* of the security nonce.
	*
	* @param string $nonce The WordPress-generated nonce.
	* @param string $action The developer-generated action name.
	* @return bool True if the user has permission to save; otherwise, false.
	*/
	private function userCanSave($nonce, $action)
	{
	$isNonceSet = isset($_POST[$nonce]);
	$isValidNonce = false;

	if ($isNonceSet) {
	$isValidNonce = wp_verify_nonce($_POST[$nonce], $action);
	}

	return ($isNonceSet && $isValidNonce);
	}
	<?php

	$file = $_FILES['acme-item-file']['tmp_name'];
	$filename = basename($_FILES['acme-item-file']['name']);
	$uploadFile = wp_upload_bits($filename, null, file_get_contents($file));
	<?php

	$file_type = explode('.', $filename);
	$file_type = strtolower($file_type[count($file_type) - 1]);
	if ('pdf' !== $file_type) {
	// Give your feedback of choice here.
	}
	<?php

	if ($uploadFile['error']) {
	// Your preferred method of feedback here.
	}
	<?php

	require_once(ABSPATH . "wp-admin" . '/includes/file.php');
	$attachment = array(
	'post_mime_type' => 'pdf',
	'post_title' => preg_replace('/\.[^.]+$/', '', $filename),
	'post_status' => 'inherit'
	);
	<?php
	wp_safe_redirect(
	$_REQUEST['_wp_http_referer'],
	301
	);
	exit;