Secure uploads & data validation

In the Zozonest plugin, the Secure Uploads & Data Validation system is the “security gatekeeper” for your website. Because real estate portals allow strangers (potential agents or sellers) to upload images and text from the frontend, these measures are critical to prevent hackers from crashing your server or stealing user data.

1. Secure File Uploads (Sanitization)

When a user uploads a property photo or a PDF brochure, Zozonest performs several background checks to ensure the file is safe:

• Extension Whitelisting: The plugin only allows specific, safe file types (e.g., .jpg, .png, .pdf). It blocks dangerous executable files like .php, .exe, or .js that could be used to take over your server.

• Filename Sanitization: It automatically renames uploaded files to remove special characters, spaces, or “path traversal” symbols (like ../) that hackers use to overwrite sensitive system files.

• MIME Type Verification: Zozonest doesn’t just look at the file extension; it checks the actual “DNA” of the file to ensure a file named house.jpg isn’t actually a hidden script.

• Size Limitation: You can set a maximum file size (e.g., 2MB per photo) to prevent “Denial of Service” (DoS) attacks where a user tries to crash your server by uploading massive 100MB files.

2. Frontend Data Validation

Before a property listing is saved to your database, the plugin validates the text input to ensure the data is “clean” and formatted correctly:

• Required Field Enforcement: It prevents the submission of “empty” listings by ensuring essential data (like Price, Title, or Location) is present.

• Data Stripping (XSS Protection): It “sanitizes” text fields by stripping out malicious HTML or <script> tags. This prevents “Cross-Site Scripting” (XSS), where a hacker hides code in a property description that steals the cookies of other users who view the listing.

• Input Formatting: It ensures that numerical fields (like Price or Square Footage) only contain numbers, preventing database errors or “SQL Injection” attacks.

3. Anti-Spam & Bot Protection

To prevent bots from creating thousands of fake property listings or accounts, Zozonest integrates:

• reCAPTCHA / hCaptcha: You can enable a “I’m not a robot” checkbox on the property submission and registration forms.

• Honeypot Fields: Invisible fields that only bots can see. If a “user” fills out this invisible field, the plugin immediately identifies them as a bot and blocks the submission.

• Nonce Verification: A technical “handshake” between the user’s browser and the server. It ensures that the form was actually submitted from your website and not from a malicious third-party script.