Anybody have an idea on how this WordPress include page function could be sanitized to only work with pulling content from a single domain?
PHP Code:
function show_file_func( $atts ) {
extract( shortcode_atts( array(
'file' => ''
), $atts ) );
if ($file!='')
return @file_get_contents($file);
}
add_shortcode( 'show_file', 'show_file_func' );
The above function adds this shortcode:
PHP Code:
[show_file file="http://www.somesite.com/somepage.html"]
... which then includes that entire page inside the WordPress page/post.
I see this as a potential exploit, unless you're able to sanitize it against a single (or multiple) chosen safe domains. I'm only interested in a single valid domain -- at least at the moment. I'm trying to dev a site right now, and this part is eluding me. It's going to pull static pages from a CDN (cdn.somesite.com), if I can get it working.