[wp-hackers] File inclusion in WP theme

[Alexander Beutl]

If you are using WP2.5+ you could use something like what I attatched
to this mail.
Just save it as a file and put it inside wp-content/plugins and activate.

Then use it as following:
Upload whatever textfile you want to include, then write to your post:
[tfi]file[/tfi]
where file will contatin year/month if WordPress organizes your files
based an year and month.
For the file myfile.txt which was uploaded today I would write
[tfi]2008/05/myfile.txt[/tfi]
into the post.

I don't think you will have any security risks with this, since I do
not allow any "../" es to be placed inside this tag (it will simply
return nothing if you try it).

It uses the option used by wordpress to determine where the file
should be located which would leed into trouble if a file was uploaded
and then the upload directory changed - but there is a simple
workaround: don't change this option after having uploaded the files
you want to include ;-) (before having added your uploads how ever,
you can happily change it - the script doesn't depend on your uploads
being saved inside wp-content/uploads)

If you do not want your files inside the upload directory and will
upload them via ftp or whatever you can simply change the line:
 --- return file_get_contents(ABSPATH.get_option('upload_path').'/'.$content);
to fit your needs.

Alex

[BEGIN ATTATCHMENT: text_file_include.php]
<?php
/*
Plugin Name: Text File Include
Description: This Plugin will include text files into your posts by
using shortcodes
Author: A Beutl
Author URI: http://blog.netgra.de/
Version: 1
*/

if(!function_exists("text_file_include")) {
	function text_file_include($atts, $content) {
		if(strpos($content,"../") !== false) return; // Security - don't
leave the uploads directory!
		return file_get_contents(ABSPATH.get_option('upload_path').'/'.$content);
	}
	add_shortcode('tfi','text_file_include');
}

?>
[END OF ATTATCHMENT]