restrict urls to http:// and https://

samsk · Aug 26, 2016 · 5801514 · 5801514
1 parent d83ad0e
commit 5801514
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
-include-url
+Include URL
 ===========
-include-url is a [Wordpress](https://wordpress.org) plugin for seamless inclusion of data from remote url, optionaly passing GET parameters to it.
+Include URL is a [Wordpress](https://wordpress.org) plugin for seamless inclusion of data from remote urls, optionaly passing GET parameters to it.
 
 This way, you can create ie. simple frontend page for some internal service, that will be seamlessly incoporated in your Wordpress site, using its theme and all what wordpress provides.
 
@@ -9,6 +9,7 @@ This way, you can create ie. simple frontend page for some internal service, tha
 [include-url href="<URL>" params="param1,param2,param3..." timeout="seconds" cache="seconds"]
 `
 
+- ***<URL>*** - http:// or https:// url
 - ***href*** - (*required*) specifies url to be fetched
 - ***params*** - list of GET parameters, that should be passed to request from request page
 - ***timeout*** - request timeout in seconds (default = 10 seconds)

diff --git a/include-url.php b/include-url.php
@@ -3,7 +3,7 @@
    Plugin Name: Include URL
    Plugin URI: https://devel.dob.sk/include-url
    Description: Include content of url in page
-   Version: 0.2.0
+   Version: 0.2.1
    Author: Samuel Behan
    Author URI: https://dob.sk
    Text Domain: include

diff --git a/readme.txt b/readme.txt
@@ -2,7 +2,9 @@
 Tags: include, url
 Requires at least: 4.0
 Tested up to: 4.6
-Stable tag: 0.2.0
+Stable tag: 0.2.1
+Contributors: SamSK
+Donate link: https://devel.dob.sk/include-url
 License: GPLv3 or later
 
 Include URL allows to include any URL in posts or pages.
@@ -11,19 +13,43 @@ Include URL allows to include any URL in posts or pages.
 
 = Features  =
 
-Include URL is a Wordpress plugin for seamless inclusion of data from remote url, optionaly passing GET parameters to it..
+Include URL is a Wordpress plugin for seamless inclusion of data from remote urls, optionaly passing GET parameters to it..
 
 * Get remote url content
 * Pass given GET params to url
 * Cache fetched content localy in Wordpress DB
 
+= Usage =
+
+  `[include-url href="<URL>" params="param1,param2,param3..." timeout="seconds" cache="seconds"]`
+
+* *href* - url starting with http:// or https:// (required)
+* *params* - list of comma separated GET parameters, that should be passed to include url
+* *timeout* - request timeout in seconds (honored only if CURL PHP extension is installed, default = 10 seconds)
+* *cache* - cache request data localy in wordpress database (default = 0 seconds / disabled)
+
+= Examples =
+
+* Search frontend page for [SOLR](https://lucene.apache.org/solr/)
+
+`
+[include-url href="http://localhost:8080/solr/core1/select?wt=xslt&wt=results.xslt" params="q,fq" cache="15"]
+`
+
+This requests data from local SOLR instance, that will return search results formated as HTML (ie. table) via its XSLT handler, optionally passing q (query) and fq (filter) params to it. Data will be cached for 15 seconds in Wordpress database.
+
 == Installation ==
 
 1. Make sure you are using WordPress 4.0 or later and that your server is running PHP 5.2.4 or later (same requirement as WordPress itself)
 1. Install and activate the plugin as usual from the 'Plugins' menu in WordPress.
+1. Use shortcode in page or post
 
 == Changelog ==
 
+= 0.2.1 (2016-08-26) =
+
+* Restrict urls to http:// and https://
+
 = 0.2.0 (2016-08-25) =
 
 * Initial release
diff --git a/shortcode.php b/shortcode.php
@@ -25,18 +25,20 @@ function include_url_shortcode($attrs, $content = null) {
 	// href=url
 	$href = $attrs['href'];
 	// params=param1,param2,param3
-	$query_params = $attrs['params'];
+	$params = isset($attrs['params']) ? $attrs['params'] : $attrs['param'];
 	// timeout=seconds
 	$timeout = isset($attrs['timeout']) ? $attrs['timeout'] : 10;
 	// cache=seconds
 	$cache = isset($attrs['cache']) ? $attrs['cache'] : 0;
 
 	if (!isset($href))
 		return '<b>include-url: required href parameter</b>';
+	if (!preg_match('/^https?:\//', $href))
+		return '<b>include-url: only http:// and https:// url allowed in href parameter (' . $href . ')</b>';
 
 	$cache_key = 'include-url';
 	$args = array();
-	$params = explode(',', $query_params) or array();
+	$params = explode(',', $params);
 	foreach ($params as $key) {
 		if (isset($_GET[$key]))
 			$args[$key] = urlencode($_GET[$key]);
@@ -89,4 +91,4 @@ function include_url_shortcode($attrs, $content = null) {
 // register
 add_shortcode('include-url', 'include_url_shortcode');
 
-?>
+?>