[sand007]

Hello.

I would like to include one of my wordress page on static page.
However, allow_url_include is off on the php ini setting and I don't have authority to change these settings. By the way I am using PHP 5.2.3.

I research about this and found two possible clues.

Code:

$_GET['page_id'] = '3';
include_once ($_SERVER['DOCUMENT_ROOT']."wordpress/index.php");

But I have to put $_GET['page_id'] on destination page, and I don't know how this will work when it comes to wordpress.

Second one is using curl. I found this function in another forum and it works.

Code:

function get_content($url) {
	$ch = curl_init();
	curl_setopt ($ch, CURLOPT_URL, $url);
	curl_setopt ($ch, CURLOPT_HEADER, 0);		
	ob_start();
	curl_exec ($ch);
	curl_close ($ch);
	$string = ob_get_contents();
	ob_end_clean();  
	return $string;   
}
			
$content = get_content ("http://yoursite.com/wordpress/?page_id=3");
echo ($content);

I am not programmer and I don't know about web security well. I heard that allow_url_include is off on default setting because there are security issue. How about method above? Is this secure to do? or is there any better way to do this?

[pgo]

What are you trying to achieve, exactly?

"I would like to include one of my wordress page on static page." is vague and practically meaningless.

[sand007]

Sorry, my question was not clear.
I would like to know the code below is secure or not.

Code:

function get_content($url) {
	$ch = curl_init();
	curl_setopt ($ch, CURLOPT_URL, $url);
	curl_setopt ($ch, CURLOPT_HEADER, 0);		
	ob_start();
	curl_exec ($ch);
	curl_close ($ch);
	$string = ob_get_contents();
	ob_end_clean();  
	return $string;   
}
			
$content = get_content ("http://yoursite.com/wordpress/?page_id=3");
echo ($content);

[hobolooter]

It's not taking any user input and is interpreted on the server side. Looks about as secure as you are gonna get it.

[bluesage]

you could always use an iframe, although its not the most accepted method out there.