这是关于wordpress插件安全性的问题。 这是我的代码。我需要一个PHP文件,但我认为它不安全
public function file_include() {
$files = scandir(DRUBO_CORE_WDGT_DIR);
foreach ($files as $value) {
if (!in_array(trim($value), ['.', '..'])) {
require DRUBO_CORE_WDGT_DIR .'/'.$value;
}
}
}
public function shortcodes_basename(){
$files = scandir(DRUBO_SHORTCODE_DIR);
foreach ($files as $value) {
if (!in_array(trim($value), ['.', '..'])) {
$basename[] = basename($value , '.php');
}
}
return $basename ;
}
public function shortcodes_include(){
$basename = $this->shortcodes_basename();
foreach ($basename as $value) {
require DRUBO_SHORTCODE_DIR .'/'.$value.'.php';
}
}