I have this piece of code.
function PHP_Include( $atts )
{
$atts = htmlspecialchars($atts);
ob_start();
extract(shortcode_atts( array(
'file' => 'default'
), $atts ));
include get_theme_root() . '/' . get_template() . '/app/' . $file;
$output = ob_get_contents();
ob_end_clean();
return $output;
}Someone’s telling me ob_start will make my code more secure, but I don’t understand in which way? Basically, this function will “keep in memory” the code then output the code to execute it, right?
Secondly, when I add $atts = htmlspecialchars($atts); the code doesn’t work I have a white page, here again I don’t know why. $atts is appfile.php. I use this shortcode [phpinclude file='appfile.php'].
