file include vulnerabily a better teaching example

digininja · May 10, 2024 · 9eca6f3 · 9eca6f3
1 parent e5e7e23
commit 9eca6f3
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/vulnerabilities/fi/source/impossible.php b/vulnerabilities/fi/source/impossible.php
@@ -4,10 +4,17 @@
 $file = $_GET[ 'page' ];
 
 // Only allow include.php or file{1..3}.php
-if( $file != "include.php" && $file != "file1.php" && $file != "file2.php" && $file != "file3.php" ) {
-	// This isn't the page we want!
-	echo "ERROR: File not found!";
-	exit;
+$configFileNames = [
+    'include.php',
+    'file1.php',
+    'file2.php',
+    'file3.php',
+];
+
+if( !in_array($file, $configFileNames) ) {
+    // This isn't the page we want!
+    echo "ERROR: File not found!";
+    exit;
 }
 
 ?>