Merge pull request #629 from m-fedosov/master

file include vulnerabily a better teaching example

vulnerabilities/fi/source/impossible.php

@@ -4,10 +4,17 @@
 $file = $_GET[ 'page' ];
 
 // Only allow include.php or file{1..3}.php
-if( $file != "include.php" && $file != "file1.php" && $file != "file2.php" && $file != "file3.php" ) {
-	// This isn't the page we want!
-	echo "ERROR: File not found!";
-	exit;
+$configFileNames = [
+    'include.php',
+    'file1.php',
+    'file2.php',
+    'file3.php',
+];
+
+if( !in_array($file, $configFileNames) ) {
+    // This isn't the page we want!
+    echo "ERROR: File not found!";
+    exit;
 }
 
 ?>