What are the implications of allowing users to specify file names in URLs for file inclusion in PHP code?
Allowing users to specify file names in URLs for file inclusion in PHP code can lead to serious security vulnerabilities such as remote code execution and information disclosure. To prevent this, it is important to sanitize and validate user input before using it in file inclusion functions.
$allowed_files = array("file1.php", "file2.php", "file3.php");
$file_name = $_GET['file'];
if (in_array($file_name, $allowed_files)) {
include($file_name);
} else {
echo "Invalid file specified";
}