18 lines
482 B
PHP
18 lines
482 B
PHP
<?php
|
|
// LFI — path traversal, php:// filter, allow_url_include.
|
|
$page = $_GET['page'] ?? $_GET['file'] ?? $_GET['template'] ?? 'home';
|
|
|
|
// strip trailing .php if user didn't add it
|
|
$target = $page;
|
|
if (!preg_match('/\.(php|html|txt|log)$/', $target) && strpos($target, '://') === false) {
|
|
$target .= '.php';
|
|
}
|
|
|
|
echo "<!DOCTYPE html><html><body>";
|
|
echo "<h1>Pages · $page</h1><hr>";
|
|
|
|
// No sanitization at all — directly include.
|
|
@include($target);
|
|
|
|
echo "</body></html>";
|