# LFI

**Example 1: PHP**

**Vulnerable Code:**

```php
phpCopy code<?php
include($_GET['file']);
?>
```

**Reason for vulnerability:** User input is directly included, allowing LFI.

**Fixed Code:**

```php
phpCopy code<?php
$file = basename($_GET['file']);
include("/var/www/html/" . $file);
?>
```

**Reason for fix:** Sanitize user input and restrict to allowed directories.

**Example 2: Python**

**Vulnerable Code:**

```python
pythonCopy code@app.route('/view')
def view():
    file = request.args.get('file')
    with open(file, 'r') as f:
        return f.read()
```

**Reason for vulnerability:** User input is directly used in the file path, allowing LFI.

**Fixed Code:**

```python
pythonCopy code@app.route('/view')
def view():
    file = os.path.basename(request.args.get('file'))
    with open(os.path.join('/var/www/html', file), 'r') as f:
        return f.read()
```

**Reason for fix:** Sanitize user input and restrict to allowed directories.

***

### PHP Example

#### Vulnerable Code:

```php
phpCopy<?php
$page = $_GET['page'];
include($page . '.php');
?>
```

#### Reason for Vulnerability:

This code allows an attacker to include arbitrary files from the local filesystem.

#### Fixed Code:

```php
phpCopy<?php
$allowed_pages = ['home', 'about', 'contact'];
$page = $_GET['page'];

if (!in_array($page, $allowed_pages)) {
    die('Invalid page');
}

include $page . '.php';
?>
```

#### Reason for Fix:

The fixed code uses a whitelist of allowed pages to prevent inclusion of arbitrary files.