Correct Code
To avoid this type of attacks we must avoid loading the files by url, but if we wanted to do it we would have to buy that these files are allowed by storing the list in an array and use in_array to check that it is valid or with an if with as many options as necessary.