Malicious Files can be invoked by pointing FileToView at external files

[AlexDarigan]

Page: Auth2.php

Point that query param to an external hosted file can cause trouble.