Google Git
Sign in
eclipse/gerrit/www.eclipse.org/technology/refs/heads/master^!/.
commit
95d283127eae3b5b7741e0dbe0c75926ab639fb0
[log]
author
Martin Lowe <martin.lowe@eclipse-foundation.org>
Wed Jan 06 10:22:46 2021 -0500
committer
Christopher Guindon <chris.guindon@eclipse-foundation.org>
Wed Jan 06 10:26:13 2021 -0500
tree
a38076ace5dc76adeef3f70bb6a3e8559cc37abb
parent
e0bbc1716f15bdfb6d0168edaddfa1ee51f7a710 [diff]
Bug 570090 - OBB-1677065 - XSS vuln for eclipse.org

Additional fix for PHP shortcodes + empty check for key which is more
useful than isset.

Change-Id: I94229ceb6e6bbdcb9c4d4e4b6ff949bae02fa77d
Signed-off-by: Martin Lowe <martin.lowe@eclipse-foundation.org>

diff --git a/pmc-minutes.php b/pmc-minutes.php
index 891ea23..0232ff2 100644
--- a/pmc-minutes.php
+++ b/pmc-minutes.php

@@ -5,7 +5,7 @@
 
 ob_start();
 
-if(isset($_GET['key'])) {
+if(!empty($_GET['key'])) {
 ?>
     <div id="maincontent">
 	<div id="midcolumn">
@@ -17,7 +17,7 @@
 			} else {
 ?>
 				<font color="red">
-				Sorry, <?= $App->checkPlain($_GET['key']) ?> is not a valid PMC meeting minutes file.
+				Sorry, <?php print $App->checkPlain($_GET['key']); ?> is not a valid PMC meeting minutes file.
 				</font>
 <?php
 			}
@@ -30,7 +30,7 @@
 ?>		
     <div id="maincontent">
 	<div id="midcolumn">
-        <h1><?= $pageTitle ?></h1>
+        <h1><?php print $pageTitle; ?></h1>
         
         <ul>
 <?php