Bug 570090 - OBB-1677065 - XSS vuln for eclipse.org Additional fix for PHP shortcodes + empty check for key which is more useful than isset. Change-Id: I94229ceb6e6bbdcb9c4d4e4b6ff949bae02fa77d Signed-off-by: Martin Lowe <martin.lowe@eclipse-foundation.org>

commit: 95d283127eae3b5b7741e0dbe0c75926ab639fb0 [log] [tgz]
author: Martin Lowe <martin.lowe@eclipse-foundation.org> Wed Jan 06 10:22:46 2021 -0500
committer: Christopher Guindon <chris.guindon@eclipse-foundation.org> Wed Jan 06 10:26:13 2021 -0500
tree: a38076ace5dc76adeef3f70bb6a3e8559cc37abb
parent: e0bbc1716f15bdfb6d0168edaddfa1ee51f7a710 [diff]
diff --git a/pmc-minutes.php b/pmc-minutes.php
index 891ea23..0232ff2 100644
--- a/pmc-minutes.php
+++ b/pmc-minutes.php

@@ -5,7 +5,7 @@
 
 ob_start();
 
-if(isset($_GET['key'])) {
+if(!empty($_GET['key'])) {
 ?>
     <div id="maincontent">
 	<div id="midcolumn">
@@ -17,7 +17,7 @@
 			} else {
 ?>
 				<font color="red">
-				Sorry, <?= $App->checkPlain($_GET['key']) ?> is not a valid PMC meeting minutes file.
+				Sorry, <?php print $App->checkPlain($_GET['key']); ?> is not a valid PMC meeting minutes file.
 				</font>
 <?php
 			}
@@ -30,7 +30,7 @@
 ?>		
     <div id="maincontent">
 	<div id="midcolumn">
-        <h1><?= $pageTitle ?></h1>
+        <h1><?php print $pageTitle; ?></h1>
         
         <ul>
 <?php
commit	95d283127eae3b5b7741e0dbe0c75926ab639fb0	[log] [tgz]
author	Martin Lowe <martin.lowe@eclipse-foundation.org>	Wed Jan 06 10:22:46 2021 -0500
committer	Christopher Guindon <chris.guindon@eclipse-foundation.org>	Wed Jan 06 10:26:13 2021 -0500
tree	a38076ace5dc76adeef3f70bb6a3e8559cc37abb
parent	e0bbc1716f15bdfb6d0168edaddfa1ee51f7a710 [diff]