Bug 570090 - OBB-1677065 - XSS vuln for eclipse.org
Additional fix for PHP shortcodes + empty check for key which is more
useful than isset.
Change-Id: I94229ceb6e6bbdcb9c4d4e4b6ff949bae02fa77d
Signed-off-by: Martin Lowe <martin.lowe@eclipse-foundation.org>
diff --git a/pmc-minutes.php b/pmc-minutes.php
index 891ea23..0232ff2 100644
--- a/pmc-minutes.php
+++ b/pmc-minutes.php
@@ -5,7 +5,7 @@
ob_start();
-if(isset($_GET['key'])) {
+if(!empty($_GET['key'])) {
?>
<div id="maincontent">
<div id="midcolumn">
@@ -17,7 +17,7 @@
} else {
?>
<font color="red">
- Sorry, <?= $App->checkPlain($_GET['key']) ?> is not a valid PMC meeting minutes file.
+ Sorry, <?php print $App->checkPlain($_GET['key']); ?> is not a valid PMC meeting minutes file.
</font>
<?php
}
@@ -30,7 +30,7 @@
?>
<div id="maincontent">
<div id="midcolumn">
- <h1><?= $pageTitle ?></h1>
+ <h1><?php print $pageTitle; ?></h1>
<ul>
<?php