Bug 570090 - OBB-1677065 - XSS vuln for eclipse.org

Replace direct reference to url param with sanitized value.

Change-Id: I851a4e932909a867dd1bd4a999397ee3b537ae8c
Signed-off-by: Martin Lowe <martin.lowe@eclipse-foundation.org>
diff --git a/pmc-minutes.php b/pmc-minutes.php
index 0741b5c..891ea23 100644
--- a/pmc-minutes.php
+++ b/pmc-minutes.php
@@ -1,23 +1,23 @@
-<?php  																														require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); 	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); 	$App 	= new App();	$Nav	= new Nav();	$Menu 	= new Menu();		include($App->getProjectCommon());    # All on the same line to unclutter the user's desktop'
-
+<?php    																														require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); 	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); 	$App 	= new App();	$Nav	= new Nav();	$Menu 	= new Menu();		include($App->getProjectCommon());    # All on the same line to unclutter the user's desktop'
 $pageTitle 		= "Technology Project PMC Minutes";
 $pageKeywords	= "technology";
 $pageAuthor		= "Bjorn Freeman-Benson Nov 20/05";
 
 ob_start();
-if( $_GET['key'] ) {
+
+if(isset($_GET['key'])) {
 ?>
     <div id="maincontent">
 	<div id="midcolumn">
 <?php
-           if( preg_match( "/^(\d\d\d\d\.\d\d\.\d\d)$/", $_GET['key'], $matches ) > 0 ) {
+if( preg_match( "/^(\d\d\d\d\.\d\d\.\d\d)$/", $_GET['key'], $matches ) > 0 ) {
                $key = $matches[1];
 			  $contents = file_get_contents( "minutes/" . $key . ".html" );
 			   echo $contents ;
 			} else {
 ?>
 				<font color="red">
-				Sorry, <?= $_GET['key'] ?> is not a valid PMC meeting minutes file.
+				Sorry, <?= $App->checkPlain($_GET['key']) ?> is not a valid PMC meeting minutes file.
 				</font>
 <?php
 			}