msphn requested changes on this pull request.
@@ -16,17 +16,20 @@
if (file_exists(CONTENTPATH . $_GET['site'] . '.html')) { define('CONTENTFILE', CONTENTPATH . $_GET['site'] . '.html'); + define('PAGETITLE', $_GET['site']);
that's an easy XSS vul! you need to validate it before assigning it
@@ -37,7 +40,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head> - <title>Plugins for Geany</title> + <title>Plugins for Geany [<?php print PAGETITLE ?>]</title>
here you just throw it out without escaping it, watch htmlspecialchars and so on