You can view, comment on, or merge this pull request online at:
https://github.com/geany/plugins.geany.org/pull/13
-- Commit Summary --
* Dynamically get the version for some gpg commands * Add Pagetitle to index.php
-- File Changes --
M content/downloads.html (6) M index.php (5)
-- Patch Links --
https://github.com/geany/plugins.geany.org/pull/13.patch https://github.com/geany/plugins.geany.org/pull/13.diff
msphn requested changes on this pull request.
@@ -16,17 +16,20 @@
if (file_exists(CONTENTPATH . $_GET['site'] . '.html')) { define('CONTENTFILE', CONTENTPATH . $_GET['site'] . '.html'); + define('PAGETITLE', $_GET['site']);
that's an easy XSS vul! you need to validate it before assigning it
@@ -37,7 +40,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head> - <title>Plugins for Geany</title> + <title>Plugins for Geany [<?php print PAGETITLE ?>]</title>
here you just throw it out without escaping it, watch htmlspecialchars and so on
msphn approved this pull request.
@@ -37,7 +40,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head> - <title>Plugins for Geany</title> + <title>Plugins for Geany [<?php print PAGETITLE ?>]</title>
ah no wait, github just skipped braces, pagetitle is only set when a file with this name exists so it should be fine
Merged #13.
github-comments@lists.geany.org