[Github-comments] [geany/plugins.geany.org] Issue#12: Add Pagetitle (#13)
Michael Spahn
notifications at xxxxx
Tue May 29 21:58:37 UTC 2018
msphn requested changes on this pull request.
> @@ -16,17 +16,20 @@
if (file_exists(CONTENTPATH . $_GET['site'] . '.html'))
{
define('CONTENTFILE', CONTENTPATH . $_GET['site'] . '.html');
+ define('PAGETITLE', $_GET['site']);
that's an easy XSS vul! you need to validate it before assigning it
> @@ -37,7 +40,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
- <title>Plugins for Geany</title>
+ <title>Plugins for Geany [<?php print PAGETITLE ?>]</title>
here you just throw it out without escaping it, watch htmlspecialchars and so on
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/plugins.geany.org/pull/13#pullrequestreview-124188019
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20180529/57d1357d/attachment.html>
More information about the Github-comments
mailing list