Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Cross Site Scripting #575
As you can see a user-controlled input $_GET['section'] ($filename) is being sent to die() - printing out without no sanitization, this could result in cross-site scripting because die() prints out content just like echo() before exit.
Fix: do htmlentities($filename);