From c8b97fbd8ab771f1ce55460a4a564fec092b832d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?ou=C9=90=C9=B9=C9=94s=20=CA=9E=C9=B9=C9=90=C9=AF?= Date: Mon, 18 Nov 2013 23:14:31 -0500 Subject: [PATCH] line 2913 added urlencode There was a cross site scripting vulnerability due to insufficient input sanitation on the $pg parameter. This patch fixes that issue. --- miner.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/miner.php b/miner.php index fd42271c..ff2e4578 100644 --- a/miner.php +++ b/miner.php @@ -2910,7 +2910,7 @@ function display() if ($allowcustompages === true) { - $pg = trim(getparam('pg', true)); + $pg = urlencode(trim(getparam('pg', true))); if ($pagesonly === true) { if ($pg !== null && $pg !== '')