From c8b97fbd8ab771f1ce55460a4a564fec092b832d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?ou=C9=90=C9=B9=C9=94s=20=CA=9E=C9=B9=C9=90=C9=AF?=
 <mscrano@ieee.org>
Date: Mon, 18 Nov 2013 23:14:31 -0500
Subject: [PATCH] line 2913 added urlencode

There was a cross site scripting vulnerability due to insufficient input sanitation on the $pg parameter.  This patch fixes that issue.
---
 miner.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/miner.php b/miner.php
index fd42271c..ff2e4578 100644
--- a/miner.php
+++ b/miner.php
@@ -2910,7 +2910,7 @@ function display()
 
  if ($allowcustompages === true)
  {
-	$pg = trim(getparam('pg', true));
+	$pg = urlencode(trim(getparam('pg', true)));
 	if ($pagesonly === true)
 	{
 		if ($pg !== null && $pg !== '')