Browse Source

line 2913 added urlencode

There was a cross site scripting vulnerability due to insufficient input sanitation on the $pg parameter.  This patch fixes that issue.
nfactor-troky
ouɐɹɔs ʞɹɐɯ 11 years ago committed by Noel Maersk
parent
commit
c8b97fbd8a
  1. 2
      miner.php

2
miner.php

@ -2910,7 +2910,7 @@ function display() @@ -2910,7 +2910,7 @@ function display()
if ($allowcustompages === true)
{
$pg = trim(getparam('pg', true));
$pg = urlencode(trim(getparam('pg', true)));
if ($pagesonly === true)
{
if ($pg !== null && $pg !== '')

Loading…
Cancel
Save