line 2913 added urlencode

There was a cross site scripting vulnerability due to insufficient input sanitation on the $pg parameter. This patch fixes that issue.
2025-02-04 19:14:26 +00:00 · 2013-11-18 23:14:31 -05:00 · 2013-11-18 23:14:31 -05:00 · c8b97fbd8a
commit c8b97fbd8a
parent 93782c30ed
1 changed files with 1 additions and 1 deletions
--- a/miner.php
+++ b/miner.php
@ -2910,7 +2910,7 @@ function display()

 if ($allowcustompages === true)
 {
-	$pg = trim(getparam('pg', true));
+	$pg = urlencode(trim(getparam('pg', true)));
 	if ($pagesonly === true)
 	{
 		if ($pg !== null && $pg !== '')