Commit ffa4be6d14995c5486e54ec126209c85e5124b4b

ouɐɹɔs ʞɹɐɯ 2013-11-18T23:14:31

line 2913 added urlencode There was a cross site scripting vulnerability due to insufficient input sanitation on the $pg parameter. This patch fixes that issue.

1
2
3
4
5
6
7
8
9
10
11
12
13
diff --git a/miner.php b/miner.php
index fd42271..ff2e457 100644
--- a/miner.php
+++ b/miner.php
@@ -2910,7 +2910,7 @@ function display()
 
  if ($allowcustompages === true)
  {
-	$pg = trim(getparam('pg', true));
+	$pg = urlencode(trim(getparam('pg', true)));
 	if ($pagesonly === true)
 	{
 		if ($pg !== null && $pg !== '')