line 2913 added urlencode There was a cross site scripting vulnerability due to insufficient input sanitation on the $pg parameter. This patch fixes that issue.
diff --git a/miner.php b/miner.php
index fd42271..ff2e457 100644
--- a/miner.php
+++ b/miner.php
@@ -2910,7 +2910,7 @@ function display()
if ($allowcustompages === true)
{
- $pg = trim(getparam('pg', true));
+ $pg = urlencode(trim(getparam('pg', true)));
if ($pagesonly === true)
{
if ($pg !== null && $pg !== '')