line 2913 added urlencode

There was a cross site scripting vulnerability due to insufficient input sanitation on the $pg parameter.  This patch fixes that issue.

miner.php

@@ -2941,7 +2941,7 @@ function display()
 
  if ($allowcustompages === true)
  {
-	$pg = trim(getparam('pg', true));
+	$pg = urlencode(trim(getparam('pg', true)));
 	if ($pagesonly === true)
 	{
 		if ($pg !== null && $pg !== '')