From adec7e1763df824bbf577ea7c358de41ba987068 Mon Sep 17 00:00:00 2001
From: jgen <jeffgenovy@gmail.com>
Date: Thu, 12 Mar 2015 23:12:27 -0700
Subject: [PATCH] Fix XSS vulnerability.

---
 ext/arrowkey_navigation/main.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/arrowkey_navigation/main.php b/ext/arrowkey_navigation/main.php
index 356e1ec6..bf7350c3 100644
--- a/ext/arrowkey_navigation/main.php
+++ b/ext/arrowkey_navigation/main.php
@@ -74,7 +74,7 @@ class ArrowkeyNavigation extends Extension {
 				"SELECT COUNT(*) FROM images") / $images_per_page);
 		}
 		else { // if there are tags, use pages with tags
-			$prefix = $event->get_arg(0)."/";
+			$prefix = url_escape($event->get_arg(0)) . "/";
 			$page_number = int_escape($event->get_arg(1));
 			$total_pages = ceil($database->get_one(
 				"SELECT count FROM tags WHERE tag=:tag",