From b4cde99a4d5cd0161cde762e4f5becedf3fa278a Mon Sep 17 00:00:00 2001
From: Krytarik Raido <krytarik@gmail.com>
Date: Thu, 28 Jan 2021 04:04:04 +0100
Subject: [PATCH] Encyclopedia: Fix XSS vulnerability (LP: #1832773)

---
 Encyclopedia/__init__.py  | 2 +-
 Encyclopedia/factoids.cgi | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Encyclopedia/__init__.py b/Encyclopedia/__init__.py
index 481e7dc..b2f4261 100644
--- a/Encyclopedia/__init__.py
+++ b/Encyclopedia/__init__.py
@@ -24,7 +24,7 @@ import supybot
 import supybot.world as world
 from importlib import reload
 
-__version__ = "3.2.2"
+__version__ = "3.3.0"
 __author__ = supybot.Author("Krytarik Raido", "krytarik", "krytarik@gmail.com")
 __contributors__ = {
     supybot.Author("Dennis Kaarsemaker", "Seveas", "dennis@kaarsemaker.net"): ['Original Author'],
diff --git a/Encyclopedia/factoids.cgi b/Encyclopedia/factoids.cgi
index 030ca1f..23f4d3e 100755
--- a/Encyclopedia/factoids.cgi
+++ b/Encyclopedia/factoids.cgi
@@ -87,7 +87,7 @@ else:
     total = cur.fetchall()[0][0]
 
 # Pagination links
-plink = ' <a href="factoids.cgi?db=%s&amp;search=%s&amp;order=%%s&amp;page=%%s">%%s</a>' % (database, search)
+plink = ' <a href="factoids.cgi?db=%s&amp;search=%s&amp;order=%%s&amp;page=%%s">%%s</a>' % (database, utils.web.urlquote(search))
 npages = int(math.ceil(float(total) / NUM_PER_PAGE))
 print(' &middot;\n'.join(list(map(lambda x: plink % (order_url, x, x) if x != page else str(x), range(1, npages+1)))))