1 files changed, 16 insertions, 3 deletions

diff --git a/phpfspot.class.php b/phpfspot.class.php
index 3d707a8..e500dbe 100644
--- a/phpfspot.class.php
+++ b/phpfspot.class.php
@@ -112,7 +112,7 @@ class PHPFSPOT {
       switch($_GET['mode']) {
          case 'showpi':
             if(isset($_GET['tags'])) {
-               $_SESSION['selected_tags'] = split(',', $_GET['tags']);
+               $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']);
             }
             if(isset($_GET['from_date']) && $this->isValidDate($_GET['from_date'])) {
                $_SESSION['from_date'] = strtotime($_GET['from_date']);
@@ -123,7 +123,7 @@ class PHPFSPOT {
             break;
          case 'showp':
             if(isset($_GET['tags'])) {
-               $_SESSION['selected_tags'] = split(',', $_GET['tags']);
+               $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']);
                $_SESSION['start_action'] = 'showp';
             }
             if(isset($_GET['id'])) {
@@ -156,7 +156,6 @@ class PHPFSPOT {
       $this->tmpl->assign('content_page', 'welcome.tpl');
       $this->tmpl->show("index.tpl");
 
-
    } // show()
 
    /**
@@ -1796,6 +1795,20 @@ class PHPFSPOT {
       return strftime("%Y-%m-%d", $timestamp);
    } // ts2str()
 
+   private function extractTags($tags_str)
+   {
+      $not_validated = split(',', $_GET['tags']);
+      $validated = array();
+
+      foreach($not_validated as $tag) {
+         if(is_numeric($tag))
+            array_push($validated, $tag);
+      }
+   
+      return $validated;
+   
+   } // extractTags()
+
 }
 
 ?>