--- cacti-0.8.7e/graph_view.php	2009-10-02 10:30:43.000000000 +0300
+++ cacti/graph_view.php	2009-10-07 12:42:04.032959475 +0300
@@ -30,6 +30,7 @@ include_once('./lib/timespan_settings.ph
 define("MAX_DISPLAY_PAGES", 21);
 
 /* ================= input validation ================= */
+input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
 input_validate_input_number(get_request_var_request('branch_id'));
 input_validate_input_number(get_request_var_request('hide'));
 input_validate_input_number(get_request_var_request('tree_id'));
@@ -41,6 +42,11 @@ input_validate_input_regex(get_request_v
 input_validate_input_regex(get_request_var_request('nodeid'), '^([_a-z0-9]+)$');
 /* ==================================================== */
 
+if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
+	// fill $host_id from $host_name. empty result is ok too, we'll list previous view then
+	$_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
+}
+
 /* clean up action string */
 if (isset($_REQUEST['action'])) {
 	$_REQUEST['action'] = sanitize_search_string(get_request_var_request('action'));
@@ -162,6 +168,7 @@ case 'preview':
 	}
 
 	/* ================= input validation ================= */
+	input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
 	input_validate_input_number(get_request_var_request('host_id'));
 	input_validate_input_number(get_request_var_request('graph_template_id'));
 	input_validate_input_number(get_request_var_request('page'));
@@ -600,6 +607,7 @@ case 'list':
 	}
 
 	/* ================= input validation ================= */
+	input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
 	input_validate_input_number(get_request_var_request('host_id'));
 	input_validate_input_number(get_request_var_request('graph_template_id'));
 	input_validate_input_number(get_request_var_request('rows'));