From 7c62293b766d824cc6ee5803f62774ff161cdbb9 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sun, 13 Oct 2013 13:38:24 +0200
Subject: [PATCH] Permalink security fix

---
 src/Controllers/PostController.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Controllers/PostController.php b/src/Controllers/PostController.php
index 5ce2865c..4b1f00d9 100644
--- a/src/Controllers/PostController.php
+++ b/src/Controllers/PostController.php
@@ -8,9 +8,9 @@ class PostController
 		$callback();
 	}
 
-	private static function locatePost($key)
+	private static function locatePost($key, $disallowNumeric = false)
 	{
-		if (is_numeric($key))
+		if (is_numeric($key) and !$disallowNumeric)
 		{
 			$post = R::findOne('post', 'id = ?', [$key]);
 			if (!$post)
@@ -720,7 +720,7 @@ class PostController
 	public function retrieveAction($name)
 	{
 		$this->context->layoutName = 'layout-file';
-		$post = self::locatePost($name);
+		$post = self::locatePost($name, true);
 		R::preload($post, ['tag']);
 
 		PrivilegesHelper::confirmWithException($this->context->user, Privilege::RetrievePost);