if (GET_ACTION("guest", $GLOBALS['what']) == "admin") {
// Only when one admin link is clicked...
- $INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']);
+ $INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what']));
if (FILE_READABLE($INC)) {
// Ok, we finally load the guest action module
include($INC);