ADD_DESCR("guest", __FILE__);
// Load the include file
-$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, $GLOBALS['what']);
+$INC = sprintf("%sinc/modules/guest/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what']));
$IS_VALID = WHAT_IS_VALID(GET_ACTION("guest", $GLOBALS['what']), $GLOBALS['what'], "guest");
if ((FILE_READABLE($INC)) && ($IS_VALID)) {