diff -ruBbdN cacti-0.8.7/include/top_graph_header.php cacti-0.8.7-patched/include/top_graph_header.php
--- cacti-0.8.7/include/top_graph_header.php	2007-10-23 18:43:09.000000000 -0400
+++ cacti-0.8.7-patched/include/top_graph_header.php	2007-11-03 12:51:39.000000000 -0400
@@ -25,6 +25,10 @@
 $using_guest_account = false;
 $show_console_tab = true;
 
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var_request("local_graph_id"));
+/* ==================================================== */
+
 if (read_config_option("auth_method") != 0) {
 	/* at this point this user is good to go... so get some setting about this
 	user and put them into variables to save excess SQL in the future */