From a802ad604eeea06bf658a2dc59405bdea03835ee Mon Sep 17 00:00:00 2001
From: steinm <steinm@577cc39b-cfd1-4aa2-8bc3-eda205cea05a>
Date: Thu, 1 Dec 2011 21:36:18 +0000
Subject: [PATCH] - use preg_replace() instead of sanitizeString()

---
 op/op.EditDocument.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/op/op.EditDocument.php b/op/op.EditDocument.php
index fce9fdc9e..b67242ec4 100644
--- a/op/op.EditDocument.php
+++ b/op/op.EditDocument.php
@@ -47,7 +47,7 @@ if ($document->getAccessMode($user) < M_READWRITE) {
 $name =     sanitizeString($_POST["name"]);
 $comment =  sanitizeString($_POST["comment"]);
 $keywords = sanitizeString($_POST["keywords"]);
-$categories = sanitizeString($_POST["categoryidform1"]);
+$categories = preg_replace('/[^0-9,]+/', '', $_POST["categoryidform1"]);
 $sequence = $_POST["sequence"];
 if (!is_numeric($sequence)) {
 	$sequence="keep";