From 2704727cafb41123d49d801083331ce0e1c70258 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Mon, 26 Sep 2016 18:42:01 +0300
Subject: [PATCH] fix /unread

---
 src/controllers/unread.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/controllers/unread.js b/src/controllers/unread.js
index 4f0b40bf38..8860f541d9 100644
--- a/src/controllers/unread.js
+++ b/src/controllers/unread.js
@@ -19,7 +19,7 @@ var validFilter = {'': true, 'new': true, 'watched': true};
 unreadController.get = function(req, res, next) {
 	var page = parseInt(req.query.page, 10) || 1;
 	var results;
-	var cid = validator.escape(String(req.query.cid));
+	var cid = req.query.cid;
 	var filter = req.params.filter || '';
 
 	if (!validFilter[filter]) {
@@ -86,7 +86,7 @@ unreadController.get = function(req, res, next) {
 			return filter && filter.selected;
 		})[0];
 
-		data.querystring = cid ? ('?cid=' + cid) : '';
+		data.querystring = cid ? ('?cid=' + validator.escape(String(cid))) : '';
 
 		res.render('unread', data);
 	});