From fa499aef185630b7a146f6061056b9d7e01639be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <baris@nodebb.org>
Date: Tue, 31 Jul 2018 14:26:12 -0400
Subject: [PATCH] closes #6680

---
 src/routes/feeds.js | 4 +++-
 test/feeds.js       | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/routes/feeds.js b/src/routes/feeds.js
index eb2e2e051c..07e1cf2379 100644
--- a/src/routes/feeds.js
+++ b/src/routes/feeds.js
@@ -154,7 +154,9 @@ function generateForCategory(req, res, next) {
 	}
 	var cid = req.params.category_id;
 	var category;
-
+	if (!parseInt(cid, 10)) {
+		return next();
+	}
 	async.waterfall([
 		function (next) {
 			async.parallel({
diff --git a/test/feeds.js b/test/feeds.js
index 2155ba5793..ffce775857 100644
--- a/test/feeds.js
+++ b/test/feeds.js
@@ -83,6 +83,14 @@ describe('feeds', function () {
 		});
 	});
 
+	it('should 404 if category id is not a number', function (done) {
+		request(nconf.get('url') + '/category/invalid.rss', function (err, res) {
+			assert.ifError(err);
+			assert.equal(res.statusCode, 404);
+			done();
+		});
+	});
+
 	it('should redirect if we do not have read privilege', function (done) {
 		privileges.categories.rescind(['topics:read'], cid, 'guests', function (err) {
 			assert.ifError(err);