From f4649668178bca8af6444eb6cc24ff92f35de921 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Mon, 26 Sep 2016 17:04:43 +0300
Subject: [PATCH] closes #5053

---
 src/controllers/admin/flags.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/controllers/admin/flags.js b/src/controllers/admin/flags.js
index 75a82d1e55..bed5c57767 100644
--- a/src/controllers/admin/flags.js
+++ b/src/controllers/admin/flags.js
@@ -1,6 +1,8 @@
 "use strict";
 
 var async = require('async');
+var validator = require('validator');
+
 var posts = require('../../posts');
 var user = require('../../user');
 var categories = require('../../categories');
@@ -54,7 +56,7 @@ flagsController.get = function(req, res, next) {
 			assignees: results.assignees,
 			analytics: results.analytics,
 			categories: results.categories,
-			byUsername: byUsername,
+			byUsername: validator(String(byUsername)),
 			sortByCount: sortBy === 'count',
 			sortByTime: sortBy === 'time',
 			pagination: pagination.create(page, pageCount, req.query),