Index: /branches/release-41/lib/MT/App/Search/Legacy.pm
===================================================================
--- /branches/release-41/lib/MT/App/Search/Legacy.pm (revision 1823)
+++ /branches/release-41/lib/MT/App/Search/Legacy.pm (revision 2739)
@@ -292,5 +292,6 @@
     ## blog from the database.
     my($blog);
-    my $include = $app->param('IncludeBlogs');
+    my $include = $app->param('IncludeBlogs') || '';  
+    $include =~ s/[^\d,]//g;  
     if ($include) {
         my @blog_ids = split ',', $include;
@@ -303,6 +304,8 @@
             $blog = MT::Blog->load($app->param('blog_id'));
         }
-        $include = $blog->id if $blog;
-    }
+        $include = $blog->id if $blog;  
+    }  
+    return $app->error($app->translate('Invalid request.'))  
+        unless $blog;  
 
     ## Initialize and set up the context object.
@@ -317,5 +320,8 @@
     }
     $ctx->stash('template_id', $app->{searchparam}{Template});
-    $ctx->stash('maxresults', $app->{searchparam}{MaxResults});
+    my $maxresults = $app->{searchparam}{MaxResults} || '';  
+    $maxresults =~ s/\D//g;  
+    $app->{searchparam}{MaxResults} = $maxresults;  
+    $ctx->stash('maxresults', $maxresults);  
     $ctx->var( 'page_layout', $blog->page_layout )
         if $blog && $blog->page_layout;