diff --git a/CHANGELOG b/CHANGELOG
index 929944c301..ca91ceb651 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 Cacti CHANGELOG
 
 1.2.20
+-security:   Resolve issues with SQL injections in user_admin.php
 -issue#4363: Duplicate entries in graph_templates_item - mabye an aftermath of the template edit bug
 -issue#4435: Unable to Save Graph Settings from the Graphs pages
 -issue#4449: Script Server can crash if an OID is missing from device
diff --git a/user_admin.php b/user_admin.php
index bb7ea65a04..ff62ac04d2 100644
--- a/user_admin.php
+++ b/user_admin.php
@@ -84,16 +84,16 @@
 function update_policies() {
 	$set = '';
 
-	$set .= isset_request_var('policy_graphs') ? 'policy_graphs=' . get_nfilter_request_var('policy_graphs'):'';
-	$set .= isset_request_var('policy_trees') ? ($set != '' ? ',':'') . 'policy_trees=' . get_nfilter_request_var('policy_trees'):'';
-	$set .= isset_request_var('policy_hosts') ? ($set != '' ? ',':'') . 'policy_hosts=' . get_nfilter_request_var('policy_hosts'):'';
-	$set .= isset_request_var('policy_graph_templates') ? ($set != '' ? ',':'') . 'policy_graph_templates=' . get_nfilter_request_var('policy_graph_templates'):'';
+	$set .= isset_request_var('policy_graphs') ? 'policy_graphs=' . get_filter_request_var('policy_graphs'):'';
+	$set .= isset_request_var('policy_trees') ? ($set != '' ? ',':'') . 'policy_trees=' . get_filter_request_var('policy_trees'):'';
+	$set .= isset_request_var('policy_hosts') ? ($set != '' ? ',':'') . 'policy_hosts=' . get_filter_request_var('policy_hosts'):'';
+	$set .= isset_request_var('policy_graph_templates') ? ($set != '' ? ',':'') . 'policy_graph_templates=' . get_filter_request_var('policy_graph_templates'):'';
 
 	if ($set != '') {
-		db_execute_prepared("UPDATE user_auth SET $set WHERE id = ?", array(get_nfilter_request_var('id')));
+		db_execute_prepared("UPDATE user_auth SET $set WHERE id = ?", array(get_filter_request_var('id')));
 	}
 
-	header('Location: user_admin.php?action=user_edit&header=false&tab=' .  get_nfilter_request_var('tab') . '&id=' . get_nfilter_request_var('id'));
+	header('Location: user_admin.php?action=user_edit&header=false&tab=' .  get_nfilter_request_var('tab') . '&id=' . get_filter_request_var('id'));
 	exit;
 }