xss: Search parent_id

This mitigates a vulnerability reported by @indevi0us where XSS is
possible via the parent_id parameter. This forces the parameter to an
INT so that there is no chance of XSS.

include/ajax.search.php

@@ -31,7 +31,7 @@ function getAdvancedSearchDialog($key=false, $context='advsearch') {
         $search = new AdhocSearch(array(
             'root' => 'T',
             'staff_id' => $thisstaff->getId(),
-            'parent_id' => @$_GET['parent_id'] ?: 0,
+            'parent_id' => (int) @$_GET['parent_id'] ?: 0,
         ));
         if ($search->parent_id) {
             $search->flags |= SavedSearch::FLAG_INHERIT_COLUMNS;
@@ -168,7 +168,7 @@ function createSearch() {
                     'title' => __('Add Queue'),
                     'root' => 'T',
                     'staff_id' => $thisstaff->getId(),
-                    'parent_id' =>  $_GET['pid'],
+                    'parent_id' => (int) $_GET['pid'],
                     ));
         $this->_tryAgain($search);
     }

include/staff/templates/advanced-search.tmpl.php

@@ -1,9 +1,9 @@
 <?php
 global $thisstaff;
 
-$parent_id = (isset($_REQUEST['parent_id']) && is_numeric($_REQUEST['parent_id']))
+$parent_id = (int) ((isset($_REQUEST['parent_id']) && is_numeric($_REQUEST['parent_id']))
         ? $_REQUEST['parent_id']
-        : $search->parent_id;
+        : $search->parent_id);
 if ($parent_id
     && is_numeric($parent_id)
     && (!($parent = SavedQueue::lookup($parent_id)))