diff -ur cacti-0.8.7h/graph_view.php cacti-0.8.7h.new/graph_view.php
--- cacti-0.8.7h/graph_view.php	2011-09-27 00:41:03.000000000 +0400
+++ cacti-0.8.7h.new/graph_view.php	2011-10-06 13:50:36.160083749 +0400
@@ -158,12 +158,18 @@
 	}
 
 	/* ================= input validation ================= */
+	input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
 	input_validate_input_number(get_request_var_request("host_id"));
 	input_validate_input_number(get_request_var_request("graph_template_id"));
 	input_validate_input_number(get_request_var_request("page"));
 	input_validate_input_number(get_request_var_request("rows"));
 	/* ==================================================== */
 
+	if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
+		// fill $host_id from $host_name. empty result is ok too, we'll list previous view then
+		$_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
+	}
+
 	/* clean up search string */
 	if (isset($_REQUEST["filter"])) {
 		$_REQUEST["filter"] = sanitize_search_string(get_request_var_request("filter"));
@@ -516,11 +522,17 @@
 	}
 
 	/* ================= input validation ================= */
+	input_validate_input_regex(get_request_var_request("host_name"), "^([a-zA-Z0-9_.-]+)$");
 	input_validate_input_number(get_request_var_request("host_id"));
 	input_validate_input_number(get_request_var_request("graph_template_id"));
 	input_validate_input_number(get_request_var_request("rows"));
 	/* ==================================================== */
 
+	if (empty($_REQUEST['host_id']) && !empty($_REQUEST['host_name'])) {
+		// fill $host_id from $host_name. empty result is ok too, we'll list previous view then
+		$_REQUEST['host_id'] = db_fetch_cell("select id from host where description='{$_REQUEST['host_name']}'");
+	}
+
 	/* clean up search string */
 	if (isset($_REQUEST["filter"])) {
 		$_REQUEST["filter"] = sanitize_search_string(get_request_var_request("filter"));