diff --git a/includes/runtime/Viewer.php b/includes/runtime/Viewer.php
index a5767e82d2ee195cb07fb5b54f4bd937c9305ba2..73d43351d50d99e21d2870cd96cc7ad912aaa55d 100644
--- a/includes/runtime/Viewer.php
+++ b/includes/runtime/Viewer.php
@@ -139,6 +139,17 @@ class Vtiger_Viewer extends SmartyBC {
 			return "modules/Vtiger/$templateName";
 		}
 	}
+
+	/** @Override */
+	public function assign($tpl_var, $value = null, $nocache = false) {
+		// Reject unexpected value assignments.
+		if ($tpl_var == 'SELECTED_MENU_CATEGORY') {
+			if ($val && preg_match("/[^a-zA-Z0-9_-]/", $val, $m)) {
+				return;
+			}
+		}
+		return parent::assign($tpl_var, $value, $nocache);	
+	}
 	
 	/**
 	 * Function to display/fetch the smarty file contents
@@ -213,4 +224,4 @@ function vresource_url($url) {
 
 function getPurifiedSmartyParameters($param){
     return htmlentities($_REQUEST[$param]);
-}
\ No newline at end of file
+}