diff --git a/wp-includes/query.php b/wp-includes/query.php
index 8e3544a262..5d00dce60b 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -519,6 +519,7 @@ class WP_Query {
 		$qv['day'] = (int) $qv['day'];
 		$qv['w'] = (int) $qv['w'];
 		$qv['m'] =  (int) $qv['m'];
+		$qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers
 		if ( '' !== $qv['hour'] ) $qv['hour'] = (int) $qv['hour'];
 		if ( '' !== $qv['minute'] ) $qv['minute'] = (int) $qv['minute'];
 		if ( '' !== $qv['second'] ) $qv['second'] = (int) $qv['second'];
diff --git a/wp-includes/theme.php b/wp-includes/theme.php
index 95e3af680f..984b4ee222 100644
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@@ -363,8 +363,8 @@ function get_author_template() {
 
 function get_category_template() {
 	$template = '';
-	if ( file_exists(TEMPLATEPATH . "/category-" . get_query_var('cat') . '.php') )
-		$template = TEMPLATEPATH . "/category-" . get_query_var('cat') . '.php';
+	if ( file_exists(TEMPLATEPATH . "/category-" . absint( get_query_var('cat') ) . '.php') )
+		$template = TEMPLATEPATH . "/category-" . absint( get_query_var('cat') ) . '.php';
 	elseif ( file_exists(TEMPLATEPATH . "/category.php") )
 		$template = TEMPLATEPATH . "/category.php";