diff --git a/wp-includes/query.php b/wp-includes/query.php
index bbda607ff6..182e674b93 100644
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@@ -657,6 +657,12 @@ class WP_Query {
 			}
 		}
 
+		if ( !empty($qv['post_type']) )
+			$qv['post_type'] = sanitize_user($qv['post_type'], true);
+
+		if ( !empty($qv['post_status']) )
+			$qv['post_status'] = sanitize_user($qv['post_status'], true);
+
 		if ( $this->is_posts_page && !$qv['withcomments'] )
 			$this->is_comment_feed = false;
 
diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php
index b566fb70ec..df584c635b 100644
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@@ -136,6 +136,15 @@ function url_to_postid($url) {
 
 			// Substitute the substring matches into the query.
 			eval("\$query = \"$query\";");
+			// Filter out non-public query vars
+			global $wp;
+			parse_str($query, $query_vars);
+			$query = array();
+			foreach ( $query_vars as $key => $value ) {
+				if ( in_array($key, $wp->public_query_vars) )
+					$query[$key] = $value;
+			}
+			// Do the query
 			$query = new WP_Query($query);
 			if ( $query->is_single || $query->is_page )
 				return $query->post->ID;