Ah yes good point, you've set off a nasty tic in my left eye, remembering the get_prid() function and how the cart links back to the product page to 'edit' the product, and how I tried to reverse engineer how this stuff works from code with little documentation :) Now I look again, init_sanitize does check products_id with more complicated preg_match logic allowing the colon-separated format and /\d/ regex which, I just checked, an integer PHP variable does test OK with, as does a string type variable, so the ceon addon can put an integer type into $_GET['products_id'] without error. Anyway I'll comment on the github issue I raised.
Bookmarks