Index: includes/theme.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/theme.inc,v
retrieving revision 1.495
diff -u -r1.495 theme.inc
--- includes/theme.inc	13 Jun 2009 19:34:57 -0000	1.495
+++ includes/theme.inc	14 Jun 2009 06:49:44 -0000
@@ -2042,6 +2042,9 @@
   foreach ($args as $arg) {
     // Remove slashes or null per SA-CORE-2009-003.
     $arg = str_replace(array("/", "\\", "\0"), '', $arg);
+    if (is_numeric($arg)) {
+      $suggestions[] = $suggestion . '-~';
+    }
     $suggestions[] = $suggestion . '-' . $arg;
     if (!is_numeric($arg)) {
       $suggestion .= '-' . $arg;
Index: modules/simpletest/tests/theme.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/theme.test,v
retrieving revision 1.3
diff -u -r1.3 theme.test
--- modules/simpletest/tests/theme.test	9 Jun 2009 21:53:26 -0000	1.3
+++ modules/simpletest/tests/theme.test	14 Jun 2009 06:49:45 -0000
@@ -27,17 +27,17 @@
     variable_set('site_frontpage', 'nobody-home');
     $args = array('node', '1', 'edit');
     $suggestions = template_page_suggestions($args);
-    $this->assertEqual($suggestions, array('page-node', 'page-node-1', 'page-node-edit'), t('Found expected node edit page template suggestions'));
+    $this->assertEqual($suggestions, array('page-node', 'page-node-~', 'page-node-1', 'page-node-edit'), t('Found expected node edit page template suggestions'));
     // Check attack vectors.
     $args = array('node', '\\1');
     $suggestions = template_page_suggestions($args);
-    $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\ from template suggestions'));
+    $this->assertEqual($suggestions, array('page-node', 'page-node-~', 'page-node-1'), t('Removed invalid \\ from template suggestions'));
     $args = array('node', '1/');
     $suggestions = template_page_suggestions($args);
-    $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid / from template suggestions'));
+    $this->assertEqual($suggestions, array('page-node', 'page-node-~', 'page-node-1'), t('Removed invalid / from template suggestions'));
     $args = array('node', "1\0");
     $suggestions = template_page_suggestions($args);
-    $this->assertEqual($suggestions, array('page-node', 'page-node-1'), t('Removed invalid \\0 from template suggestions'));
+    $this->assertEqual($suggestions, array('page-node', 'page-node-~', 'page-node-1'), t('Removed invalid \\0 from template suggestions'));
     // Tests for drupal_discover_template()
     $suggestions = array('page');
     $this->assertEqual(drupal_discover_template(array('themes/garland'), $suggestions), 'themes/garland/page.tpl.php', t('Safe template discovered'));