diff -u cacti-0.8.6h/debian/changelog cacti-0.8.6h/debian/changelog
--- cacti-0.8.6h/debian/changelog
+++ cacti-0.8.6h/debian/changelog
@@ -1,3 +1,15 @@
+cacti (0.8.6h-1ubuntu3.1) dapper-security; urgency=low
+
+  * SECURITY UPDATE: SQL injection
+  * CVE-2006-6799.dpatch: Fix SQL injection vulnerability in Cacti when
+    register_argc_argv is enabled. Patch taken from upstream. 
+    (Closes  LP#78453)
+  * References
+    CVE-2006-6799
+    http://www.cacti.net/download_patches.php?version=0.8.6h
+
+ -- Martin Jürgens <martin@gamesplace.info>  Sun, 28 Jan 2007 00:25:31 +0100
+
 cacti (0.8.6h-1ubuntu3) dapper; urgency=low
 
   * Install apache2 by default. (Malone: #29008)
diff -u cacti-0.8.6h/debian/patches/00list cacti-0.8.6h/debian/patches/00list
--- cacti-0.8.6h/debian/patches/00list
+++ cacti-0.8.6h/debian/patches/00list
@@ -2,0 +3 @@
+CVE-2006-6799.dpatch
diff -u cacti-0.8.6h/debian/po/templates.pot cacti-0.8.6h/debian/po/templates.pot
--- cacti-0.8.6h/debian/po/templates.pot
+++ cacti-0.8.6h/debian/po/templates.pot
@@ -1,22 +1,14 @@
-#
-#    Translators, if you are not familiar with the PO format, gettext
-#    documentation is worth reading, especially sections dedicated to
-#    this format, e.g. by running:
-#         info -n '(gettext)PO Files'
-#         info -n '(gettext)Header Entry'
-#
-#    Some information specific to po-debconf are available at
-#            /usr/share/doc/po-debconf/README-trans
-#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
-#
-#    Developers do not need to manually edit POT or PO files.
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -27,23 +19,23 @@
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr ""
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr ""
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr ""
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr ""
diff -u cacti-0.8.6h/debian/po/pt.po cacti-0.8.6h/debian/po/pt.po
--- cacti-0.8.6h/debian/po/pt.po
+++ cacti-0.8.6h/debian/po/pt.po
@@ -6,8 +6,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti 0.8.6g-2\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2005-11-01 12:08+0100\n"
 "Last-Translator: Luís Ferreira <anarka@anarka.org>\n"
 "Language-Team: Portuguese <traduz@debianpt.org>\n"
@@ -17,25 +17,25 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Todos, Nenhum"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Tipo de servidor web"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Que tipo de servidor web deve o cacti usar?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr "Selecione \"Nenhum\" se desejar configurar o seu servidor web á mão."
 
diff -u cacti-0.8.6h/debian/po/cs.po cacti-0.8.6h/debian/po/cs.po
--- cacti-0.8.6h/debian/po/cs.po
+++ cacti-0.8.6h/debian/po/cs.po
@@ -14,8 +14,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti 0.8.6f-1\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2005-07-06 16:30+0200\n"
 "Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
 "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
@@ -25,25 +25,25 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Všechny, Žádný"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Typ webového serveru"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Jaký typ webového serveru použít pro cacti?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr "Pokud chcete nastavit webový server ručně, vyberte \"Žádný\"."
 
diff -u cacti-0.8.6h/debian/po/pt_BR.po cacti-0.8.6h/debian/po/pt_BR.po
--- cacti-0.8.6h/debian/po/pt_BR.po
+++ cacti-0.8.6h/debian/po/pt_BR.po
@@ -14,8 +14,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2005-03-25 21:33-0300\n"
 "Last-Translator: Tiago Bortoletto Vaz <tiago@debian-ba.org>\n"
 "Language-Team: Debian-BR Project\n"
@@ -25,26 +25,26 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 #, fuzzy
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Todos"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Tipo do servidor WEB"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Que tipo de base de dados deve ser usada pelo cacti ?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr ""
 "Selecione \"None\" caso voc� queira configurar seu servidor WEB manualmente."
diff -u cacti-0.8.6h/debian/po/fr.po cacti-0.8.6h/debian/po/fr.po
--- cacti-0.8.6h/debian/po/fr.po
+++ cacti-0.8.6h/debian/po/fr.po
@@ -16,8 +16,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti 0.6.8a-13\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2005-03-07 08:06+0100\n"
 "Last-Translator: Christian Perrier <bubulle@debian.org>\n"
 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@@ -29,25 +29,25 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Tous, Aucun"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Type de serveur web�:"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Veuillez choisir le type de serveur web qu'utilisera Cacti."
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr ""
 "Choisissez ��Aucun�� si vous pr�f�rez configurer vous-m�me votre serveur web."
diff -u cacti-0.8.6h/debian/po/es.po cacti-0.8.6h/debian/po/es.po
--- cacti-0.8.6h/debian/po/es.po
+++ cacti-0.8.6h/debian/po/es.po
@@ -26,8 +26,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2005-08-29 18:36+0100\n"
 "Last-Translator: César Gómez Martín <cesar.gomez@gmail.com>\n"
 "Language-Team: Debian l10n spanish <debian-l10n-spanish@lists.debian.org>\n"
@@ -40,25 +40,25 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Todos, Ninguno"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Tipo de servidor web"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "¿Qué tipo de servidor web quiere usar con cacti?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr "Seleccione «Ninguno» si quiere configurar su servidor web manualmente."
 
diff -u cacti-0.8.6h/debian/po/de.po cacti-0.8.6h/debian/po/de.po
--- cacti-0.8.6h/debian/po/de.po
+++ cacti-0.8.6h/debian/po/de.po
@@ -15,8 +15,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -26,27 +26,27 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 #, fuzzy
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Alle"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr ""
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 #, fuzzy
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Welche Art von Webserver verwenden Sie f�r Cacti?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr ""
 
diff -u cacti-0.8.6h/debian/po/sv.po cacti-0.8.6h/debian/po/sv.po
--- cacti-0.8.6h/debian/po/sv.po
+++ cacti-0.8.6h/debian/po/sv.po
@@ -14,8 +14,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti 0.8.6g-1\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2005-11-12 00:07+0100\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
 "Language-Team: Swedish <sv@li.org>\n"
@@ -27,25 +27,25 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Alla, Ingen"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Webbserver-typ"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Vilken typ av webbserver ska användas för cacti?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr "Välj \"Ingen\" om du vill konfigurera din webbserver på egen hand."
 
diff -u cacti-0.8.6h/debian/po/nl.po cacti-0.8.6h/debian/po/nl.po
--- cacti-0.8.6h/debian/po/nl.po
+++ cacti-0.8.6h/debian/po/nl.po
@@ -14,8 +14,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti 0.8.4-2\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2004-09-09 11:57+0100\n"
 "Last-Translator: Luk Claes <luk.claes@ugent.be>\n"
 "Language-Team: Debian l10n Dutch <debian-l10n-dutch@lists.debian.org>\n"
@@ -25,25 +25,25 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Allemaal, Geen"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Type webserver"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Welk soort webserver moet door cacti worden gebruikt?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr "Selecteer \"Geen\" als u uw webserver handmatig wilt configureren."
 
diff -u cacti-0.8.6h/debian/po/vi.po cacti-0.8.6h/debian/po/vi.po
--- cacti-0.8.6h/debian/po/vi.po
+++ cacti-0.8.6h/debian/po/vi.po
@@ -5,8 +5,8 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: cacti 0.8.6d-1\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-12-10 22:24+0100\n"
+"Report-Msgid-Bugs-To: seanius@debian.org\n"
+"POT-Creation-Date: 2007-01-28 00:26+0100\n"
 "PO-Revision-Date: 2005-06-12 20:42+0930\n"
 "Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
 "Language-Team: Vietnamese <gnomevi-list@lists.sourceforge.net>\n"
@@ -17,25 +17,25 @@
 
 #. Type: select
 #. Choices
-#: ../cacti.templates:3
+#: ../cacti.templates:1001
 msgid "Apache, Apache-SSL, Apache2, All, None"
 msgstr "Apache, Apache-SSL, Apache2, Tất cả, Không có"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Webserver type"
 msgstr "Loại trình phục vụ Mạng"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Which kind of web server should be used by cacti?"
 msgstr "Trình cacti sẽ dùng trình phục vụ Mạng loại nào?"
 
 #. Type: select
 #. Description
-#: ../cacti.templates:5
+#: ../cacti.templates:1002
 msgid "Select \"None\" if you would like to configure your webserver by hand."
 msgstr "Hãy chọn «Không có» nếu bạn muốn tự cấu hình trình phục vụ Mạng."
 
only in patch2:
unchanged:
--- cacti-0.8.6h.orig/debian/patches/CVE-2006-6799.dpatch
+++ cacti-0.8.6h/debian/patches/CVE-2006-6799.dpatch
@@ -0,0 +1,546 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2006-6799.dpatch by  <martin@gamesplace.info>
+##
+## DP: Fix SQL injection vulnerability
+
+@DPATCH@
+diff -urNad cacti-0.8.6h~/cacti.sql cacti-0.8.6h/cacti.sql
+--- cacti-0.8.6h~/cacti.sql	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/cacti.sql	2007-01-28 00:23:48.000000000 +0100
+@@ -1846,7 +1846,7 @@
+   avg_time decimal(10,5) default '0.00000',
+   total_polls int(12) unsigned default '0',
+   failed_polls int(12) unsigned default '0',
+-  availability decimal(7,5) NOT NULL default '100.00000',
++  availability decimal(8,5) NOT NULL default '100.00000',
+   PRIMARY KEY  (id)
+ ) TYPE=MyISAM;
+ 
+diff -urNad cacti-0.8.6h~/cmd.php cacti-0.8.6h/cmd.php
+--- cacti-0.8.6h~/cmd.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/cmd.php	2007-01-28 00:23:48.000000000 +0100
+@@ -26,7 +26,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+@@ -71,6 +71,10 @@
+ 	$print_data_to_stdout = false;
+ 	if ($_SERVER["argc"] == "3") {
+ 		if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
++			/* address potential exploits */
++			input_validate_input_number($_SERVER["argv"][1]);
++			input_validate_input_number($_SERVER["argv"][2]);
++
+ 			$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
+ 					"id >= " .
+ 					$_SERVER["argv"][1] .
+diff -urNad cacti-0.8.6h~/copy_cacti_user.php cacti-0.8.6h/copy_cacti_user.php
+--- cacti-0.8.6h~/copy_cacti_user.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/copy_cacti_user.php	2007-01-28 00:23:48.000000000 +0100
+@@ -25,9 +25,10 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (! isset($_SERVER["argv"][0])) {
+-	die("This script is only meant to run at the command line.\n");
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
++
+ if (empty($_SERVER["argv"][2])) {
+ 	die("\nSyntax:\n php copy_cacti_user.php <template user> <new user>\n\n");
+ }
+diff -urNad cacti-0.8.6h~/graph.php cacti-0.8.6h/graph.php
+--- cacti-0.8.6h~/graph.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/graph.php	2007-01-28 00:23:48.000000000 +0100
+@@ -130,13 +130,13 @@
+ 	$timespan = -($rra["timespan"]);
+ 
+ 	/* find the step and how often this graph is updated with new data */
+-	$ds_step = db_fetch_cell("select
++	$ds_step = db_fetch_cell("SELECT
+ 		data_template_data.rrd_step
+-		from (data_template_data,data_template_rrd,graph_templates_item)
+-		where graph_templates_item.task_item_id=data_template_rrd.id
+-		and data_template_rrd.local_data_id=data_template_data.local_data_id
+-		and graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] .
+-		"limit 0,1");
++		FROM (data_template_data,data_template_rrd,graph_templates_item)
++		WHERE graph_templates_item.task_item_id=data_template_rrd.id
++		AND data_template_rrd.local_data_id=data_template_data.local_data_id
++		AND graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] .
++		" LIMIT 0,1");
+ 	$ds_step = empty($ds_step) ? 300 : $ds_step;
+ 	$seconds_between_graph_updates = ($ds_step * $rra["steps"]);
+ 
+diff -urNad cacti-0.8.6h~/host.php cacti-0.8.6h/host.php
+--- cacti-0.8.6h~/host.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/host.php	2007-01-28 00:23:47.000000000 +0100
+@@ -726,18 +726,18 @@
+ 		unset($_REQUEST["host_status"]);
+ 	}
+ 
+-	if (!empty($_SESSION["sess_host_status"])) {
+-		if ($_SESSION["sess_host_status"] != $_REQUEST["host_status"]) {
+-			$_REQUEST["page"] = 1;
+-		}
+-	}
+-
+ 	/* remember these search fields in session vars so we don't have to keep passing them around */
+ 	load_current_session_value("page", "sess_device_current_page", "1");
+ 	load_current_session_value("filter", "sess_device_filter", "");
+ 	load_current_session_value("host_template_id", "sess_device_host_template_id", "-1");
+ 	load_current_session_value("host_status", "sess_host_status", "-1");
+ 
++	if (!empty($_SESSION["sess_host_status"])) {
++		if ($_SESSION["sess_host_status"] != $_REQUEST["host_status"]) {
++			$_REQUEST["page"] = 1;
++		}
++	}
++
+ 	html_start_box("<strong>Devices</strong>", "98%", $colors["header"], "3", "center", "host.php?action=edit&host_template_id=" . $_REQUEST["host_template_id"] . "&host_status=" . $_REQUEST["host_status"]);
+ 
+ 	include("./include/html/inc_device_filter_table.php");
+diff -urNad cacti-0.8.6h~/include/html/inc_timespan_settings.php cacti-0.8.6h/include/html/inc_timespan_settings.php
+--- cacti-0.8.6h~/include/html/inc_timespan_settings.php	2006-01-04 04:08:29.000000000 +0100
++++ cacti-0.8.6h/include/html/inc_timespan_settings.php	2007-01-28 00:23:48.000000000 +0100
+@@ -24,6 +24,20 @@
+  +-------------------------------------------------------------------------+
+ */
+ 
++/* ================= input validation ================= */
++input_validate_input_number(get_request_var_request("predefined_timespan"));
++/* ==================================================== */
++
++/* clean up date1 string */
++if (isset($_REQUEST["date1"])) {
++	$_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
++}
++
++/* clean up date2 string */
++if (isset($_REQUEST["date2"])) {
++	$_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
++}
++
+ /* initialize the timespan array */
+ $timespan = array();
+ 
+diff -urNad cacti-0.8.6h~/lib/auth.php cacti-0.8.6h/lib/auth.php
+--- cacti-0.8.6h~/lib/auth.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/lib/auth.php	2007-01-28 00:23:48.000000000 +0100
+@@ -40,25 +40,25 @@
+ 	$user_auth_perms = db_fetch_assoc("select * from user_auth_perms where user_id = '$old_id'");
+ 	foreach ($user_auth_perms as $row) {
+ 		$row['user_id'] = $new_id;
+-		sql_save($row, 'user_auth_perms', array('user_id', 'item_id', 'type'));
++		sql_save($row, 'user_auth_perms', array('user_id', 'item_id', 'type'), false);
+ 	}
+ 
+ 	$user_auth_realm = db_fetch_assoc("select * from user_auth_realm where user_id = '$old_id'");
+ 	foreach ($user_auth_realm as $row) {
+ 		$row['user_id'] = $new_id;
+-		sql_save($row, 'user_auth_realm', array('realm_id', 'user_id'));
++		sql_save($row, 'user_auth_realm', array('realm_id', 'user_id'), false);
+ 	}
+ 
+ 	$settings_graphs = db_fetch_assoc("select * from settings_graphs where user_id = '$old_id'");
+ 	foreach ($settings_graphs as $row) {
+ 		$row['user_id'] = $new_id;
+-		sql_save($row, 'settings_graphs', array('user_id', 'name'));
++		sql_save($row, 'settings_graphs', array('user_id', 'name'), false);
+ 	}
+ 
+ 	$settings_tree = db_fetch_assoc("select * from settings_tree where user_id = '$old_id'");
+ 	foreach ($settings_tree as $row) {
+ 		$row['user_id'] = $new_id;
+-		sql_save($row, 'settings_tree', array('user_id', 'graph_tree_item_id'));
++		sql_save($row, 'settings_tree', array('user_id', 'graph_tree_item_id'), false);
+ 	}
+ }
+ 
+diff -urNad cacti-0.8.6h~/lib/database.php cacti-0.8.6h/lib/database.php
+--- cacti-0.8.6h~/lib/database.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/lib/database.php	2007-01-28 00:23:48.000000000 +0100
+@@ -214,17 +214,21 @@
+    @arg $table_name - the name of the table to make the replacement in
+    @arg $key_cols - the primary key(s)
+    @returns - the auto incriment id column (if applicable) */
+-function sql_save($array_items, $table_name, $key_cols = "id") {
++function sql_save($array_items, $table_name, $key_cols = "id", $autoinc = true) {
+ 	global $cnn_id;
+ 
+ 	while (list ($key, $value) = each ($array_items)) {
+ 		$array_items[$key] = "\"" . sql_sanitize($value) . "\"";
+ 	}
+ 
+-	if (!$cnn_id->Replace($table_name, $array_items, $key_cols, false)) { return 0; }
++	$replace_result = $cnn_id->Replace($table_name, $array_items, $key_cols, FALSE, $autoinc);
++
++	if ($replace_result == 0) {
++		return 0;
++	}
+ 
+ 	/* get the last AUTO_ID and return it */
+-	if ($cnn_id->Insert_ID() == "0") {
++	if (($cnn_id->Insert_ID() == "0") || ($replace_result == 1)) {
+ 		if (!is_array($key_cols)) {
+ 			if (isset($array_items[$key_cols])) {
+ 				return str_replace("\"", "", $array_items[$key_cols]);
+diff -urNad cacti-0.8.6h~/lib/graph_variables.php cacti-0.8.6h/lib/graph_variables.php
+--- cacti-0.8.6h~/lib/graph_variables.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/lib/graph_variables.php	2007-01-28 00:23:48.000000000 +0100
+@@ -302,27 +302,34 @@
+ 
+ 	/* format the output according to args passed to the variable */
+ 	if ($regexp_match_array[4] == "current") {
++		if (! empty($nth_cache{$graph_item["local_data_id"]}{$graph_item["data_source_name"]})) {
+ 		$nth = $nth_cache{$graph_item["local_data_id"]}{$graph_item["data_source_name"]};
+ 		$nth = ($regexp_match_array[2] == "bits") ? $nth * 8 : $nth;
+ 		$nth /= pow(10,intval($regexp_match_array[3]));
++		}
+ 	}elseif ($regexp_match_array[4] == "total") {
+ 		for ($t=0;($t<count($graph_items));$t++) {
+ 			if ((ereg("(AREA|STACK|LINE[123])", $graph_item_types{$graph_items[$t]["graph_type_id"]})) && (!empty($graph_items[$t]["data_template_rrd_id"]))) {
++				if (! empty($nth_cache{$graph_items[$t]["local_data_id"]}{$graph_items[$t]["data_source_name"]})) {
+ 				$local_nth = $nth_cache{$graph_items[$t]["local_data_id"]}{$graph_items[$t]["data_source_name"]};
+ 				$local_nth = ($regexp_match_array[2] == "bits") ? $local_nth * 8 : $local_nth;
+ 				$local_nth /= pow(10,intval($regexp_match_array[3]));
+ 
+ 				$nth += $local_nth;
++				}
+ 
+ 			}
+ 		}
+ 	}elseif ($regexp_match_array[4] == "max") {
++		if (! empty($nth_cache{$graph_item["local_data_id"]}["nth_percentile_maximum"])) {
+ 		$nth = $nth_cache{$graph_item["local_data_id"]}["nth_percentile_maximum"];
+ 		$nth = ($regexp_match_array[2] == "bits") ? $nth * 8 : $nth;
+ 		$nth /= pow(10,intval($regexp_match_array[3]));
++		}
+ 	}elseif ($regexp_match_array[4] == "total_peak") {
+ 		for ($t=0;($t<count($graph_items));$t++) {
+ 			if ((ereg("(AREA|STACK|LINE[123])", $graph_item_types{$graph_items[$t]["graph_type_id"]})) && (!empty($graph_items[$t]["data_template_rrd_id"]))) {
++				if (! empty($nth_cache{$graph_items[$t]["local_data_id"]}["nth_percentile_maximum"])) {
+ 				$local_nth = $nth_cache{$graph_items[$t]["local_data_id"]}["nth_percentile_maximum"];
+ 				$local_nth = ($regexp_match_array[2] == "bits") ? $local_nth * 8 : $local_nth;
+ 				$local_nth /= pow(10,intval($regexp_match_array[3]));
+@@ -330,9 +337,11 @@
+ 				$nth += $local_nth;
+ 			}
+ 		}
++		}
+ 	}elseif ($regexp_match_array[4] == "all_max_current") {
+ 		for ($t=0;($t<count($graph_items));$t++) {
+ 			if ((ereg("(AREA|STACK|LINE[123])", $graph_item_types{$graph_items[$t]["graph_type_id"]})) && (!empty($graph_items[$t]["data_template_rrd_id"]))) {
++				if (! empty($ninety_fifth_cache{$graph_items[$t]["local_data_id"]}{$graph_items[$t]["data_source_name"]})) {
+ 				$local_nth = $ninety_fifth_cache{$graph_items[$t]["local_data_id"]}{$graph_items[$t]["data_source_name"]};
+ 				$local_nth = ($regexp_match_array[2] == "bits") ? $local_nth * 8 : $local_nth;
+ 				$local_nth /= pow(10,intval($regexp_match_array[3]));
+@@ -342,9 +351,11 @@
+ 				}
+ 			}
+ 		}
++		}
+ 	}elseif ($regexp_match_array[4] == "all_max_peak") {
+ 		for ($t=0;($t<count($graph_items));$t++) {
+ 			if ((ereg("(AREA|STACK|LINE[123])", $graph_item_types{$graph_items[$t]["graph_type_id"]})) && (!empty($graph_items[$t]["data_template_rrd_id"]))) {
++				if (! empty($nth_cache{$graph_items[$t]["local_data_id"]}["nth_percentile_maximum"])) {
+ 				$local_nth = $nth_cache{$graph_items[$t]["local_data_id"]}["nth_percentile_maximum"];
+ 				$local_nth = ($regexp_match_array[2] == "bits") ? $local_nth * 8 : $local_nth;
+ 				$local_nth /= pow(10,intval($regexp_match_array[3]));
+@@ -354,28 +365,23 @@
+ 				}
+ 			}
+ 		}
++		}
+ 	}elseif ($regexp_match_array[4] == "aggregate") {
+-		if (empty($nth_cache{0}["nth_percentile_aggregate_total"])) {
+-			$nth = 0;
+-		}else{
++		if (! empty($nth_cache{0}["nth_percentile_aggregate_total"])) {
+ 			$local_nth = $nth_cache{0}["nth_percentile_aggregate_total"];
+ 			$local_nth = ($regexp_match_array[2] == "bits") ? $local_nth * 8 : $local_nth;
+ 			$local_nth /= pow(10,intval($regexp_match_array[3]));
+ 			$nth = $local_nth;
+ 		}
+ 	}elseif ($regexp_match_array[4] == "aggregate_max") {
+-		if (empty($nth_cache{0}["nth_percentile_aggregate_max"])) {
+-			$nth = 0;
+-		}else{
++		if (! empty($nth_cache{0}["nth_percentile_aggregate_max"])) {
+ 			$local_nth = $nth_cache{0}["nth_percentile_aggregate_max"];
+ 			$local_nth = ($regexp_match_array[2] == "bits") ? $local_nth * 8 : $local_nth;
+ 			$local_nth /= pow(10,intval($regexp_match_array[3]));
+ 			$nth = $local_nth;
+ 		}
+ 	}elseif ($regexp_match_array[4] == "aggregate_sum") {
+-		if (empty($nth_cache{0}["nth_percentile_aggregate_sum"])) {
+-			$nth = 0;
+-		}else{
++		if (! empty($nth_cache{0}["nth_percentile_aggregate_sum"])) {
+ 			$local_nth = $nth_cache{0}["nth_percentile_aggregate_sum"];
+ 			$local_nth = ($regexp_match_array[2] == "bits") ? $local_nth * 8 : $local_nth;
+ 			$local_nth /= pow(10,intval($regexp_match_array[3]));
+diff -urNad cacti-0.8.6h~/lib/import.php cacti-0.8.6h/lib/import.php
+--- cacti-0.8.6h~/lib/import.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/lib/import.php	2007-01-28 00:23:48.000000000 +0100
+@@ -341,7 +341,7 @@
+ 			$save["t_value"] = $item_array["t_value"];
+ 			$save["value"] = addslashes(xml_character_decode($item_array["value"]));
+ 
+-			sql_save($save, "data_input_data", array("data_template_data_id", "data_input_field_id"));
++			sql_save($save, "data_input_data", array("data_template_data_id", "data_input_field_id"), false);
+ 		}
+ 	}
+ 
+@@ -419,7 +419,7 @@
+ 					$save["data_template_rrd_id"] = resolve_hash_to_id($sub_item_array["data_template_rrd_id"], $hash_cache);
+ 					$save["snmp_field_name"] = $sub_item_array["snmp_field_name"];
+ 
+-					sql_save($save, "snmp_query_graph_rrd", array("snmp_query_graph_id", "data_template_id", "data_template_rrd_id"));
++					sql_save($save, "snmp_query_graph_rrd", array("snmp_query_graph_id", "data_template_id", "data_template_rrd_id"), false);
+ 				}
+ 			}
+ 
+diff -urNad cacti-0.8.6h~/lib/template.php cacti-0.8.6h/lib/template.php
+--- cacti-0.8.6h~/lib/template.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/lib/template.php	2007-01-28 00:23:48.000000000 +0100
+@@ -643,10 +643,16 @@
+ 
+ 					/* if there are no '|' characters, all of the substitutions were successful */
+ 					if (!strstr($subs_string, "|query")) {
++						if (sizeof(db_fetch_row("show columns from data_template_data like '" . $suggested_value["field_name"] . "'"))) {
+ 						db_execute("update data_template_data set " . $suggested_value["field_name"] . "='" . addslashes($suggested_value["text"]) . "' where local_data_id=" . $cache_array["local_data_id"]{$data_template["id"]});
++						}
+ 
+ 						/* once we find a working value, stop */
+ 						$suggested_values_ds{$data_template["id"]}{$suggested_value["field_name"]} = true;
++
++						if (sizeof(db_fetch_row("show columns from data_template_rrd like '" . $suggested_value["field_name"] . "'"))) {
++							db_execute("update data_template_rrd set " . $suggested_value["field_name"] . "='" . $subs_string . "' where local_data_id=" . $cache_array["local_data_id"]{$data_template["id"]});
++						}
+ 					}
+ 				}
+ 			}
+diff -urNad cacti-0.8.6h~/poller.php cacti-0.8.6h/poller.php
+--- cacti-0.8.6h~/poller.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/poller.php	2007-01-28 00:23:48.000000000 +0100
+@@ -26,7 +26,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -urNad cacti-0.8.6h~/poller_commands.php cacti-0.8.6h/poller_commands.php
+--- cacti-0.8.6h~/poller_commands.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/poller_commands.php	2007-01-28 00:23:48.000000000 +0100
+@@ -27,7 +27,7 @@
+ define("MAX_RECACHE_RUNTIME", 296);
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -urNad cacti-0.8.6h~/poller_export.php cacti-0.8.6h/poller_export.php
+--- cacti-0.8.6h~/poller_export.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/poller_export.php	2007-01-28 00:23:48.000000000 +0100
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -urNad cacti-0.8.6h~/poller_reindex_hosts.php cacti-0.8.6h/poller_reindex_hosts.php
+--- cacti-0.8.6h~/poller_reindex_hosts.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/poller_reindex_hosts.php	2007-01-28 00:23:48.000000000 +0100
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -urNad cacti-0.8.6h~/rebuild_poller_cache.php cacti-0.8.6h/rebuild_poller_cache.php
+--- cacti-0.8.6h~/rebuild_poller_cache.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/rebuild_poller_cache.php	2007-01-28 00:23:48.000000000 +0100
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -urNad cacti-0.8.6h~/script_server.php cacti-0.8.6h/script_server.php
+--- cacti-0.8.6h~/script_server.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/script_server.php	2007-01-28 00:23:48.000000000 +0100
+@@ -23,14 +23,14 @@
+  | - raXnet - http://www.raxnet.net/                                       |
+  +-------------------------------------------------------------------------+
+ */
+-$no_http_headers = true;
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+-	exit(-1);
+ }
+ 
++$no_http_headers = true;
++
+ /* define STDOUT/STDIN file descriptors if not running under CLI */
+ if (php_sapi_name() != "cli") {
+ 	define("STDIN", fopen('php://stdin', 'r'));
+diff -urNad cacti-0.8.6h~/scripts/query_host_cpu.php cacti-0.8.6h/scripts/query_host_cpu.php
+--- cacti-0.8.6h~/scripts/query_host_cpu.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/scripts/query_host_cpu.php	2007-01-28 00:23:50.000000000 +0100
+@@ -1,6 +1,15 @@
+ <?php
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
++
++/* display No errors */
++error_reporting(0);
++
+ include(dirname(__FILE__) . "/../include/config.php");
+ include(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -urNad cacti-0.8.6h~/scripts/query_host_partitions.php cacti-0.8.6h/scripts/query_host_partitions.php
+--- cacti-0.8.6h~/scripts/query_host_partitions.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/scripts/query_host_partitions.php	2007-01-28 00:23:50.000000000 +0100
+@@ -1,6 +1,15 @@
+ <?php
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
++
++/* display No errors */
++error_reporting(0);
++
+ include(dirname(__FILE__) . "/../include/config.php");
+ include(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -urNad cacti-0.8.6h~/scripts/sql.php cacti-0.8.6h/scripts/sql.php
+--- cacti-0.8.6h~/scripts/sql.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/scripts/sql.php	2007-01-28 00:23:50.000000000 +0100
+@@ -1,6 +1,15 @@
+ <?
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
++
++/* display No errors */
++error_reporting(0);
++
+ include(dirname(__FILE__) . "/../include/config.php");
+ 
+ if ($database_password == "") {
+diff -urNad cacti-0.8.6h~/scripts/ss_fping.php cacti-0.8.6h/scripts/ss_fping.php
+--- cacti-0.8.6h~/scripts/ss_fping.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/scripts/ss_fping.php	2007-01-28 00:23:50.000000000 +0100
+@@ -1,11 +1,15 @@
+ <?php
+ #!/usr/bin/php -q
+ 
+-//STANDARD SCRIPT SERVER HEADER!!!
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+ /* display No errors */
+-error_reporting(E_ERROR);
++error_reporting(0);
+ 
+ include_once(dirname(__FILE__) . "/../include/config.php");
+ include_once(dirname(__FILE__) . "/../lib/snmp.php");
+diff -urNad cacti-0.8.6h~/scripts/ss_host_cpu.php cacti-0.8.6h/scripts/ss_host_cpu.php
+--- cacti-0.8.6h~/scripts/ss_host_cpu.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/scripts/ss_host_cpu.php	2007-01-28 00:23:50.000000000 +0100
+@@ -1,8 +1,14 @@
+ <?php
++
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+ /* display No errors */
+-error_reporting(E_ERROR);
++error_reporting(0);
+ 
+ include_once(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -urNad cacti-0.8.6h~/scripts/ss_host_disk.php cacti-0.8.6h/scripts/ss_host_disk.php
+--- cacti-0.8.6h~/scripts/ss_host_disk.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/scripts/ss_host_disk.php	2007-01-28 00:23:50.000000000 +0100
+@@ -1,8 +1,14 @@
+ <?php
++
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+ /* display No errors */
+-error_reporting(E_ERROR);
++error_reporting(0);
+ 
+ include_once(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -urNad cacti-0.8.6h~/scripts/ss_sql.php cacti-0.8.6h/scripts/ss_sql.php
+--- cacti-0.8.6h~/scripts/ss_sql.php	2006-01-04 04:08:30.000000000 +0100
++++ cacti-0.8.6h/scripts/ss_sql.php	2007-01-28 00:23:50.000000000 +0100
+@@ -1,9 +1,14 @@
+ <?php
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+-/* display ALL errors */
+-error_reporting(E_ALL);
++/* display No errors */
++error_reporting(0);
+ 
+ if (!isset($called_by_script_server)) {
+ 	include_once(dirname(__FILE__) . "/../include/config.php");