diff -ruBbdP cacti-0.8.6d/cdef.php cacti-0.8.6d-patched/cdef.php
--- cacti-0.8.6d/cdef.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/cdef.php	2005-06-20 20:49:28.000000000 -0400
@@ -150,20 +150,40 @@
    -------------------------- */
 
 function item_movedown() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("cdef_id"));
+	/* ==================================================== */
+
 	move_item_down("cdef_items", $_GET["id"], "cdef_id=" . $_GET["cdef_id"]);
 }
 
 function item_moveup() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("cdef_id"));
+	/* ==================================================== */
+
 	move_item_up("cdef_items", $_GET["id"], "cdef_id=" . $_GET["cdef_id"]);
 }
 
 function item_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("cdef_id"));
+	/* ==================================================== */
+
 	db_execute("delete from cdef_items where id=" . $_GET["id"]);
 }
 
 function item_edit() {
 	global $colors, $cdef_item_types, $cdef_functions, $cdef_operators, $custom_data_source_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("cdef_id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$cdef = db_fetch_row("select * from cdef_items where id=" . $_GET["id"]);
 		$current_type = $cdef["type"];
@@ -245,6 +265,10 @@
    --------------------- */
 
 function cdef_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the CDEF <strong>'" . db_fetch_cell("select name from cdef where id=" . $_GET["id"]) . "'</strong>?", "cdef.php", "cdef.php?action=remove&id=" . $_GET["id"]);
@@ -261,6 +285,10 @@
 function cdef_edit() {
 	global $colors, $cdef_item_types, $fields_cdef_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$cdef = db_fetch_row("select * from cdef where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $cdef["name"] . "]";
diff -ruBbdP cacti-0.8.6d/color.php cacti-0.8.6d-patched/color.php
--- cacti-0.8.6d/color.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/color.php	2005-06-20 20:49:28.000000000 -0400
@@ -87,12 +87,20 @@
    ----------------------- */
 
 function color_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	db_execute("delete from colors where id=" . $_GET["id"]);
 }
 
 function color_edit() {
 	global $colors, $fields_color_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$color = db_fetch_row("select * from colors where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $color["hex"] . "]";
diff -ruBbdP cacti-0.8.6d/data_input.php cacti-0.8.6d-patched/data_input.php
--- cacti-0.8.6d/data_input.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/data_input.php	2005-06-20 20:49:28.000000000 -0400
@@ -75,6 +75,10 @@
 	global $registered_cacti_names;
 
 	if (isset($_POST["save_component_data_input"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("id"));
+		/* ==================================================== */
+
 		$save["id"] = $_POST["id"];
 		$save["hash"] = get_hash_data_input($_POST["id"]);
 		$save["name"] = form_input_validate($_POST["name"], "name", "", false, 3);
@@ -104,6 +108,12 @@
 			header("Location: data_input.php");
 		}
 	}elseif (isset($_POST["save_component_field"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("id"));
+		input_validate_input_number(get_request_var("data_input_id"));
+		input_validate_input_regex(get_request_var("input_output"), "^(in|out)$");
+		/* ==================================================== */
+
 		$save["id"] = $_POST["id"];
 		$save["hash"] = get_hash_data_input($_POST["id"], "data_input_field");
 		$save["data_input_id"] = $_POST["data_input_id"];
@@ -145,6 +155,11 @@
 function field_remove() {
 	global $registered_cacti_names;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("data_input_id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the field <strong>'" . db_fetch_cell("select name from data_input_fields where id=" . $_GET["id"]) . "'</strong>?", "data_input.php?action=edit&id=" . $_GET["data_input_id"], "data_input.php?action=field_remove&id=" . $_GET["id"] . "&data_input_id=" . $_GET["data_input_id"]);
@@ -174,6 +189,12 @@
 function field_edit() {
 	global $colors, $registered_cacti_names, $fields_data_input_field_edit_1, $fields_data_input_field_edit_2, $fields_data_input_field_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("data_input_id"));
+	input_validate_input_regex(get_request_var("type"), "^(in|out)$");
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$field = db_fetch_row("select * from data_input_fields where id=" . $_GET["id"]);
 	}
@@ -243,6 +264,10 @@
    ----------------------- */
 
 function data_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the data input method <strong>'" . db_fetch_cell("select name from data_input where id=" . $_GET["id"]) . "'</strong>?", "data_input.php", "data_input.php?action=remove&id=" . $_GET["id"]);
@@ -260,6 +285,10 @@
 function data_edit() {
 	global $colors, $fields_data_input_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$data_input = db_fetch_row("select * from data_input where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $data_input["name"] . "]";
diff -ruBbdP cacti-0.8.6d/data_queries.php cacti-0.8.6d-patched/data_queries.php
--- cacti-0.8.6d/data_queries.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/data_queries.php	2005-06-20 20:49:28.000000000 -0400
@@ -127,6 +127,10 @@
 			header("Location: data_queries.php");
 		}
 	}elseif (isset($_POST["save_component_snmp_query_item"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("id"));
+		/* ==================================================== */
+
 		$redirect_back = false;
 
 		$save["id"] = $_POST["id"];
@@ -193,30 +197,63 @@
    ---------------------------- */
 
 function data_query_item_movedown_gsv() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("snmp_query_graph_id"));
+	/* ==================================================== */
+
 	move_item_down("snmp_query_graph_sv", $_GET["id"], "snmp_query_graph_id=" . $_GET["snmp_query_graph_id"] . " and field_name='" . $_GET["field_name"] . "'");
 }
 
 function data_query_item_moveup_gsv() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("snmp_query_graph_id"));
+	/* ==================================================== */
+
 	move_item_up("snmp_query_graph_sv", $_GET["id"], "snmp_query_graph_id=" . $_GET["snmp_query_graph_id"] . " and field_name='" . $_GET["field_name"] . "'");
 }
 
 function data_query_item_remove_gsv() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	db_execute("delete from snmp_query_graph_sv where id=" . $_GET["id"]);
 }
 
 function data_query_item_movedown_dssv() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("data_template_id"));
+	/* ==================================================== */
+
 	move_item_down("snmp_query_graph_rrd_sv", $_GET["id"], "data_template_id=" . $_GET["data_template_id"] . " and snmp_query_graph_id=" . $_GET["snmp_query_graph_id"] . " and field_name='" . $_GET["field_name"] . "'");
 }
 
 function data_query_item_moveup_dssv() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("data_template_id"));
+	/* ==================================================== */
+
 	move_item_up("snmp_query_graph_rrd_sv", $_GET["id"], "data_template_id=" . $_GET["data_template_id"] . " and snmp_query_graph_id=" . $_GET["snmp_query_graph_id"] . " and field_name='" . $_GET["field_name"] . "'");
 }
 
 function data_query_item_remove_dssv() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	db_execute("delete from snmp_query_graph_rrd_sv where id=" . $_GET["id"]);
 }
 
 function data_query_item_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("snmp_query_id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the Data Query Graph <strong>'" . db_fetch_cell("select name from snmp_query_graph where id=" . $_GET["id"]) . "'</strong>?", "data_queries.php?action=edit&id=" . $_GET["snmp_query_id"], "data_queries.php?action=item_remove&id=" . $_GET["id"] . "&snmp_query_id=" . $_GET["snmp_query_id"]);
@@ -235,6 +272,11 @@
 function data_query_item_edit() {
 	global $colors, $fields_data_query_item_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("snmp_query_id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$snmp_query_item = db_fetch_row("select * from snmp_query_graph where id=" . $_GET["id"]);
 	}
@@ -472,6 +514,10 @@
    --------------------- */
 
 function data_query_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the Data Query <strong>'" . db_fetch_cell("select name from snmp_query where id=" . $_GET["id"]) . "'</strong>?", "data_queries.php", "data_queries.php?action=remove&id=" . $_GET["id"]);
@@ -499,6 +545,10 @@
 function data_query_edit() {
 	global $colors, $fields_data_query_edit, $config;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$snmp_query = db_fetch_row("select * from snmp_query where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $snmp_query["name"] . "]";
diff -ruBbdP cacti-0.8.6d/data_sources.php cacti-0.8.6d-patched/data_sources.php
--- cacti-0.8.6d/data_sources.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/data_sources.php	2005-06-20 20:49:28.000000000 -0400
@@ -97,6 +97,11 @@
 
 function form_save() {
 	if ((isset($_POST["save_component_data_source_new"])) && (!empty($_POST["data_template_id"]))) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("host_id"));
+		input_validate_input_number(get_request_var("data_template_id"));
+		/* ==================================================== */
+
 		$save["id"] = $_POST["local_data_id"];
 		$save["data_template_id"] = $_POST["data_template_id"];
 		$save["host_id"] = $_POST["host_id"];
@@ -115,6 +120,10 @@
 	}
 
 	if ((isset($_POST["save_component_data"])) && (!is_error_message())) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("data_template_data_id"));
+		/* ==================================================== */
+
 		/* ok, first pull out all 'input' values so we know how much to save */
 		$input_fields = db_fetch_assoc("select
 			data_template_data.data_input_id,
@@ -161,6 +170,13 @@
 	}
 
 	if (isset($_POST["save_component_data_source"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("local_data_id"));
+		input_validate_input_number(get_request_var("current_rrd"));
+		input_validate_input_number(get_request_var("data_template_id"));
+		input_validate_input_number(get_request_var("host_id"));
+		/* ==================================================== */
+
 		$save1["id"] = $_POST["local_data_id"];
 		$save1["data_template_id"] = $_POST["data_template_id"];
 		$save1["host_id"] = $_POST["host_id"];
@@ -234,6 +250,10 @@
 				db_execute("delete from data_template_data_rra where data_template_data_id=$data_template_data_id");
 
 				for ($i=0; ($i < count($_POST["rra_id"])); $i++) {
+					/* ================= input validation ================= */
+					input_validate_input_number($_POST["rra_id"][$i]);
+					/* ==================================================== */
+
 					db_execute("insert into data_template_data_rra (rra_id,data_template_data_id)
 						values (" . $_POST["rra_id"][$i] . ",$data_template_data_id)");
 				}
@@ -324,24 +344,46 @@
 				}
 
 				for ($i=0;($i<count($selected_items));$i++) {
+					/* ================= input validation ================= */
+					input_validate_input_number($selected_items[$i]);
+					/* ==================================================== */
+
 					api_data_source_remove($selected_items[$i]);
 				}
 		}elseif ($_POST["drp_action"] == "2") { /* change graph template */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				input_validate_input_number(get_request_var("data_template_id"));
+				/* ==================================================== */
+
 				change_data_template($selected_items[$i], $_POST["data_template_id"]);
 			}
 		}elseif ($_POST["drp_action"] == "3") { /* change host */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				input_validate_input_number(get_request_var("host_id"));
+				/* ==================================================== */
+
 				db_execute("update data_local set host_id=" . $_POST["host_id"] . " where id=" . $selected_items[$i]);
 				push_out_host($_POST["host_id"], $selected_items[$i]);
 				update_data_source_title_cache($selected_items[$i]);
 			}
 		}elseif ($_POST["drp_action"] == "4") { /* duplicate */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				duplicate_data_source($selected_items[$i], 0, $_POST["title_format"]);
 			}
 		}elseif ($_POST["drp_action"] == "5") { /* data source -> data template */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				data_source_to_data_template($selected_items[$i], $_POST["title_format"]);
 			}
 		}
@@ -356,6 +398,10 @@
 	/* loop through each of the graphs selected on the previous page and get more info about them */
 	while (list($var,$val) = each($_POST)) {
 		if (ereg("^chk_([0-9]+)$", $var, $matches)) {
+			/* ================= input validation ================= */
+			input_validate_input_number($matches[1]);
+			/* ==================================================== */
+
 			$ds_list .= "<li>" . get_data_source_title($matches[1]) . "<br>";
 			$ds_array[$i] = $matches[1];
 		}
@@ -480,6 +526,10 @@
 function data_edit() {
 	global $config, $colors;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$data = db_fetch_row("select id,data_input_id,data_template_id,name,local_data_id from data_template_data where local_data_id=" . $_GET["id"]);
 		$template_data = db_fetch_row("select id,data_input_id from data_template_data where data_template_id=" . $data["data_template_id"] . " and local_data_id=0");
@@ -556,6 +606,10 @@
    ------------------------ */
 
 function ds_rrd_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	db_execute("delete from data_template_rrd where id=" . $_GET["id"]);
 	db_execute("update graph_templates_item set task_item_id=0 where task_item_id=" . $_GET["id"]);
 
@@ -563,6 +617,10 @@
 }
 
 function ds_rrd_add() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	db_execute("insert into data_template_rrd (local_data_id,rrd_maximum,rrd_minimum,rrd_heartbeat,data_source_type_id,
 		data_source_name) values (" . $_GET["id"] . ",100,0,600,1,'ds')");
 	$data_template_rrd_id = db_fetch_insert_id();
@@ -573,6 +631,10 @@
 function ds_edit() {
 	global $colors, $struct_data_source, $struct_data_source_item, $data_source_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	$use_data_template = true;
 	$host_id = 0;
 
@@ -855,6 +917,16 @@
 function ds() {
 	global $colors, $ds_actions;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("host_id"));
+	input_validate_input_number(get_request_var("page"));
+	/* ==================================================== */
+
+	/* clean up search string */
+	if (isset($_REQUEST["filter"])) {
+		$_REQUEST["filter"] = sanitize_search_string(get_request_var("filter"));
+	}
+
 	/* if the user pushed the 'clear' button */
 	if (isset($_REQUEST["clear_x"])) {
 		kill_session_var("sess_ds_current_page");
diff -ruBbdP cacti-0.8.6d/data_templates.php cacti-0.8.6d-patched/data_templates.php
--- cacti-0.8.6d/data_templates.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/data_templates.php	2005-06-20 20:49:28.000000000 -0400
@@ -82,6 +82,11 @@
 
 function form_save() {
 	if (isset($_POST["save_component_template"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("data_input_id"));
+		input_validate_input_number(get_request_var("data_template_id"));
+		/* ==================================================== */
+
 		/* save: data_template */
 		$save1["id"] = $_POST["data_template_id"];
 		$save1["hash"] = get_hash_data_template($_POST["data_template_id"]);
@@ -163,6 +168,10 @@
 
 			if (isset($_POST["rra_id"])) {
 				for ($i=0; ($i < count($_POST["rra_id"])); $i++) {
+					/* ================= input validation ================= */
+					input_validate_input_number($_POST["rra_id"][$i]);
+					/* ==================================================== */
+
 					db_execute("insert into data_template_data_rra (rra_id,data_template_data_id)
 						values (" . $_POST["rra_id"][$i] . ",$data_template_data_id)");
 				}
@@ -250,6 +259,10 @@
 			db_execute("update data_local set data_template_id=0 where " . array_to_sql_or($selected_items, "data_template_id"));
 		}elseif ($_POST["drp_action"] == "2") { /* duplicate */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				duplicate_data_source(0, $selected_items[$i], $_POST["title_format"]);
 			}
 		}
@@ -264,6 +277,10 @@
 	/* loop through each of the graphs selected on the previous page and get more info about them */
 	while (list($var,$val) = each($_POST)) {
 		if (ereg("^chk_([0-9]+)$", $var, $matches)) {
+			/* ================= input validation ================= */
+			input_validate_input_number($matches[1]);
+			/* ==================================================== */
+
 			$ds_list .= "<li>" . db_fetch_cell("select name from data_template where id=" . $matches[1]) . "<br>";
 			$ds_array[$i] = $matches[1];
 		}
@@ -326,6 +343,11 @@
    ---------------------------- */
 
 function template_rrd_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("data_template_id"));
+	/* ==================================================== */
+
 	$children = db_fetch_assoc("select id from data_template_rrd where local_data_template_rrd_id=" . $_GET["id"] . " or id=" . $_GET["id"]);
 
 	if (sizeof($children) > 0) {
@@ -340,6 +362,11 @@
 }
 
 function template_rrd_add() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("local_data_id"));
+	/* ==================================================== */
+
 	$hash = get_hash_data_template(0, "data_template_item");
 
 	db_execute("insert into data_template_rrd (hash,data_template_id,rrd_maximum,rrd_minimum,rrd_heartbeat,data_source_type_id,
@@ -362,6 +389,11 @@
 function template_edit() {
 	global $colors, $struct_data_source, $struct_data_source_item, $data_source_types, $fields_data_template_template_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("view_rrd"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$template_data = db_fetch_row("select * from data_template_data where data_template_id=" . $_GET["id"] . " and local_data_id=0");
 		$template = db_fetch_row("select * from data_template where id=" . $_GET["id"]);
diff -ruBbdP cacti-0.8.6d/gprint_presets.php cacti-0.8.6d-patched/gprint_presets.php
--- cacti-0.8.6d/gprint_presets.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/gprint_presets.php	2005-06-20 20:49:28.000000000 -0400
@@ -91,6 +91,10 @@
    ----------------------------------- */
 
 function gprint_presets_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include_once("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the GPRINT preset <strong>'" . db_fetch_cell("select name from graph_templates_gprint where id=" . $_GET["id"]) . "'</strong>? This could affect every graph that uses this preset, make sure you know what you are doing first!", "gprint_presets.php", "gprint_presets.php?action=remove&id=" . $_GET["id"]);
@@ -105,6 +109,10 @@
 function gprint_presets_edit() {
 	global $colors, $fields_grprint_presets_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$gprint_preset = db_fetch_row("select * from graph_templates_gprint where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $gprint_preset["name"] . "]";
diff -ruBbdP cacti-0.8.6d/graph.php cacti-0.8.6d-patched/graph.php
--- cacti-0.8.6d/graph.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/graph.php	2005-06-20 20:49:28.000000000 -0400
@@ -30,8 +30,15 @@
 
 $guest_account = true;
 include("./include/auth.php");
+include("./lib/rrd.php");
+include("./lib/html_tree.php");
 include("./include/top_graph_header.php");
 
+/* ================= input validation ================= */
+input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
+input_validate_input_number(get_request_var("local_graph_id"));
+/* ==================================================== */
+
 if ($_GET["rra_id"] == "all") {
 	$sql_where = " where id is not null";
 }else{
diff -ruBbdP cacti-0.8.6d/graph_image.php cacti-0.8.6d-patched/graph_image.php
--- cacti-0.8.6d/graph_image.php	2005-04-26 20:47:35.000000000 -0400
+++ cacti-0.8.6d-patched/graph_image.php	2005-06-20 20:49:28.000000000 -0400
@@ -32,6 +32,15 @@
 include("./include/auth.php");
 include_once("./lib/rrd.php");
 
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var("graph_start"));
+input_validate_input_number(get_request_var("graph_end"));
+input_validate_input_number(get_request_var("graph_height"));
+input_validate_input_number(get_request_var("graph_width"));
+input_validate_input_number(get_request_var("local_graph_id"));
+input_validate_input_number(get_request_var("rra_id"));
+/* ==================================================== */
+
 header("Content-type: image/png");
 
 /* flush the headers now */
diff -ruBbdP cacti-0.8.6d/graph_templates.php cacti-0.8.6d-patched/graph_templates.php
--- cacti-0.8.6d/graph_templates.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/graph_templates.php	2005-06-20 20:49:28.000000000 -0400
@@ -190,6 +190,10 @@
 			db_execute("update graph_local set graph_template_id=0 where " . array_to_sql_or($selected_items, "graph_template_id"));
 		}elseif ($_POST["drp_action"] == "2") { /* duplicate */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				duplicate_graph(0, $selected_items[$i], $_POST["title_format"]);
 			}
 		}
@@ -204,6 +208,10 @@
 	/* loop through each of the graphs selected on the previous page and get more info about them */
 	while (list($var,$val) = each($_POST)) {
 		if (ereg("^chk_([0-9]+)$", $var, $matches)) {
+			/* ================= input validation ================= */
+			input_validate_input_number($matches[1]);
+			/* ==================================================== */
+
 			$graph_list .= "<li>" . db_fetch_cell("select name from graph_templates where id=" . $matches[1]) . "<br>";
 			$graph_array[$i] = $matches[1];
 		}
@@ -264,6 +272,10 @@
 function item() {
 	global $colors, $consolidation_functions, $graph_item_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (empty($_GET["id"])) {
 		$template_item_list = array();
 
@@ -333,6 +345,10 @@
 function template_edit() {
 	global $colors, $struct_graph, $image_types, $fields_graph_template_template_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	/* graph item list goes here */
 	if (!empty($_GET["id"])) {
 		item();
diff -ruBbdP cacti-0.8.6d/graph_templates_inputs.php cacti-0.8.6d-patched/graph_templates_inputs.php
--- cacti-0.8.6d/graph_templates_inputs.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/graph_templates_inputs.php	2005-06-20 20:49:28.000000000 -0400
@@ -73,6 +73,10 @@
 				/* list all select graph items for use down below */
 				while (list($var, $val) = each($_POST)) {
 					if (preg_match("/^i_(\d+)$/", $var, $matches)) {
+						/* ================= input validation ================= */
+						input_validate_input_number($matches[1]);
+						/* ==================================================== */
+
 						$selected_graph_items{$matches[1]} = $matches[1];
 
 						if (isset($db_selected_graph_item{$matches[1]})) {
@@ -120,6 +124,11 @@
    ------------------------------------ */
 
 function input_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("graph_template_id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the input item <strong>'" . db_fetch_cell("select name from graph_template_input where id=" . $_GET["id"]) . "'</strong>? NOTE: Deleting this item will NOT affect graphs that use this template.", "graph_templates.php?action=template_edit&id=" . $_GET["graph_template_id"], "graph_templates_inputs.php?action=input_remove&id=" . $_GET["id"] . "&graph_template_id=" . $_GET["graph_template_id"]);
@@ -136,6 +145,11 @@
 function input_edit() {
 	global $colors, $consolidation_functions, $graph_item_types, $struct_graph_item, $fields_graph_template_input_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("graph_template_id"));
+	/* ==================================================== */
+
 	$header_label = "[edit graph: " . db_fetch_cell("select name from graph_templates where id=" . $_GET["graph_template_id"]) . "]";
 
 	/* get a list of all graph item field names and populate an array for user display */
diff -ruBbdP cacti-0.8.6d/graph_templates_items.php cacti-0.8.6d-patched/graph_templates_items.php
--- cacti-0.8.6d/graph_templates_items.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/graph_templates_items.php	2005-06-20 20:49:28.000000000 -0400
@@ -72,6 +72,11 @@
 
 function form_save() {
 	if (isset($_POST["save_component_item"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("graph_template_id"));
+		input_validate_input_number(get_request_var("task_item_id"));
+		/* ==================================================== */
+
 		global $graph_item_types;
 
 		$items[0] = array();
@@ -209,6 +214,11 @@
 function item_movedown() {
 	global $graph_item_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("graph_template_id"));
+	/* ==================================================== */
+
 	$arr = get_graph_group($_GET["id"]);
 	$next_id = get_graph_parent($_GET["id"], "next");
 
@@ -228,6 +238,11 @@
 function item_moveup() {
 	global $graph_item_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("graph_template_id"));
+	/* ==================================================== */
+
 	$arr = get_graph_group($_GET["id"]);
 	$next_id = get_graph_parent($_GET["id"], "previous");
 
@@ -245,6 +260,11 @@
 }
 
 function item_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("graph_template_id"));
+	/* ==================================================== */
+
 	db_execute("delete from graph_templates_item where id=" . $_GET["id"]);
 	db_execute("delete from graph_templates_item where local_graph_template_item_id=" . $_GET["id"]);
 
@@ -271,6 +291,11 @@
 function item_edit() {
 	global $colors, $struct_graph_item, $graph_item_types, $consolidation_functions;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("graph_template_id"));
+	/* ==================================================== */
+
 	$header_label = "[edit graph: " . db_fetch_cell("select name from graph_templates where id=" . $_GET["graph_template_id"]) . "]";
 
 	html_start_box("<strong>Graph Template Items</strong> $header_label", "98%", $colors["header"], "3", "center", "");
diff -ruBbdP cacti-0.8.6d/graph_view.php cacti-0.8.6d-patched/graph_view.php
--- cacti-0.8.6d/graph_view.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/graph_view.php	2005-06-20 20:49:28.000000000 -0400
@@ -26,9 +26,18 @@
 
 $guest_account = true;
 include("./include/auth.php");
+include("./lib/html_tree.php");
 include("./include/html/inc_timespan_settings.php");
 include("./include/top_graph_header.php");
 
+/* ================= input validation ================= */
+input_validate_input_number(get_request_var("branch_id"));
+input_validate_input_number(get_request_var("hide"));
+input_validate_input_number(get_request_var("tree_id"));
+input_validate_input_number(get_request_var("leaf_id"));
+input_validate_input_number(get_request_var("rra_id"));
+/* ==================================================== */
+
 if (isset($_GET["hide"])) {
 	if (($_GET["hide"] == "0") || ($_GET["hide"] == "1")) {
 		/* only update expand/contract info is this user has rights to keep their own settings */
@@ -97,6 +106,16 @@
 case 'preview':
 	define("ROWS_PER_PAGE", read_graph_config_option("preview_graphs_per_page"));
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("host_id"));
+	input_validate_input_number(get_request_var("page"));
+	/* ==================================================== */
+
+	/* clean up search string */
+	if (isset($_REQUEST["filter"])) {
+		$_REQUEST["filter"] = sanitize_search_string(get_request_var("filter"));
+	}
+
 	$sql_or = ""; $sql_where = ""; $sql_join = "";
 
 	if ((read_config_option("global_auth") == "on") && (empty($current_user["show_preview"]))) {
diff -ruBbdP cacti-0.8.6d/graphs.php cacti-0.8.6d-patched/graphs.php
--- cacti-0.8.6d/graphs.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/graphs.php	2005-06-20 20:49:28.000000000 -0400
@@ -116,6 +116,10 @@
 
 function form_save() {
 	if ((isset($_POST["save_component_graph_new"])) && (!empty($_POST["graph_template_id"]))) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("graph_template_id"));
+		/* ==================================================== */
+
 		$save["id"] = $_POST["local_graph_id"];
 		$save["graph_template_id"] = $_POST["graph_template_id"];
 		$save["host_id"] = $_POST["host_id"];
@@ -129,6 +133,11 @@
 	}
 
 	if (isset($_POST["save_component_graph"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("graph_template_id"));
+		input_validate_input_number(get_request_var("_graph_template_id"));
+		/* ==================================================== */
+
 		$save1["id"] = $_POST["local_graph_id"];
 		$save1["host_id"] = $_POST["host_id"];
 		$save1["graph_template_id"] = $_POST["graph_template_id"];
@@ -193,6 +202,10 @@
 	}
 
 	if (isset($_POST["save_component_input"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("local_graph_id"));
+		/* ==================================================== */
+
 		/* first; get the current graph template id */
 		$graph_template_id = db_fetch_cell("select graph_template_id from graph_local where id=" . $_POST["local_graph_id"]);
 
@@ -255,6 +268,10 @@
 
 		if ($_POST["drp_action"] == "1") { /* delete */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				if (!isset($_POST["delete_type"])) { $_POST["delete_type"] = 1; }
 
 				switch ($_POST["delete_type"]) {
@@ -281,27 +298,55 @@
 			}
 		}elseif ($_POST["drp_action"] == "2") { /* change graph template */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				input_validate_input_number(get_request_var("graph_template_id"));
+				/* ==================================================== */
+
 				change_graph_template($selected_items[$i], $_POST["graph_template_id"], true);
 			}
 		}elseif ($_POST["drp_action"] == "3") { /* duplicate */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				duplicate_graph($selected_items[$i], 0, $_POST["title_format"]);
 			}
 		}elseif ($_POST["drp_action"] == "4") { /* graph -> graph template */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				graph_to_graph_template($selected_items[$i], $_POST["title_format"]);
 			}
 		}elseif (ereg("^tr_([0-9]+)$", $_POST["drp_action"], $matches)) { /* place on tree */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				input_validate_input_number(get_request_var("tree_id"));
+				input_validate_input_number(get_request_var("tree_item_id"));
+				/* ==================================================== */
+
 				api_tree_item_save(0, $_POST["tree_id"], TREE_ITEM_TYPE_GRAPH, $_POST["tree_item_id"], "", $selected_items[$i], read_graph_config_option("default_rra_id"), 0, 0, 0, false);
 			}
 		}elseif ($_POST["drp_action"] == "5") { /* change host */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				input_validate_input_number(get_request_var("host_id"));
+				/* ==================================================== */
+
 				db_execute("update graph_local set host_id=" . $_POST["host_id"] . " where id=" . $selected_items[$i]);
 				update_graph_title_cache($selected_items[$i]);
 			}
 		}elseif ($_POST["drp_action"] == "6") { /* reapply suggested naming */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				api_reapply_suggested_graph_title($selected_items[$i]);
 				update_graph_title_cache($selected_items[$i]);
 			}
@@ -317,6 +362,10 @@
 	/* loop through each of the graphs selected on the previous page and get more info about them */
 	while (list($var,$val) = each($_POST)) {
 		if (ereg("^chk_([0-9]+)$", $var, $matches)) {
+			/* ================= input validation ================= */
+			input_validate_input_number($matches[1]);
+			/* ==================================================== */
+
 			$graph_list .= "<li>" . get_graph_title($matches[1]) . "<br>";
 			$graph_array[$i] = $matches[1];
 		}
@@ -463,6 +512,10 @@
 function item() {
 	global $colors, $consolidation_functions, $graph_item_types, $struct_graph_item;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (empty($_GET["id"])) {
 		$template_item_list = array();
 
@@ -511,6 +564,11 @@
 function graph_diff() {
 	global $colors, $struct_graph_item, $graph_item_types, $consolidation_functions;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("graph_template_id"));
+	/* ==================================================== */
+
 	$template_query = "select
 		graph_templates_item.id,
 		graph_templates_item.text_format,
@@ -732,6 +790,10 @@
 function graph_edit() {
 	global $colors, $struct_graph, $image_types, $consolidation_functions, $graph_item_types, $struct_graph_item;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	$use_graph_template = true;
 
 	if (!empty($_GET["id"])) {
@@ -909,6 +971,16 @@
 function graph() {
 	global $colors, $graph_actions;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("host_id"));
+	input_validate_input_number(get_request_var("page"));
+	/* ==================================================== */
+
+	/* clean up search string */
+	if (isset($_REQUEST["filter"])) {
+		$_REQUEST["filter"] = sanitize_search_string(get_request_var("filter"));
+	}
+
 	/* if the user pushed the 'clear' button */
 	if (isset($_REQUEST["clear_x"])) {
 		kill_session_var("sess_graph_current_page");
diff -ruBbdP cacti-0.8.6d/graphs_items.php cacti-0.8.6d-patched/graphs_items.php
--- cacti-0.8.6d/graphs_items.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/graphs_items.php	2005-06-20 20:49:28.000000000 -0400
@@ -147,6 +147,11 @@
 function item_movedown() {
 	global $graph_item_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("local_graph_id"));
+	/* ==================================================== */
+
 	$arr = get_graph_group($_GET["id"]);
 	$next_id = get_graph_parent($_GET["id"], "next");
 
@@ -160,6 +165,11 @@
 function item_moveup() {
 	global $graph_item_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("local_graph_id"));
+	/* ==================================================== */
+
 	$arr = get_graph_group($_GET["id"]);
 	$previous_id = get_graph_parent($_GET["id"], "previous");
 
@@ -177,6 +187,12 @@
 function item_edit() {
 	global $colors, $struct_graph_item, $graph_item_types, $consolidation_functions;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("local_graph_id"));
+	input_validate_input_number(get_request_var("host_id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$template_item = db_fetch_row("select * from graph_templates_item where id=" . $_GET["id"]);
 		$host_id = db_fetch_cell("select host_id from graph_local where id=" . $_GET["local_graph_id"]);
diff -ruBbdP cacti-0.8.6d/graphs_new.php cacti-0.8.6d-patched/graphs_new.php
--- cacti-0.8.6d/graphs_new.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/graphs_new.php	2005-06-20 20:49:28.000000000 -0400
@@ -131,6 +131,10 @@
 				$values["sg"]{$matches[1]}{$matches[2]}["graph_template"]{$matches[3]} = $val;
 			}
 		}elseif (preg_match("/^gi_(\d+)_(\d+)_(\d+)_(\w+)/", $var, $matches)) { /* 1: snmp_query_id, 2: graph_template_id, 3: graph_template_input_id, 4:field_name */
+			/* ================= input validation ================= */
+			input_validate_input_number($matches[3]);
+			/* ==================================================== */
+
 			/* we need to find out which graph items will be affected by saving this particular item */
 			$item_list = db_fetch_assoc("select
 				graph_template_item_id
@@ -231,6 +235,10 @@
 				html_start_box("<strong>Create Graph from '" . db_fetch_cell("select name from graph_templates where id=$graph_template_id") . "'", "98%", $colors["header"], "3", "center", "");
 			}elseif ($form_type == "sg") {
 				while (list($form_id2, $form_array3) = each($form_array2)) {
+					/* ================= input validation ================= */
+					input_validate_input_number($snmp_query_id);
+					/* ==================================================== */
+
 					$snmp_query_id = $form_id1;
 					$snmp_query_graph_id = $form_id2;
 					$num_graphs = sizeof($form_array3);
@@ -248,6 +256,10 @@
 				html_start_box("<strong>Create $num_graphs Graph" . (($num_graphs>1) ? "s" : "") . " from '" . db_fetch_cell("select name from snmp_query where id=$snmp_query_id") . "'", "98%", $colors["header"], "3", "center", "");
 			}
 
+			/* ================= input validation ================= */
+			input_validate_input_number($graph_template_id);
+			/* ==================================================== */
+
 			$data_templates = db_fetch_assoc("select
 				data_template.name as data_template_name,
 				data_template_rrd.data_source_name,
@@ -331,6 +343,10 @@
 function graphs() {
 	global $colors;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("host_id"));
+	/* ==================================================== */
+
 	/* use the first host in the list as the default */
 	if ((!isset($_SESSION["sess_graphs_new_host_id"])) && (empty($_REQUEST["host_id"]))) {
 		$_REQUEST["host_id"] = db_fetch_cell("select id from host order by description,hostname limit 1");
diff -ruBbdP cacti-0.8.6d/host.php cacti-0.8.6d-patched/host.php
--- cacti-0.8.6d/host.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/host.php	2005-06-20 20:49:28.000000000 -0400
@@ -96,6 +96,12 @@
 
 function form_save() {
 	if ((!empty($_POST["add_dq_y"])) && (!empty($_POST["snmp_query_id"]))) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("id"));
+		input_validate_input_number(get_request_var("snmp_query_id"));
+		input_validate_input_number(get_request_var("reindex_method"));
+		/* ==================================================== */
+
 		db_execute("replace into host_snmp_query (host_id,snmp_query_id,reindex_method) values (" . $_POST["id"] . "," . $_POST["snmp_query_id"] . "," . $_POST["reindex_method"] . ")");
 
 		/* recache snmp data */
@@ -106,6 +112,11 @@
 	}
 
 	if ((!empty($_POST["add_gt_y"])) && (!empty($_POST["graph_template_id"]))) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("id"));
+		input_validate_input_number(get_request_var("graph_template_id"));
+		/* ==================================================== */
+
 		db_execute("replace into host_graph (host_id,graph_template_id) values (" . $_POST["id"] . "," . $_POST["graph_template_id"] . ")");
 
 		header("Location: host.php?action=edit&id=" . $_POST["id"]);
@@ -138,6 +149,10 @@
 
 		if ($_POST["drp_action"] == "2") { /* Enable Selected Devices */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				db_execute("update host set disabled='' where id='" . $selected_items[$i] . "'");
 
 				/* update poller cache */
@@ -151,6 +166,10 @@
 			}
 		}elseif ($_POST["drp_action"] == "3") { /* Disable Selected Devices */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				db_execute("update host set disabled='on' where id='" . $selected_items[$i] . "'");
 
 				/* update poller cache */
@@ -159,6 +178,10 @@
 			}
 		}elseif ($_POST["drp_action"] == "4") { /* change snmp options */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				reset($fields_host_edit);
 				while (list($field_name, $field_array) = each($fields_host_edit)) {
 					if (isset($_POST["t_$field_name"])) {
@@ -170,12 +193,20 @@
 			}
 		}elseif ($_POST["drp_action"] == "5") { /* Clear Statisitics for Selected Devices */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				db_execute("update host set min_time = '9.99999', max_time = '0', cur_time = '0',	avg_time = '0',
 						total_polls = '0', failed_polls = '0',	availability = '100.00'
 						where id = '" . $selected_items[$i] . "'");
 			}
 		}elseif ($_POST["drp_action"] == "1") { /* delete */
 			for ($i=0; $i<count($selected_items); $i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				if (!isset($_POST["delete_type"])) { $_POST["delete_type"] = 2; }
 
 				switch ($_POST["delete_type"]) {
@@ -219,6 +250,10 @@
 	/* loop through each of the host templates selected on the previous page and get more info about them */
 	while (list($var,$val) = each($_POST)) {
 		if (ereg("^chk_([0-9]+)$", $var, $matches)) {
+			/* ================= input validation ================= */
+			input_validate_input_number($matches[1]);
+			/* ==================================================== */
+
 			$host_list .= "<li>" . db_fetch_cell("select description from host where id=" . $matches[1]) . "<br>";
 			$host_array[$i] = $matches[1];
 		}
@@ -324,14 +359,29 @@
    ------------------- */
 
 function host_reload_query() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("host_id"));
+	/* ==================================================== */
+
 	run_data_query($_GET["host_id"], $_GET["id"]);
 }
 
 function host_remove_query() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("host_id"));
+	/* ==================================================== */
+
 	api_device_dq_remove($_GET["host_id"], $_GET["id"]);
 }
 
 function host_remove_gt() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("host_id"));
+	/* ==================================================== */
+
 	api_device_gt_remove($_GET["host_id"], $_GET["id"]);
 }
 
@@ -342,6 +392,10 @@
 function host_remove() {
 	global $config;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the host <strong>'" . db_fetch_cell("select description from host where id=" . $_GET["id"]) . "'</strong>?", "host.php", "host.php?action=remove&id=" . $_GET["id"]);
@@ -357,6 +411,10 @@
 function host_edit() {
 	global $colors, $fields_host_edit, $reindex_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	display_output_messages();
 
 	if (!empty($_GET["id"])) {
@@ -583,6 +641,17 @@
 function host() {
 	global $colors, $device_actions;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("host_template_id"));
+	input_validate_input_number(get_request_var("page"));
+	input_validate_input_number(get_request_var("host_status"));
+	/* ==================================================== */
+
+	/* clean up search string */
+	if (isset($_REQUEST["filter"])) {
+		$_REQUEST["filter"] = sanitize_search_string(get_request_var("filter"));
+	}
+
 	/* if the user pushed the 'clear' button */
 	if (isset($_REQUEST["clear_x"])) {
 		kill_session_var("sess_device_current_page");
diff -ruBbdP cacti-0.8.6d/host_templates.php cacti-0.8.6d-patched/host_templates.php
--- cacti-0.8.6d/host_templates.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/host_templates.php	2005-06-20 20:49:28.000000000 -0400
@@ -128,6 +128,10 @@
 			db_execute("update host set host_template_id=0 where " . array_to_sql_or($selected_items, "host_template_id"));
 		}elseif ($_POST["drp_action"] == "2") { /* duplicate */
 			for ($i=0;($i<count($selected_items));$i++) {
+				/* ================= input validation ================= */
+				input_validate_input_number($selected_items[$i]);
+				/* ==================================================== */
+
 				duplicate_host_template($selected_items[$i], $_POST["title_format"]);
 			}
 		}
@@ -142,6 +146,10 @@
 	/* loop through each of the host templates selected on the previous page and get more info about them */
 	while (list($var,$val) = each($_POST)) {
 		if (ereg("^chk_([0-9]+)$", $var, $matches)) {
+			/* ================= input validation ================= */
+			input_validate_input_number($matches[1]);
+			/* ==================================================== */
+
 			$host_list .= "<li>" . db_fetch_cell("select name from host_template where id=" . $matches[1]) . "<br>";
 			$host_array[$i] = $matches[1];
 		}
@@ -204,16 +212,30 @@
    --------------------- */
 
 function template_item_remove_gt() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("host_template_id"));
+	/* ==================================================== */
+
 	db_execute("delete from host_template_graph where graph_template_id=" . $_GET["id"] . " and host_template_id=" . $_GET["host_template_id"]);
 }
 
 function template_item_remove_dq() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("host_template_id"));
+	/* ==================================================== */
+
 	db_execute("delete from host_template_snmp_query where snmp_query_id=" . $_GET["id"] . " and host_template_id=" . $_GET["host_template_id"]);
 }
 
 function template_edit() {
 	global $colors, $fields_host_template_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	display_output_messages();
 
 	if (!empty($_GET["id"])) {
diff -ruBbdP cacti-0.8.6d/include/config.php cacti-0.8.6d-patched/include/config.php
--- cacti-0.8.6d/include/config.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/include/config.php	2005-06-20 20:49:28.000000000 -0400
@@ -32,6 +32,7 @@
 $database_password = "cactiuser";
 
 /* ----- you probably do not need to change anything below this line ----- */
+$config = array();
 
 /* this should be auto-detected, set it manually if needed */
 $config["cacti_server_os"] = (strstr(PHP_OS, "WIN")) ? "win32" : "unix";
@@ -115,6 +116,7 @@
 include_once($config["library_path"] . "/html.php");
 include_once($config["library_path"] . "/html_form.php");
 include_once($config["library_path"] . "/html_utility.php");
+include_once($config["library_path"] . "/html_validate.php");
 include_once($config["library_path"] . "/variables.php");
 include_once($config["library_path"] . "/auth.php");
 
diff -ruBbdP cacti-0.8.6d/include/config_settings.php cacti-0.8.6d-patched/include/config_settings.php
--- cacti-0.8.6d/include/config_settings.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/include/config_settings.php	2005-06-20 20:49:28.000000000 -0400
@@ -24,8 +24,6 @@
  +-------------------------------------------------------------------------+
 */
 
-include($config["include_path"] . "/config_arrays.php");
-
 /* tab information */
 $tabs = array(
 	"general" => "General",
diff -ruBbdP cacti-0.8.6d/include/top_graph_header.php cacti-0.8.6d-patched/include/top_graph_header.php
--- cacti-0.8.6d/include/top_graph_header.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/include/top_graph_header.php	2005-06-20 20:49:28.000000000 -0400
@@ -27,9 +27,6 @@
 $using_guest_account = false;
 $show_console_tab = true;
 
-include_once($config["library_path"] . "/html_tree.php");
-include_once($config["library_path"] . "/rrd.php");
-
 if (read_config_option("global_auth") == "on") {
 	/* at this point this user is good to go... so get some setting about this
 	user and put them into variables to save excess SQL in the future */
diff -ruBbdP cacti-0.8.6d/lib/functions.php cacti-0.8.6d-patched/lib/functions.php
--- cacti-0.8.6d/lib/functions.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/lib/functions.php	2005-06-20 20:49:28.000000000 -0400
@@ -44,10 +44,9 @@
      in 'include/config_settings.php'
    @returns - the default value of the configuration option */
 function read_default_graph_config_option($config_name) {
-	global $config;
-
-	include($config["include_path"] . "/config_settings.php");
+	global $config, $settings_graphs;
 
+	reset($settings_graphs);
 	while (list($tab_name, $tab_array) = each($settings_graphs)) {
 		if ((isset($tab_array[$config_name])) && (isset($tab_array[$config_name]["default"]))) {
 			return $tab_array[$config_name]["default"];
@@ -112,10 +111,9 @@
      in 'include/config_settings.php'
    @returns - the default value of the configuration option */
 function read_default_config_option($config_name) {
-	global $config;
-
-	include($config["include_path"] . "/config_settings.php");
+	global $config, $settings;
 
+	reset($settings);
 	while (list($tab_name, $tab_array) = each($settings)) {
 		if ((isset($tab_array[$config_name])) && (isset($tab_array[$config_name]["default"]))) {
 			return $tab_array[$config_name]["default"];
@@ -1625,4 +1623,29 @@
 	return $log_text;
 }
 
+/* sanitize_search_string - cleans up a search string submitted by the user to be passed
+     to the database. NOTE: some of the code for this function came from the phpBB project.
+   @arg $string - the original raw search string
+   @returns - the sanitized search string */
+function sanitize_search_string($string) {
+	static $drop_char_match =   array('^', '$', '&', '(', ')', '<', '>', '`', '\'', '"', '|', ',', '@', '_', '?', '%', '-', '~', '+', '.', '[', ']', '{', '}', ':', '\\', '/', '=', '#', '\'', ';', '!');
+	static $drop_char_replace = array(' ', ' ', ' ', ' ', ' ', ' ', ' ', '',  '',   ' ', ' ', ' ', ' ', '',  ' ', ' ', '',  ' ',  ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ' , ' ', ' ', ' ', ' ',  ' ', ' ');
+
+	/* Replace line endings by a space */
+	$string = preg_replace('/[\n\r]/is', ' ', $string);
+	/* HTML entities like &nbsp; */
+	$string = preg_replace('/\b&[a-z]+;\b/', ' ', $string);
+	/* Remove URL's */
+	$string = preg_replace('/\b[a-z0-9]+:\/\/[a-z0-9\.\-]+(\/[a-z0-9\?\.%_\-\+=&\/]+)?/', ' ', $string);
+
+	/* Filter out strange characters like ^, $, &, change "it's" to "its" */
+	for($i = 0; $i < count($drop_char_match); $i++) {
+		$string =  str_replace($drop_char_match[$i], $drop_char_replace[$i], $string);
+	}
+
+	$string = str_replace('*', ' ', $string);
+
+	return $string;
+}
+
 ?>
diff -ruBbdP cacti-0.8.6d/lib/html_utility.php cacti-0.8.6d-patched/lib/html_utility.php
--- cacti-0.8.6d/lib/html_utility.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/lib/html_utility.php	2005-06-20 20:49:28.000000000 -0400
@@ -126,6 +126,24 @@
 	}
 }
 
+/* get_request_var - returns the current value of a PHP $_REQUEST variable, optionally
+     returning a default value if the request variable does not exist
+   @arg $name - the name of the request variable. this should be a valid key in the
+     $_REQUEST array
+   @arg $default - the value to return if the specified name does not exist in the
+     $_REQUEST array
+   @returns - the value of the request variable */
+function get_request_var($name, $default = "")
+{
+	if (isset($_REQUEST[$name]))
+	{
+		return $_REQUEST[$name];
+	} else
+	{
+		return $default;
+	}
+}
+
 /* load_current_session_value - finds the correct value of a variable that is being
      cached as a session variable on an HTML form
    @arg $request_var_name - the array index name for the request variable
diff -ruBbdP cacti-0.8.6d/lib/html_validate.php cacti-0.8.6d-patched/lib/html_validate.php
--- cacti-0.8.6d/lib/html_validate.php	1969-12-31 19:00:00.000000000 -0500
+++ cacti-0.8.6d-patched/lib/html_validate.php	2005-06-20 20:49:28.000000000 -0400
@@ -0,0 +1,62 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004 Ian Berry                                            |
+ |                                                                         |
+ | This program is free software; you can redistribute it and/or           |
+ | modify it under the terms of the GNU General Public License             |
+ | as published by the Free Software Foundation; either version 2          |
+ | of the License, or (at your option) any later version.                  |
+ |                                                                         |
+ | This program is distributed in the hope that it will be useful,         |
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of          |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           |
+ | GNU General Public License for more details.                            |
+ +-------------------------------------------------------------------------+
+ | cacti: a php-based graphing solution                                    |
+ +-------------------------------------------------------------------------+
+ | Most of this code has been designed, written and is maintained by       |
+ | Ian Berry. See about.php for specific developer credit. Any questions   |
+ | or comments regarding this code should be directed to:                  |
+ | - iberry@raxnet.net                                                     |
+ +-------------------------------------------------------------------------+
+ | - raXnet - http://www.raxnet.net/                                       |
+ +-------------------------------------------------------------------------+
+*/
+
+function input_validate_input_equals($value, $c_value) {
+	if ($value != $c_value) {
+		die_html_input_error();
+	}
+}
+
+function input_validate_input_number($value) {
+	if ((!is_numeric($value)) && ($value != "")) {
+		die_html_input_error();
+	}
+}
+
+function input_validate_input_regex($value, $regex) {
+	if ((!ereg($regex, $value)) && ($value != "")) {
+		die_html_input_error();
+	}
+}
+
+function die_html_input_error() {
+	global $config;
+
+	?>
+	<table width="98%" align="center">
+		<tr>
+			<td>
+				Validation error.
+			</td>
+		</tr>
+	</table>
+	<?php
+
+	include_once("./include/bottom_footer.php");
+	exit;
+}
+
+?>
diff -ruBbdP cacti-0.8.6d/rra.php cacti-0.8.6d-patched/rra.php
--- cacti-0.8.6d/rra.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/rra.php	2005-06-20 20:49:28.000000000 -0400
@@ -79,6 +79,10 @@
 
 				if (isset($_POST["consolidation_function_id"])) {
 					for ($i=0; ($i < count($_POST["consolidation_function_id"])); $i++) {
+						/* ================= input validation ================= */
+						input_validate_input_number($_POST["consolidation_function_id"][$i]);
+						/* ==================================================== */
+
 						db_execute("insert into rra_cf (rra_id,consolidation_function_id)
 							values ($rra_id," . $_POST["consolidation_function_id"][$i] . ")");
 					}
@@ -101,6 +105,10 @@
    ------------------- */
 
 function rra_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include_once("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the round robin archive <strong>'" . db_fetch_cell("select name from rra where id=" . $_GET["id"]) . "'</strong>?", "rra.php", "rra.php?action=remove&id=" . $_GET["id"]);
@@ -116,6 +124,10 @@
 function rra_edit() {
 	global $colors, $fields_rra_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$rra = db_fetch_row("select * from rra where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $rra["name"] . "]";
diff -ruBbdP cacti-0.8.6d/tree.php cacti-0.8.6d-patched/tree.php
--- cacti-0.8.6d/tree.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/tree.php	2005-06-20 20:49:28.000000000 -0400
@@ -129,6 +129,11 @@
 function item_edit() {
 	global $colors, $tree_sort_types;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("tree_id"));
+	/* ==================================================== */
+
 	$tree_item_types = array(
 		TREE_ITEM_TYPE_HEADER => "Header",
 		TREE_ITEM_TYPE_GRAPH => "Graph",
@@ -296,16 +301,31 @@
 }
 
 function item_moveup() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("tree_id"));
+	/* ==================================================== */
+
 	$order_key = db_fetch_cell("SELECT order_key FROM graph_tree_items WHERE id=" . $_GET["id"]);
 	if ($order_key > 0) { branch_up($order_key, 'graph_tree_items', 'order_key', 'graph_tree_id=' . $_GET["tree_id"]); }
 }
 
 function item_movedown() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("tree_id"));
+	/* ==================================================== */
+
 	$order_key = db_fetch_cell("SELECT order_key FROM graph_tree_items WHERE id=" . $_GET["id"]);
 	if ($order_key > 0) { branch_down($order_key, 'graph_tree_items', 'order_key', 'graph_tree_id=' . $_GET["tree_id"]); }
 }
 
 function item_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("tree_id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		$graph_tree_item = db_fetch_row("select title,local_graph_id,host_id from graph_tree_items where id=" . $_GET["id"]);
 
@@ -336,6 +356,10 @@
    --------------------- */
 
 function tree_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the tree <strong>'" . db_fetch_cell("select name from graph_tree where id=" . $_GET["id"]) . "'</strong>?", "tree.php", "tree.php?action=remove&id=" . $_GET["id"]);
@@ -352,6 +376,10 @@
 function tree_edit() {
 	global $colors, $fields_tree_edit;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$tree = db_fetch_row("select * from graph_tree where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $tree["name"] . "]";
diff -ruBbdP cacti-0.8.6d/user_admin.php cacti-0.8.6d-patched/user_admin.php
--- cacti-0.8.6d/user_admin.php	2005-04-26 20:47:36.000000000 -0400
+++ cacti-0.8.6d-patched/user_admin.php	2005-06-20 20:49:28.000000000 -0400
@@ -89,6 +89,10 @@
 
 	/* graph permissions */
 	if ((isset($_POST["save_component_graph_perms"])) && (!is_error_message())) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("id"));
+		/* ==================================================== */
+
 		$add_button_clicked = false;
 
 		if (isset($_POST["add_graph_y"])) {
@@ -113,6 +117,10 @@
 
 	/* user management save */
 	if (isset($_POST["save_component_user"])) {
+		/* ================= input validation ================= */
+		input_validate_input_number(get_request_var("id"));
+		/* ==================================================== */
+
 		if (($_POST["password"] == "") && ($_POST["password_confirm"] == "")) {
 			$password = db_fetch_cell("select password from user_auth where id=" . $_POST["id"]);
 		}else{
@@ -205,6 +213,11 @@
    -------------------------- */
 
 function perm_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	input_validate_input_number(get_request_var("user_id"));
+	/* ==================================================== */
+
 	if ($_GET["type"] == "graph") {
 		db_execute("delete from user_auth_perms where type=1 and user_id=" . $_GET["user_id"] . " and item_id=" . $_GET["id"]);
 	}elseif ($_GET["type"] == "tree") {
@@ -221,6 +234,10 @@
 function graph_perms_edit() {
 	global $colors;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	$graph_policy_array = array(
 		1 => "Allow",
 		2 => "Deny");
@@ -485,6 +502,10 @@
 function user_realms_edit() {
 	global $colors, $user_auth_realms;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	?>
 	<table width='98%' align='center' cellpadding="5">
 		<tr>
@@ -552,6 +573,10 @@
 function graph_settings_edit() {
 	global $settings_graphs, $tabs_graphs, $colors, $graph_views, $graph_tree_views;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	?>
 	<table width='98%' align='center' cellpadding="5">
 		<tr>
@@ -615,6 +640,10 @@
    -------------------------- */
 
 function user_remove() {
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if ((read_config_option("remove_verification") == "on") && (!isset($_GET["confirm"]))) {
 		include("./include/top_header.php");
 		form_confirm("Are You Sure?", "Are you sure you want to delete the user <strong>'" . db_fetch_cell("select username from user_auth where id=" . $_GET["id"]) . "'</strong>?", "user_admin.php", "user_admin.php?action=user_remove&id=" . $_GET["id"]);
@@ -633,6 +662,10 @@
 function user_edit() {
 	global $colors, $fields_user_user_edit_host;
 
+	/* ================= input validation ================= */
+	input_validate_input_number(get_request_var("id"));
+	/* ==================================================== */
+
 	if (!empty($_GET["id"])) {
 		$user = db_fetch_row("select * from user_auth where id=" . $_GET["id"]);
 		$header_label = "[edit: " . $user["username"] . "]";