diff --git a/cli_add_graph.patch b/cli_add_graph.patch
deleted file mode 100644
index b82d21a..0000000
--- a/cli_add_graph.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- ../tags/0.8.7e/cli/add_graphs.php 2009-06-28 12:34:31.000000000 -0400
-+++ 0.8.7/cli/add_graphs.php 2009-08-18 20:04:44.000000000 -0400
-@@ -570,7 +570,7 @@
- echo " 3|Fields = Verify all Fields\n";
- echo "List Options:\n";
- echo " --list-hosts\n";
-- echo " --list-graph-templates [--host_template=[ID]]\n";
-+ echo " --list-graph-templates [--host-template-id=[ID]]\n";
- echo " --list-input-fields --graph-template-id=[ID]\n";
- echo " --list-snmp-queries\n";
- echo " --list-query-types --snmp-query-id [ID]\n";
diff --git a/cross_site_fix.patch b/cross_site_fix.patch
deleted file mode 100644
index ddc9e2e..0000000
--- a/cross_site_fix.patch
+++ /dev/null
@@ -1,175 +0,0 @@
---- cacti-0.8.7e/graph.php 2009-06-28 12:07:11.000000000 -0400
-+++ cacti-0.8.7e-patched/graph.php 2009-11-21 23:10:16.000000000 -0500
-@@ -35,6 +35,8 @@
- /* ================= input validation ================= */
- input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
- input_validate_input_number(get_request_var("local_graph_id"));
-+input_validate_input_number(get_request_var("graph_end"));
-+input_validate_input_number(get_request_var("graph_start"));
- input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
- /* ==================================================== */
-
---- cacti-0.8.7e/include/top_graph_header.php 2009-06-28 12:07:11.000000000 -0400
-+++ cacti-0.8.7e-patched/include/top_graph_header.php 2009-11-21 23:15:27.000000000 -0500
-@@ -58,7 +58,7 @@
- if ($_SESSION["custom"]) {
- print "\r\n";
- }else{
-- print "\r\n";
-+ print "\r\n";
- }
- }
- ?>
-@@ -113,7 +113,7 @@
-
-
-
--
-+ |
-
-
-
---- cacti-0.8.7e/lib/html_form.php 2009-06-28 12:07:11.000000000 -0400
-+++ cacti-0.8.7e-patched/lib/html_form.php 2009-11-21 23:15:40.000000000 -0500
-@@ -235,13 +235,21 @@
-
- if (sizeof($items) > 0) {
- foreach ($items as $item) {
-- print $item["name"] . " ";
-+ print htmlspecialchars($item["name"],ENT_QUOTES) . " ";
- }
- }
-
- break;
-+ case 'font':
-+ form_font_box($field_name, $field_array["value"],
-+ ((isset($field_array["default"])) ? $field_array["default"] : ""),
-+ $field_array["max_length"],
-+ ((isset($field_array["size"])) ? $field_array["size"] : "40"), "text",
-+ ((isset($field_array["form_id"])) ? $field_array["form_id"] : ""));
-+
-+ break;
- default:
-- print "" . $field_array["value"] . "";
-+ print "" . htmlspecialchars($field_array["value"],ENT_QUOTES) . "";
-
- form_hidden_box($field_name, $field_array["value"], "");
-
-@@ -384,7 +392,7 @@
- $form_previous_value = $form_default_value;
- }
-
-- print "\n";
-+ print "\n";
- }
-
- /* form_dropdown - draws a standard html dropdown box
-@@ -568,7 +576,7 @@
- }
- }
-
-- print ">". $array_display[$id];
-+ print ">". htmlspecialchars($array_display[$id],ENT_QUOTES);
- print "\n";
- }
-
-@@ -627,6 +635,65 @@
- print "\n";
- }
-
-+/* form_font_box - draws a standard html textbox and provides status of a fonts existence
-+ @arg $form_name - the name of this form element
-+ @arg $form_previous_value - the current value of this form element
-+ @arg $form_default_value - the value of this form element to use if there is
-+ no current value available
-+ @arg $form_max_length - the maximum number of characters that can be entered
-+ into this textbox
-+ @arg $form_size - the size (width) of the textbox
-+ @arg $type - the type of textbox, either 'text' or 'password'
-+ @arg $current_id - used to determine if a current value for this form element
-+ exists or not. a $current_id of '0' indicates that no current value exists,
-+ a non-zero value indicates that a current value does exist */
-+function form_font_box($form_name, $form_previous_value, $form_default_value, $form_max_length, $form_size = 30, $type = "text", $current_id = 0) {
-+ if (($form_previous_value == "") && (empty($current_id))) {
-+ $form_previous_value = $form_default_value;
-+ }
-+
-+ print " [" . "ERROR: FONT NOT FOUND" . "]";
-+ } else {
-+ $extra_data = " [" . "OK: FONT FOUND" . "]";
-+ }
-+ } elseif (read_config_option("rrdtool_version") == "rrd-1.0.x" ||
-+ read_config_option("rrdtool_version") == "rrd-1.2.x") { # rrdtool 1.0 and 1.2 use font files
-+ if (is_file($form_previous_value)) {
-+ $extra_data = " [" . "OK: FILE FOUND" . "]";
-+ }else if (is_dir($form_previous_value)) {
-+ $extra_data = " [" . "ERROR: IS DIR" . "]";
-+ }else{
-+ $extra_data = " [" . "ERROR: FILE NOT FOUND" . "]";
-+ }
-+ } # will be used for future versions of rrdtool
-+ }
-+
-+ print " id='$form_name' name='$form_name' size='$form_size'" . (!empty($form_max_length) ? " maxlength='$form_max_length'" : "") . " value='" . htmlspecialchars($form_previous_value, ENT_QUOTES) . "'>" . $extra_data;
-+}
-+
- /* form_confirm - draws a table presenting the user with some choice and allowing
- them to either proceed (delete) or cancel
- @arg $body_text - the text to prompt the user with on this form
---- cacti-0.8.7e/lib/timespan_settings.php 2009-06-28 12:07:11.000000000 -0400
-+++ cacti-0.8.7e-patched/lib/timespan_settings.php 2009-11-21 23:15:49.000000000 -0500
-@@ -125,9 +125,9 @@
- if (isset($_POST["date1"])) {
- /* the dates have changed, therefore, I am now custom */
- if (($_SESSION["sess_current_date1"] != $_POST["date1"]) || ($_SESSION["sess_current_date2"] != $_POST["date2"])) {
-- $timespan["current_value_date1"] = $_POST["date1"];
-+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
- $timespan["begin_now"] =strtotime($timespan["current_value_date1"]);
-- $timespan["current_value_date2"] = $_POST["date2"];
-+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
- $timespan["end_now"]=strtotime($timespan["current_value_date2"]);
- $_SESSION["sess_current_timespan"] = GT_CUSTOM;
- $_SESSION["custom"] = 1;
-@@ -135,8 +135,8 @@
- }else {
- /* the default button wasn't pushed */
- if (!isset($_POST["button_clear_x"])) {
-- $timespan["current_value_date1"] = $_POST["date1"];
-- $timespan["current_value_date2"] = $_POST["date2"];
-+ $timespan["current_value_date1"] = sanitize_search_string($_POST["date1"]);
-+ $timespan["current_value_date2"] = sanitize_search_string($_POST["date2"]);
- $timespan["begin_now"] = $_SESSION["sess_current_timespan_begin_now"];
- $timespan["end_now"] = $_SESSION["sess_current_timespan_end_now"];
-
diff --git a/snmp_invalid_response.patch b/snmp_invalid_response.patch
deleted file mode 100644
index 5b2dd20..0000000
--- a/snmp_invalid_response.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- ../tags/0.8.7e/include/global_arrays.php 2009-06-28 12:34:31.000000000 -0400
-+++ 0.8.7/include/global_arrays.php 2009-08-18 20:04:44.000000000 -0400
-@@ -174,6 +174,10 @@
- "DES" => "DES (default)",
- "AES128" => "AES");
-
-+$banned_snmp_strings = array(
-+ "End of MIB",
-+ "No Such");
-+
- $logfile_options = array(1 =>
- "Logfile Only",
- "Logfile and Syslog/Eventlog",
---- ../tags/0.8.7e/lib/snmp.php 2009-06-28 12:34:30.000000000 -0400
-+++ 0.8.7/lib/snmp.php 2009-08-18 20:04:44.000000000 -0400
-@@ -27,9 +27,6 @@
- define("SNMP_METHOD_PHP", 1);
- define("SNMP_METHOD_BINARY", 2);
-
--/* declare once, use many times */
--$banned_snmp_strings = array("End of MIB", "No Such");
--
- /* we must use an apostrophe to escape community names under Unix in case the user uses
- characters that the shell might interpret. the ucd-snmp binaries on Windows flip out when
- you do this, but are perfectly happy with a quotation mark. */
diff --git a/sql_injection_template_export.patch b/sql_injection_template_export.patch
deleted file mode 100644
index 397990c..0000000
--- a/sql_injection_template_export.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400
-+++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400
-@@ -49,6 +49,10 @@
- function form_save() {
- global $export_types;
-
-+ /* ================= input validation ================= */
-+ input_validate_input_number(get_request_var_post("export_item_id"));
-+ /* ==================================================== */
-+
- if (isset($_POST["save_component_export"])) {
- $xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
-
diff --git a/template_duplication.patch b/template_duplication.patch
deleted file mode 100644
index cd6ff4b..0000000
--- a/template_duplication.patch
+++ /dev/null
@@ -1,234 +0,0 @@
-diff -ruBbd 0.8.7e/cli/repair_templates.php 0.8.7/cli/repair_templates.php
---- 0.8.7e/cli/repair_templates.php 2009-08-18 22:03:22.000000000 -0400
-+++ 0.8.7/cli/repair_templates.php 2009-08-20 07:43:54.000000000 -0400
-@@ -0,0 +1,135 @@
-+This script is only meant to run at the command line.");
-+}
-+
-+$no_http_headers = true;
-+
-+include(dirname(__FILE__) . "/../include/global.php");
-+include_once("../lib/utility.php");
-+include_once("../lib/template.php");
-+
-+/* process calling arguments */
-+$parms = $_SERVER["argv"];
-+array_shift($parms);
-+
-+$execute = FALSE;
-+
-+foreach($parms as $parameter) {
-+ @list($arg, $value) = @explode("=", $parameter);
-+
-+ switch ($arg) {
-+ case "--execute":
-+ $execute = TRUE;
-+ break;
-+ case "-h":
-+ case "-v":
-+ case "-V":
-+ case "--version":
-+ case "--help":
-+ display_help();
-+ exit;
-+ default:
-+ print "ERROR: Invalid Parameter " . $parameter . "\n\n";
-+ display_help();
-+ exit;
-+ }
-+}
-+
-+if ($execute) {
-+ echo "NOTE: Repairing All Duplicated Templates\n";
-+} else {
-+ echo "NOTE: Performing Check of Templates\n";
-+}
-+
-+/* repair data templates first */
-+if ($execute) {
-+ echo "NOTE: Repairing Data Templates\n";
-+} else {
-+ echo "NOTE: Performing Check of Data Templates\n";
-+}
-+
-+$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT data_template_id FROM data_template_rrd WHERE hash='' AND local_data_id=0");
-+if (sizeof($damaged_template_ids)) {
-+ foreach($damaged_template_ids as $id) {
$template_name = db_fetch_cell("SELECT name FROM data_template WHERE id=" . $id["data_template_id"]);
-+ echo "NOTE: Data Template '$template_name' is Damaged and can be repaired\n";
-+ }
-+
-+ $damaged_templates = db_fetch_assoc("SELECT * FROM data_template_rrd WHERE hash='' AND local_data_id=0");
-+ if (sizeof($damaged_templates)) {
-+ echo "NOTE: -- Damaged Data Templates Objects Found is '" . sizeof($damaged_templates) . "'\n";
-+ if ($execute) {
-+ foreach($damaged_templates as $template) {
-+ $hash = get_hash_data_template($template["local_data_template_rrd_id"], "data_template_item");
-+ db_execute("UPDATE data_template_rrd SET hash='$hash' WHERE id=" . $template["id"]);
-+ }
-+ }
-+ }
-+} else {
-+ echo "NOTE: No Damaged Data Templates Found\n";
-+}
-+
-+/* reset the array */
-+$damaged_templates = array();
-+
-+/* repair graph templates */
-+if ($execute) {
-+ echo "NOTE: Repairing Graph Templates\n";
-+} else {
-+ echo "NOTE: Performing Check of Graph Templates\n";
-+}
-+
-+$damaged_template_ids = db_fetch_assoc("SELECT DISTINCT graph_template_id FROM graph_template_input WHERE hash=''");
-+if (sizeof($damaged_template_ids)) {
-+ foreach($damaged_template_ids as $id) {
-+ $template_name = db_fetch_cell("SELECT name FROM graph_templates WHERE id=" . $id["graph_template_id"]);
-+ echo "NOTE: Graph Template '$template_name' is Damaged and can be repaired\n";
-+ }
-+
-+ $damaged_templates = db_fetch_assoc("SELECT * FROM graph_template_input WHERE hash=''");
-+ if (sizeof($damaged_templates)) {
-+ echo "NOTE: -- Damaged Graph Templates Objects Found is '" . sizeof($damaged_templates) . "'\n";
-+ if ($execute) {
-+ foreach($damaged_templates as $template) {
-+ $hash = get_hash_graph_template(0, "graph_template_input");
-+ db_execute("UPDATE graph_template_input SET hash='$hash' WHERE id=" . $template["id"]);
-+ }
-+ }
-+ }
-+} else {
-+ echo "NOTE: No Damaged Graph Templates Found\n";
-+}
-+
-+
-+/* display_help - displays the usage of the function */
-+function display_help () {
-+ print "Cacti Database Template Repair Tool v1.0, Copyright 2004-2009 - The Cacti Group\n\n";
-+ print "usage: repair_templates.php --execute [--help]\n\n";
-+ print "--execute - Perform the repair\n";
-+ print "--help - display this help message\n";
-+}
-+?>
-diff -ruBbd 0.8.7e/docs/README 0.8.7/docs/README
---- 0.8.7e/docs/README 2009-08-18 21:57:30.000000000 -0400
-+++ 0.8.7/docs/README 2009-08-18 21:58:09.000000000 -0400
-@@ -90,6 +90,9 @@
- table
- poller_reindex_hosts.php - Cause data query reindex on hosts
- rebuild_poller_cache.php - Rebuilds the poller cache
-+ repair_templates.php - Certain templates, when created using the "duplicate"
-+ function in Cacti, do not import/export well. This utility repairs
-+ those templates.
-
-
-
-diff -ruBbd 0.8.7e/lib/export.php 0.8.7/lib/export.php
---- 0.8.7e/lib/export.php 2009-08-18 21:56:47.000000000 -0400
-+++ 0.8.7/lib/export.php 2009-08-18 21:57:50.000000000 -0400
-@@ -811,7 +811,9 @@
- }
-
- function xml_character_encode($text) {
--
-+ if (function_exists("htmlspecialchars")) {
-+ return htmlspecialchars($text, ENT_QUOTES, "UTF-8");
-+ } else {
- $text = str_replace("&", "&", $text);
- $text = str_replace(">", ">", $text);
- $text = str_replace("<", "<", $text);
-@@ -819,6 +821,7 @@
- $text = str_replace("\'", "'", $text);
-
- return $text;
-+ }
- }
-
- ?>
-diff -ruBbd 0.8.7e/lib/import.php 0.8.7/lib/import.php
---- 0.8.7e/lib/import.php 2009-08-18 21:56:59.000000000 -0400
-+++ 0.8.7/lib/import.php 2009-08-18 21:57:55.000000000 -0400
-@@ -36,10 +36,6 @@
- return $info_array;
- }
-
-- if (isset($xml_array["name"])) {
-- $xml_array["name"] = htmlspecialchars($xml_array["name"]);
-- }
--
- while (list($hash, $hash_array) = each($xml_array)) {
- /* parse information from the hash */
- $parsed_hash = parse_xml_hash($hash);
-@@ -115,7 +111,7 @@
- $_graph_template_id = db_fetch_cell("select id from graph_templates where hash='$hash'");
- $save["id"] = (empty($_graph_template_id) ? "0" : $_graph_template_id);
- $save["hash"] = $hash;
-- $save["name"] = htmlspecialchars($xml_array["name"]);
-+ $save["name"] = $xml_array["name"];
- $graph_template_id = sql_save($save, "graph_templates");
-
- $hash_cache["graph_template"][$hash] = $graph_template_id;
-@@ -914,9 +910,13 @@
- }
-
- function xml_character_decode($text) {
-+ if (function_exists("html_entity_decode")) {
-+ return html_entity_decode($text, ENT_QUOTES, "UTF-8");
-+ } else {
- $trans_tbl = get_html_translation_table(HTML_ENTITIES);
- $trans_tbl = array_flip($trans_tbl);
- return strtr($text, $trans_tbl);
-+ }
- }
-
- ?>
-diff -ruBbd 0.8.7e/lib/utility.php 0.8.7/lib/utility.php
---- 0.8.7e/lib/utility.php 2009-08-18 21:57:08.000000000 -0400
-+++ 0.8.7/lib/utility.php 2009-08-18 21:58:00.000000000 -0400
-@@ -346,6 +346,7 @@
- $save["name"] = $graph_template_input["name"];
- $save["description"] = $graph_template_input["description"];
- $save["column_name"] = $graph_template_input["column_name"];
-+ $save["hash"] = get_hash_graph_template(0, "graph_template_input");
-
- $graph_template_input_id = sql_save($save, "graph_template_input");
-
-@@ -436,6 +437,11 @@
- $save["local_data_id"] = (isset($local_data_id) ? $local_data_id : 0);
- $save["local_data_template_rrd_id"] = (isset($data_template_rrd["local_data_template_rrd_id"]) ? $data_template_rrd["local_data_template_rrd_id"] : 0);
- $save["data_template_id"] = (!empty($_local_data_id) ? $data_template_rrd["data_template_id"] : $data_template_id);
-+ if ($save["local_data_id"] == 0) {
-+ $save["hash"] = get_hash_data_template($data_template_rrd["local_data_template_rrd_id"], "data_template_item");
-+ } else {
-+ $save["hash"] = '';
-+ }
-
- while (list($field, $array) = each($struct_data_source_item)) {
- $save{$field} = $data_template_rrd{$field};
|