diff --git a/cacti.spec b/cacti.spec
index 4e2a4fd..3377bc8 100644
--- a/cacti.spec
+++ b/cacti.spec
@@ -1,6 +1,6 @@
 Name: cacti
 Version: 0.8.6i
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: An rrd based graphing tool
 
 Group: Applications/System
@@ -12,6 +12,10 @@ Source2: cacti.logrotate
 Source3: cacti.README.Fedora
 
 Patch1: cacti-0.8.6h-dbcfg.patch
+Patch2: http://www.cacti.net/downloads/patches/0.8.6i/import_template_argument_space_removal.patch
+Patch3: http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-scripts-0.8.6i.patch
+Patch4: http://www.cacti.net/downloads/patches/0.8.6i/dec06-vulnerability-poller-0.8.6i.patch
+Patch5: http://www.cacti.net/downloads/patches/0.8.6i/poller_output_remainder.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -32,6 +36,10 @@ used to creating traffic graphs with MRTG.
 %prep
 %setup -q
 %patch1 -p0
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 echo "#*/5 * * * *	cacti	%{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
 
@@ -103,6 +111,10 @@ fi
 %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
 
 %changelog
+* Fri Jan 12 2007 Mike McGrath <imlinux@gmail.com> - 0.8.6i-5
+- Added 4 upstream patches
+- Fix for BZ 222410
+
 * Thu Nov 09 2006 Mike McGrath <imlinux@gmail.com> - 0.8.6i-4
 - Patch now includes <?php BG# 214914
 
diff --git a/dec06-vulnerability-poller-0.8.6i.patch b/dec06-vulnerability-poller-0.8.6i.patch
new file mode 100644
index 0000000..f19c555
--- /dev/null
+++ b/dec06-vulnerability-poller-0.8.6i.patch
@@ -0,0 +1,137 @@
+diff -ruBbd cacti-0.8.6i/cmd.php cacti-0.8.6i-patch/cmd.php
+--- cacti-0.8.6i/cmd.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/cmd.php	2007-01-01 12:27:15.328125000 -0500
+@@ -26,7 +26,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+@@ -70,6 +71,10 @@
+ 	$print_data_to_stdout = false;
+ 	if ($_SERVER["argc"] == "3") {
+ 		if ($_SERVER["argv"][1] <= $_SERVER["argv"][2]) {
++			/* address potential exploits */
++			input_validate_input_number($_SERVER["argv"][1]);
++			input_validate_input_number($_SERVER["argv"][2]);
++
+ 			$hosts = db_fetch_assoc("select * from host where (disabled = '' and " .
+ 					"id >= " .
+ 					$_SERVER["argv"][1] .
+diff -ruBbd cacti-0.8.6i/copy_cacti_user.php cacti-0.8.6i-patch/copy_cacti_user.php
+--- cacti-0.8.6i/copy_cacti_user.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/copy_cacti_user.php	2007-01-01 12:27:15.312500000 -0500
+@@ -25,9 +25,10 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (! isset($_SERVER["argv"][0])) {
+-	die("This script is only meant to run at the command line.\n");
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
++
+ if (empty($_SERVER["argv"][2])) {
+ 	die("\nSyntax:\n php copy_cacti_user.php <template user> <new user>\n\n");
+ }
+diff -ruBbd cacti-0.8.6i/include/html/inc_timespan_settings.php cacti-0.8.6i-patch/include/html/inc_timespan_settings.php
+--- cacti-0.8.6i/include/html/inc_timespan_settings.php	2006-10-09 00:05:58.000000000 -0400
++++ cacti-0.8.6i-patch/include/html/inc_timespan_settings.php	2007-01-02 11:55:45.953125000 -0500
+@@ -24,6 +24,20 @@
+  +-------------------------------------------------------------------------+
+ */
+ 
++/* ================= input validation ================= */
++input_validate_input_number(get_request_var_request("predefined_timespan"));
++/* ==================================================== */
++
++/* clean up date1 string */
++if (isset($_REQUEST["date1"])) {
++	$_REQUEST["date1"] = sanitize_search_string(get_request_var("date1"));
++}
++
++/* clean up date2 string */
++if (isset($_REQUEST["date2"])) {
++	$_REQUEST["date2"] = sanitize_search_string(get_request_var("date2"));
++}
++
+ /* initialize the timespan array */
+ $timespan = array();
+ 
+diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patch/poller.php
+--- cacti-0.8.6i/poller.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/poller.php	2007-01-01 12:27:15.328125000 -0500
+@@ -26,7 +26,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/poller_commands.php cacti-0.8.6i-patch/poller_commands.php
+--- cacti-0.8.6i/poller_commands.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/poller_commands.php	2007-01-01 12:27:15.328125000 -0500
+@@ -27,7 +27,7 @@
+ define("MAX_RECACHE_RUNTIME", 296);
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/poller_export.php cacti-0.8.6i-patch/poller_export.php
+--- cacti-0.8.6i/poller_export.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/poller_export.php	2007-01-01 12:27:15.328125000 -0500
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/poller_reindex_hosts.php cacti-0.8.6i-patch/poller_reindex_hosts.php
+--- cacti-0.8.6i/poller_reindex_hosts.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/poller_reindex_hosts.php	2007-01-01 12:27:15.328125000 -0500
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/rebuild_poller_cache.php cacti-0.8.6i-patch/rebuild_poller_cache.php
+--- cacti-0.8.6i/rebuild_poller_cache.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/rebuild_poller_cache.php	2007-01-01 12:27:15.312500000 -0500
+@@ -25,7 +25,7 @@
+ */
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+ }
+ 
+diff -ruBbd cacti-0.8.6i/script_server.php cacti-0.8.6i-patch/script_server.php
+--- cacti-0.8.6i/script_server.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/script_server.php	2007-01-01 12:27:15.312500000 -0500
+@@ -26,9 +26,8 @@
+ $no_http_headers = true;
+ 
+ /* do NOT run this script through a web browser */
+-if (!isset($_SERVER["argv"][0])) {
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
+ 	die("<br><strong>This script is only meant to run at the command line.</strong>");
+-	exit(-1);
+ }
+ 
+ /* define STDOUT/STDIN file descriptors if not running under CLI */
diff --git a/dec06-vulnerability-scripts-0.8.6i.patch b/dec06-vulnerability-scripts-0.8.6i.patch
new file mode 100644
index 0000000..f59bfa9
--- /dev/null
+++ b/dec06-vulnerability-scripts-0.8.6i.patch
@@ -0,0 +1,106 @@
+diff -ruBbd cacti-0.8.6i/scripts/query_host_cpu.php cacti-0.8.6i-patch/scripts/query_host_cpu.php
+--- cacti-0.8.6i/scripts/query_host_cpu.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/scripts/query_host_cpu.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,6 +1,12 @@
+ <?php
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
++
+ include(dirname(__FILE__) . "/../include/config.php");
+ include(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -ruBbd cacti-0.8.6i/scripts/query_host_partitions.php cacti-0.8.6i-patch/scripts/query_host_partitions.php
+--- cacti-0.8.6i/scripts/query_host_partitions.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/scripts/query_host_partitions.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,6 +1,12 @@
+ <?php
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
++
+ include(dirname(__FILE__) . "/../include/config.php");
+ include(dirname(__FILE__) . "/../lib/snmp.php");
+ 
+diff -ruBbd cacti-0.8.6i/scripts/sql.php cacti-0.8.6i-patch/scripts/sql.php
+--- cacti-0.8.6i/scripts/sql.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/scripts/sql.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,6 +1,12 @@
+ <?
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
++
+ include(dirname(__FILE__) . "/../include/config.php");
+ 
+ if ($database_password == "") {
+diff -ruBbd cacti-0.8.6i/scripts/ss_fping.php cacti-0.8.6i-patch/scripts/ss_fping.php
+--- cacti-0.8.6i/scripts/ss_fping.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/scripts/ss_fping.php	2007-01-01 12:50:55.796875000 -0500
+@@ -1,7 +1,11 @@
+ <?php
+ #!/usr/bin/php -q
+ 
+-//STANDARD SCRIPT SERVER HEADER!!!
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+ /* display No errors */
+diff -ruBbd cacti-0.8.6i/scripts/ss_host_cpu.php cacti-0.8.6i-patch/scripts/ss_host_cpu.php
+--- cacti-0.8.6i/scripts/ss_host_cpu.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/scripts/ss_host_cpu.php	2007-01-01 12:50:55.796875000 -0500
+@@ -1,4 +1,10 @@
+ <?php
++
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+ /* display No errors */
+diff -ruBbd cacti-0.8.6i/scripts/ss_host_disk.php cacti-0.8.6i-patch/scripts/ss_host_disk.php
+--- cacti-0.8.6i/scripts/ss_host_disk.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/scripts/ss_host_disk.php	2007-01-01 12:50:55.796875000 -0500
+@@ -1,4 +1,10 @@
+ <?php
++
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+ /* display No errors */
+diff -ruBbd cacti-0.8.6i/scripts/ss_sql.php cacti-0.8.6i-patch/scripts/ss_sql.php
+--- cacti-0.8.6i/scripts/ss_sql.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/scripts/ss_sql.php	2007-01-01 12:50:55.781250000 -0500
+@@ -1,5 +1,10 @@
+ <?php
+ 
++/* do NOT run this script through a web browser */
++if (!isset($_SERVER["argv"][0]) || isset($_SERVER['REQUEST_METHOD'])  || isset($_SERVER['REMOTE_ADDR'])) {
++   die("<br><strong>This script is only meant to run at the command line.</strong>");
++}
++
+ $no_http_headers = true;
+ 
+ /* display ALL errors */
diff --git a/import_template_argument_space_removal.patch b/import_template_argument_space_removal.patch
new file mode 100644
index 0000000..776c1be
--- /dev/null
+++ b/import_template_argument_space_removal.patch
@@ -0,0 +1,14 @@
+--- cacti-0.8.6i/lib/import.php	2006-10-09 00:06:00.000000000 -0400
++++ cacti-0.8.6i-patch/lib/import.php	2007-01-02 08:17:09.593750000 -0500
+@@ -687,6 +687,11 @@
+ 	while (list($field_name, $field_array) = each($fields_data_input_edit)) {
+ 		/* make sure this field exists in the xml array first */
+ 		if (isset($xml_array[$field_name])) {
++			/* fix issue with data input method importing and white spaces */
++			if ($field_name == "input_string") {
++				$xml_array[$field_name] = str_replace("><", "> <", $xml_array[$field_name]);
++			}
++
+ 			$save[$field_name] = addslashes(xml_character_decode($xml_array[$field_name]));
+ 		}
+ 	}
diff --git a/poller_output_remainder.patch b/poller_output_remainder.patch
new file mode 100644
index 0000000..5edcf15
--- /dev/null
+++ b/poller_output_remainder.patch
@@ -0,0 +1,46 @@
+diff -ruBbd cacti-0.8.6i/lib/poller.php cacti-0.8.6i-patched/lib/poller.php
+--- cacti-0.8.6i/lib/poller.php	2006-10-08 23:06:01.000000000 -0400
++++ cacti-0.8.6i-patched/lib/poller.php	2006-11-21 23:41:02.000000000 -0500
+@@ -213,7 +213,7 @@
+ /* process_poller_output - grabs data from the 'poller_output' table and feeds the *completed*
+      results to RRDTool for processing
+    @arg $rrdtool_pipe - the array of pipes containing the file descriptor for rrdtool */
+-function process_poller_output($rrdtool_pipe) {
++function process_poller_output($rrdtool_pipe, $remainder = FALSE) {
+ 	global $config;
+ 
+ 	include_once($config["library_path"] . "/rrd.php");
+@@ -221,6 +221,12 @@
+ 	/* let's count the number of rrd files we processed */
+ 	$rrds_processed = 0;
+ 
++	if ($remainder) {
++		$limit = "";
++	}else{
++		$limit = "LIMIT 10000";
++	}
++
+ 	/* create/update the rrd files */
+ 	$results = db_fetch_assoc("select
+ 		poller_output.output,
+@@ -231,7 +237,7 @@
+ 		poller_item.rrd_num
+ 		from (poller_output,poller_item)
+ 		where (poller_output.local_data_id=poller_item.local_data_id and poller_output.rrd_name=poller_item.rrd_name)
+-		limit 10000");
++		$limit");
+ 
+ 	if (sizeof($results) > 0) {
+ 		/* create an array keyed off of each .rrd file */
+diff -ruBbd cacti-0.8.6i/poller.php cacti-0.8.6i-patched/poller.php
+--- cacti-0.8.6i/poller.php	2006-10-08 23:06:01.000000000 -0400
++++ cacti-0.8.6i-patched/poller.php	2006-11-12 11:49:05.000000000 -0500
+@@ -166,7 +166,7 @@
+ 		$polling_items = db_fetch_assoc("select poller_id,end_time from poller_time where poller_id = 0");
+ 
+ 		if (sizeof($polling_items) == $process_file_number) {
+-			$rrds_processed = $rrds_processed + process_poller_output($rrdtool_pipe);
++			$rrds_processed = $rrds_processed + process_poller_output($rrdtool_pipe, TRUE);
+ 
+ 			/* take time and log performance data */
+ 			list($micro,$seconds) = split(" ", microtime());