diff -Nru acidlab-0.9.6b20-12/acid_signature.inc.orig acidlab-0.9.6b20-13/acid_signature.inc.orig
--- acidlab-0.9.6b20-12/acid_signature.inc.orig	2005-10-31 00:29:57.000000000 +0100
+++ acidlab-0.9.6b20-13/acid_signature.inc.orig	1970-01-01 01:00:00.000000000 +0100
@@ -1,276 +0,0 @@
-<?php
-/*
- * Analysis Console for Incident Databases (ACID)
- *
- * Author: Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
- *
- * Copyright (C) 2001 Carnegie Mellon University
- * (see the file 'acid_main.php' for license details)
- *
- * Purpose: Handles signatures and references in the 
- *          Snort signature language
- */
-
-function GetSignatureName($sig_id, $db)
-{
-   $name = "";
-
-   $temp_sql = "SELECT sig_name FROM signature WHERE sig_id='$sig_id'";
-   $tmp_result = $db->acidExecute($temp_sql);
-   if ( $tmp_result )
-   {
-      $myrow = $tmp_result->acidFetchRow();
-      $name = $myrow[0];
-      $tmp_result->acidFreeRows();
-   }
-   else
-      $name = "[SigName unknown]";
-
-   return $name;
-}
-
-function GetSignaturePriority($sig_id, $db)
-{
-   $priority = "";
-
-   $temp_sql = "SELECT sig_priority FROM signature WHERE sig_id='$sig_id'";
-   $tmp_result = $db->acidExecute($temp_sql);
-   if ( $tmp_result )
-   {
-     $myrow = $tmp_result->acidFetchRow();
-     $priority = $myrow[0];
-
-     $tmp_result->acidFreeRows();
-   }
-   else
-     $priority = "[SigPriority unknown]";
-
-   return $priority;
-}
-
-function GetSignatureID($sig_id, $db)
-{
-   $id = "";
-  
-   if ( $sig_id == "" )
-      return $id;
-
-   $temp_sql = "SELECT sig_id FROM signature WHERE sig_name='$sig_id'";
-   if ($db->DB_type == "mssql")
-     $temp_sql = "SELECT sig_id FROM signature WHERE sig_name LIKE '".MssqlKludgeValue($sig_id)."' ";
-
-   $tmp_result = $db->acidExecute($temp_sql);
-   if ( $tmp_result )
-   {
-      $myrow = $tmp_result->acidFetchRow();
-      $id = $myrow[0];
-      $tmp_result->acidFreeRows();
-   }
-
-   return $id;
-}
-
-function GetRefSystemName($ref_system_id, $db)
-{
-   if ( $ref_system_id == "" )
-      return "";
-
-   $ref_system_name = "";
-
-   $tmp_sql = "SELECT ref_system_name FROM reference_system WHERE ref_system_id='".$ref_system_id."'";
-   $tmp_result = $db->acidExecute($tmp_sql);
-   if ( $tmp_result )
-   {
-      $myrow = $tmp_result->acidFetchRow();
-      $ref_system_name = $myrow[0];
-      $tmp_result->acidFreeRows();
-   }
-
-   return $ref_system_name;
-}
-
-function GetSingleSignatureReference($ref_system, $ref_tag, $style)
-{
-   $tmp_ref_system_name = strtolower($ref_system);
-   if ( in_array($tmp_ref_system_name, array_keys($GLOBALS['external_sig_link'])) )
-   {
-      if ( $style == 1 )
-         return "<FONT SIZE=-1>[".
-                "<A HREF=\"".$GLOBALS['external_sig_link'][$tmp_ref_system_name][0].
-                             $ref_tag.
-                             $GLOBALS['external_sig_link'][$tmp_ref_system_name][1]."\" ".
-                             "TARGET=\"_ACID_ALERT_DESC\">".$ref_system."</A>".
-                 "]</FONT>";
-      else if ( $style == 2 )
-         return "[".$ref_system."/$ref_tag] ";
-   }            
-   else
-   {
-      return $ref_system;
-   }
-}
-
-function GetSignatureReference($sig_id, $db, $style)
-{
-   $ref = "";
-
-   $temp_sql = "SELECT ref_seq, ref_id FROM sig_reference WHERE sig_id='".$sig_id."'";
-   $tmp_sig_ref = $db->acidExecute($temp_sql);
-
-   if ( $tmp_sig_ref )
-   {
-      $num_references = $tmp_sig_ref->acidRecordCount();
-      for ( $i = 0; $i < $num_references; $i++)
-      {
-         $mysig_ref = $tmp_sig_ref->acidFetchRow();
-
-         $temp_sql = "SELECT ref_system_id, ref_tag FROM reference WHERE ref_id='".$mysig_ref[1]."'";
-         $tmp_ref_tag = $db->acidExecute($temp_sql);
-
-         if ( $tmp_ref_tag )
-         {
-            $myrow = $tmp_ref_tag->acidFetchRow();
-            $ref_tag = $myrow[1];
-            $ref_system = GetRefSystemName($myrow[0], $db);
-         }
-
-         $ref = $ref.GetSingleSignatureReference($ref_system, $ref_tag, $style);
-
-         /* Automatically add an ICAT reference is a CVE reference exists */
-         if ( $ref_system == "cve" )
-             $ref = $ref.GetSingleSignatureReference("icat", $ref_tag, $style);
-       
-         $tmp_ref_tag->acidFreeRows();
-      }
-      $tmp_sig_ref->acidFreeRows();
-   }
-
-   if ( $db->acidGetDBVersion() >= 103 )
-   {
-      $tmp_sql = "SELECT sig_sid FROM signature WHERE sig_id='".$sig_id."'";
-      $tmp_sig_sid = $db->acidExecute($tmp_sql);
-
-      if ( $tmp_sig_sid )
-      {
-         $myrow = $tmp_sig_sid->acidFetchRow();
-         $sig_sid = $myrow[0];
-      }
-   }
-   else
-      $sig_sid = "";
-
-   $href = "";
-
-   /* snort.org should be documenting all official signatures,
-    * so automatically add a link
-    */
-   if ( $sig_sid != "")
-      $ref = $ref.GetSingleSignatureReference("snort", $sig_sid, $style);
-
-   return $ref;
-}
-
-function BuildSigLookup($signature, $style)
-/* - Paul Harrington <paul@pizza.org> : reference URL links
- * - Michael Bell <michael.bell@web.de> : links for IP address in spp_portscan alerts
- */
-{
-  if ($style == 2)
-     return $signature;
-
-  /* create hyperlinks for references */
-  $pattern=array("/(IDS)(\d+)/", 
-                 "/(IDS)(0+)(\d+)/",
-                 "/BUGTRAQ ID (\d+)/",
-                 "/MCAFEE ID (\d+)/",
-                 "/(CVE-\d+-\d+)/");
-
-  $replace=array("<A HREF=\"http://www.whitehats.com/\\1/\\2\" TARGET=\"_ACID_ALERT_DESC\">\\1\\2</A>",
-                 "<A HREF=\"http://www.whitehats.com/\\1/\\3\" TARGET=\"_ACID_ALERT_DESC\">\\1\\2\\3</A>",
-                 "<A HREF=\"".$GLOBALS['external_sig_link']['bugtraq'][0]."\\1\" TARGET=\"_ACID_ALERT_DESC\">BUGTRAQ ID \\1</A>",
-                 "<A HREF=\"".$GLOBALS['external_sig_link']['mcafee'][0]."\\1\" TARGET=\"_ACID_ALERT_DESC\">MCAFEE ID \\1</A>",
-                 "<A HREF=\"".$GLOBALS['external_sig_link']['cve'][0]."\\1\" TARGET=\"_ACID_ALERT_DESC\">\\1</A>");
-
-  $msg = preg_replace($pattern, $replace, $signature);
-
-  /* fixup portscan message strings */
-  if ( stristr($msg, "spp_portscan") )
-  {
-      /* replace "spp_portscan: portscan status" => "spp_portscan"  */
-      $msg = preg_replace("/spp_portscan: portscan status/", "spp_portscan", $msg);
-
-      /* replace "spp_portscan: PORTSCAN DETECTED" => "spp_portscan detected" */
-      $msg = preg_replace("/spp_portscan: PORTSCAN DETECTED/", "spp_portscan detected", $msg);
-
-      /* create hyperlink for IP addresses in portscan alerts */
-      $msg = preg_replace("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*)/",
-                          "<A HREF=\"acid_stat_ipaddr.php?ip=\\1&netmask=32\">\\1</A>",
-                          $msg);
-  }
-
-  return $msg;
-}
-
-function BuildSigByID($sig_id, $db, $style = 1)
-/*
- * sig_id: DB schema dependent
- *         - < v100: a text string of the signature
- *         - > v100: an ID (key) of a signature
- * db    : database handle
- * style : how should the signature be returned?
- *         - 1: (default) HTML
- *         - 2: text
- *
- * RETURNS: a formatted signature and the associated references
- */
-{
-  if ( $db->acidGetDBVersion() >= 100 )
-  {
-     /* Catch the odd circumstance where $sig_id is still an alert text string
-      * despite using normalized signature as of DB version 100. 
-      */
-     if ( !is_numeric($sig_id) )
-        return $sig_id;
-     $sig_name = GetSignatureName($sig_id, $db);
-     if ( $sig_name != "" )
-        return GetSignatureReference($sig_id, $db, $style)." ".BuildSigLookup($sig_name, $style);
-     else
-     {
-        if ( $style == 1 )
-           return "($sig_id)<I>Unknown Sig Name</I>";
-        else
-           return "($sig_id) Unknown Sig Name";
-     }
-  }
-  else
-     return BuildSigLookup($sig_id, $style);
-}
-
-function GetSigClassID($sig_id, $db)
-{
-  $sql = "SELECT sig_class_id FROM signature ".
-         "WHERE sig_id = '$sig_id'";
-
-  $result = $db->acidExecute($sql);
-  $row = $result->acidFetchRow();
-
-  return $row[0]; 
-}
-
-function GetSigClassName ($class_id, $db)
-{
-  if ( $class_id == "" )
-    return "<I>unclassified</I>";
-
-  $sql = "SELECT sig_class_name FROM sig_class ". 
-         "WHERE sig_class_id = '$class_id'";
-  $result = $db->acidExecute($sql);
-
-  $row = $result->acidFetchRow();
-  if ( $row == "" )  
-    return "<I>unclassified</I>";
-  else
-    return $row[0]; 
-}
-
-?>
diff -Nru acidlab-0.9.6b20-12/debian/acidlab.010.diff acidlab-0.9.6b20-13/debian/acidlab.010.diff
--- acidlab-0.9.6b20-12/debian/acidlab.010.diff	2005-10-31 00:29:57.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/acidlab.010.diff	2006-05-02 13:11:25.000000000 +0200
@@ -4,7 +4,7 @@
  $external_sig_link = array("bugtraq"   => array("http://www.securityfocus.com/bid/", ""),
                             "snort"     => array("http://www.snort.org/snort-db/sid.html?sid=", ""),
                             "cve"       => array("http://cve.mitre.org/cgi-bin/cvename.cgi?name=", ""),
-+                           "nessus"       => array("http://cgi.nessus.org/plugins/dump.php3?id=", ""),
++                           "nessus"       => array("http://www.nessus.org/plugins/index.php?view=single&id=", ""),
                             "arachnids" => array("http://www.whitehats.com/info/ids", ""),
                             "mcafee"    => array("http://vil.nai.com/vil/content/v_", ".htm"),
                             "icat"      => array("http://icat.nist.gov/icat.cfm?cvename=", ""));
diff -Nru acidlab-0.9.6b20-12/debian/acidlab.013.diff acidlab-0.9.6b20-13/debian/acidlab.013.diff
--- acidlab-0.9.6b20-12/debian/acidlab.013.diff	1970-01-01 01:00:00.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/acidlab.013.diff	2006-05-02 13:11:25.000000000 +0200
@@ -0,0 +1,291 @@
+diff -Nru acidlab-0.9.6b20.orig/acid_ag_main.php acidlab-0.9.6b20/acid_ag_main.php
+--- acidlab-0.9.6b20.orig/acid_ag_main.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_ag_main.php	2005-10-31 00:25:33.000000000 +0100
+@@ -31,12 +31,11 @@
+   
+ 
+   $qs = new QueryState();
+-  $submit = ImportHTTPVar("submit");
+-  $ag_action = ImportHTTPVar("ag_action");
+-  $ag_id = ImportHTTPVar("ag_id");
+-  $ag_name = ImportHTTPVar("ag_name");
+-  $ag_desc = ImportHTTPVar("ag_desc");  
+-
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
++  $ag_action = ImportHTTPVar("ag_action", VAR_ALPHA);
++  $ag_id = ImportHTTPVar("ag_id", VAR_DIGIT);
++  $ag_name = filterSql(ImportHTTPVar("ag_name"));
++  $ag_desc = filterSql(ImportHTTPVar("ag_desc"));  
+ 
+   //$qs->MoveView($submit);             /* increment the view if neccessary */
+ 
+diff -Nru acidlab-0.9.6b20.orig/acid_common.php acidlab-0.9.6b20/acid_common.php
+--- acidlab-0.9.6b20.orig/acid_common.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_common.php	2005-10-30 23:37:21.000000000 +0100
+@@ -564,9 +564,10 @@
+   $submit = str_replace("(", "", $submit);
+   $submit = str_replace(")", "", $submit);
+   $tmp = explode("-", $submit);
+-  $seq = $tmp[0];
+-  $sid = $tmp[1];
+-  $cid = $tmp[2];
++  /* Since the submit variable is not cleaned do so here: */
++  $seq = CleanVariable($tmp[0], VAR_DIGIT);
++  $sid = CleanVariable($tmp[1], VAR_DIGIT);
++  $cid = CleanVariable($tmp[2], VAR_DIGIT);
+ }
+ 
+ function ExportPacket($sid, $cid, $db)
+diff -Nru acidlab-0.9.6b20.orig/acid_db_setup.php acidlab-0.9.6b20/acid_db_setup.php
+--- acidlab-0.9.6b20.orig/acid_db_setup.php	2005-10-31 00:31:43.000000000 +0100
++++ acidlab-0.9.6b20/acid_db_setup.php	2005-10-31 00:29:25.000000000 +0100
+@@ -31,7 +31,7 @@
+       ACTION="acid_db_setup.php">
+ 
+ <?php
+-  $submit = ImportHTTPVar("submit");
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
+ 
+   /* Connect to the Alert database */
+   $db = NewACIDDBConnection($DBlib_path, $DBtype);
+diff -Nru acidlab-0.9.6b20.orig/acid_graph_main.php acidlab-0.9.6b20/acid_graph_main.php
+--- acidlab-0.9.6b20.orig/acid_graph_main.php	2002-02-05 20:55:56.000000000 +0100
++++ acidlab-0.9.6b20/acid_graph_main.php	2005-10-31 00:26:24.000000000 +0100
+@@ -29,23 +29,23 @@
+   session_start();
+   session_register('xdata');
+ 
+-  $submit = ImportHTTPVar("submit");
+-  $data_source = ImportHTTPVar("data_source");
+-  $chart_type = ImportHTTPVar("chart_type");
+-  $chart_interval = ImportHTTPVar("chart_interval");
+-
+-  $chart_begin_hour = ImportHTTPVar("chart_begin_hour");
+-  $chart_begin_month = ImportHTTPVar("chart_begin_month");
+-  $chart_begin_day = ImportHTTPVar("chart_begin_day");
+-  $chart_begin_year = ImportHTTPVar("chart_begin_year");
+-
+-  $chart_end_hour = ImportHTTPVar("chart_end_hour");
+-  $chart_end_month = ImportHTTPVar("chart_end_month");
+-  $chart_end_day = ImportHTTPVar("chart_end_day");
+-  $chart_end_year = ImportHTTPVar("chart_end_year");
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
++  $data_source = ImportHTTPVar("data_source", VAR_DIGIT);
++  $chart_type = ImportHTTPVar("chart_type", VAR_DIGIT);
++  $chart_interval = ImportHTTPVar("chart_interval", VAR_DIGIT);
++
++  $chart_begin_hour = ImportHTTPVar("chart_begin_hour", VAR_DIGIT);
++  $chart_begin_month = ImportHTTPVar("chart_begin_month", VAR_DIGIT);
++  $chart_begin_day = ImportHTTPVar("chart_begin_day", VAR_DIGIT);
++  $chart_begin_year = ImportHTTPVar("chart_begin_year", VAR_DIGIT);
++
++  $chart_end_hour = ImportHTTPVar("chart_end_hour", VAR_DIGIT);
++  $chart_end_month = ImportHTTPVar("chart_end_month", VAR_DIGIT);
++  $chart_end_day = ImportHTTPVar("chart_end_day", VAR_DIGIT);
++  $chart_end_year = ImportHTTPVar("chart_end_year", VAR_DIGIT);
+ 
+-  $chart_style = ImportHTTPVar("chart_style");
+-  $rotate_xaxis_lbl = ImportHTTPVar("rotate_xaxis_lbl");
++  $chart_style = ImportHTTPVar("chart_style", VAR_ALPHA);
++  $rotate_xaxis_lbl = ImportHTTPVar("rotate_xaxis_lbl", VAR_DIGIT);
+ 
+   $page_title = "Graph Alert Data";
+   PrintACIDSubHeader($page_title, $page_title, $cs->GetBackLink());
+diff -Nru acidlab-0.9.6b20.orig/acid_maintenance.php acidlab-0.9.6b20/acid_maintenance.php
+--- acidlab-0.9.6b20.orig/acid_maintenance.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_maintenance.php	2005-10-30 23:54:05.000000000 +0100
+@@ -25,7 +25,7 @@
+   $page_title = "Maintenance";
+   PrintACIDSubHeader($page_title, $page_title, $cs->GetBackLink());
+ 
+-  $submit = ImportHTTPVar("submit");
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
+ 
+ ?>
+ <P><P>
+diff -Nru acidlab-0.9.6b20.orig/acid_qry_alert.php acidlab-0.9.6b20/acid_qry_alert.php
+--- acidlab-0.9.6b20.orig/acid_qry_alert.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_qry_alert.php	2005-10-31 00:29:08.000000000 +0100
+@@ -100,7 +100,7 @@
+    * get the (sid,cid) back from $caller 
+    */ 
+   if ( $submit == "Selected" )
+-     $submit = ImportHTTPVar("caller");
++     $submit = ImportHTTPVar("caller"); /* Do not filter this call, will get filtered in GetQueryResultID */
+   else
+      $caller = $submit;
+ 
+diff -Nru acidlab-0.9.6b20.orig/acid_qry_main.php acidlab-0.9.6b20/acid_qry_main.php
+--- acidlab-0.9.6b20.orig/acid_qry_main.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_qry_main.php	2005-10-30 23:54:25.000000000 +0100
+@@ -71,7 +71,7 @@
+   $cs = new CriteriaState("acid_qry_main.php", "&new=1&submit=Query+DB");
+ 
+   $new = ImportHTTPVar("new", VAR_DIGIT);
+-  $submit = ImportHTTPVar("submit");
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
+ 
+ /* Code to correct 'interesting' (read: unexplained) browser behavior */
+ 
+diff -Nru acidlab-0.9.6b20.orig/acid_state_common.inc acidlab-0.9.6b20/acid_state_common.inc
+--- acidlab-0.9.6b20.orig/acid_state_common.inc	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_state_common.inc	2005-10-31 00:04:00.000000000 +0100
+@@ -102,8 +102,6 @@
+  ************************************************************************/
+ function CleanVariable($item, $valid_data, $exception = "")
+ {
+-   return $item;
+-
+    /* Check the exception value list first */
+    if ( $exception != "" )
+    {
+@@ -279,4 +277,73 @@
+   echo "<INPUT TYPE=\"hidden\" NAME=\"$var_name\" VALUE=\"$var_value\">\n";
+ }
+ 
++/* ***********************************************************************
++ * Function: checkAlpha()
++ *
++ * @doc Checks that all characteres are alphanumeric. Returns ERROR if they
++ *      are not and the values themselves if they are.
++ *
++ * @param $var_value   value of the variable to test
++ *
++ *
++ ************************************************************************/
++function checkAlpha ($var_value) 
++{
++     if (ereg('[^a-zA-z0-9]', $var_value)) {
++     	return "ERROR";
++     }
++     return $var_value;
++}
++
++/* ***********************************************************************
++ * Function: checkNum()
++ *
++ * @doc Checks that all characteres are numeric. Returns ERROR if they
++ *      are not and the values themselves if they are.
++ *
++ * @param $var_value   value of the variable to test
++ *
++ *
++ ************************************************************************/
++function checkNum ($var_value) 
++{
++     if (ereg('[^0-9]', $var_value)) {
++     	return "ERROR";
++     }
++     return $var_value;
++}
++
++/* ***********************************************************************
++ * Function: filterSql()
++ *
++ * @doc Filters the input string so that it can be safely used in SQL queries.
++ *
++ * @param $var_value   value of the variable to filter
++ *
++ *
++ ************************************************************************/
++function filterSql ($var_value) 
++{
++     /* This is the default, so strip slashes in case the server is configured with this 
++        to prevent double quoting */ 
++     if (get_magic_quotes_gpc()) {
++          $var_value = stripslashes($var_value);
++     }
++     if (!is_numeric($var_value)) {
++	     if ($db->DB_type == "mysql") {
++	        if(version_compare(phpversion(),"4.3.0")=="-1") {
++			$var_value = mysql_escape_string($var_value);
++		} else {
++			$var_value = mysql_real_escape_string($var_value);
++		}
++             } else {
++	     /* In other databases, strip the following: \ _ % () {} - ; others are quoted */
++		$var_value = ereg_replace ("[\\_%\(\){}-;,]", "", $var_value);
++	     	$var_value = addslashes ($var_value);
++	     }
++     }
++     return $var_value;
++}
++
++
+ ?>
+diff -Nru acidlab-0.9.6b20.orig/acid_stat_ipaddr.php acidlab-0.9.6b20/acid_stat_ipaddr.php
+--- acidlab-0.9.6b20.orig/acid_stat_ipaddr.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_stat_ipaddr.php	2005-10-31 00:09:48.000000000 +0100
+@@ -28,10 +28,10 @@
+   $cs = new CriteriaState("acid_stat_ipaddr.php");
+   $cs->ReadState();
+ 
+-  $ip = ImportHTTPVar("ip");
+-  $netmask = ImportHTTPVar("netmask");
+-  $action = ImportHTTPVar("action");
+-  $submit = ImportHTTPVar("submit");
++  $ip = ImportHTTPVar("ip", VAR_DIGIT | VAR_PERIOD);
++  $netmask = ImportHTTPVar("netmask", VAR_DIGIT);
++  $action = ImportHTTPVar("action", VAR_ALPHA);
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
+ 
+   $page_title = $ip.'/'.$netmask;
+   PrintACIDSubHeader($page_title, $page_title, $cs->GetBackLink());
+diff -Nru acidlab-0.9.6b20.orig/acid_stat_iplink.php acidlab-0.9.6b20/acid_stat_iplink.php
+--- acidlab-0.9.6b20.orig/acid_stat_iplink.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_stat_iplink.php	2005-10-31 00:13:10.000000000 +0100
+@@ -30,7 +30,7 @@
+   $qs->AddCannedQuery("most_frequent", $freq_num_alerts, "Most Frequent Alerts", "occur_d"); 
+   $qs->AddCannedQuery("last_alerts", $last_num_ualerts, "Last Alerts", "last_d");
+ 
+-  $submit = ImportHTTPVar("submit");
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
+   $qs->MoveView($submit);             /* increment the view if necessary */
+ 
+   $page_title = "IP Links";
+diff -Nru acidlab-0.9.6b20.orig/acid_stat_ports.php acidlab-0.9.6b20/acid_stat_ports.php
+--- acidlab-0.9.6b20.orig/acid_stat_ports.php	2002-02-05 20:55:56.000000000 +0100
++++ acidlab-0.9.6b20/acid_stat_ports.php	2005-10-31 00:15:56.000000000 +0100
+@@ -39,9 +39,9 @@
+   $qs->AddCannedQuery("most_frequent", $freq_num_uports, "Most Frequent Ports", "occur_d");
+   $qs->AddCannedQuery("last_ports", $last_num_uports, "Last Ports", "last_d");
+ 
+-  $submit = ImportHTTPVar("submit");
+-  $port_type = ImportHTTPVar("port_type");
+-  $proto = ImportHTTPVar("proto");
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
++  $port_type = ImportHTTPVar("port_type", VAR_DIGIT);
++  $proto = ImportHTTPVar("proto", VAR_DIGIT);
+ 
+   $qs->MoveView($submit);             /* increment the view if necessary */
+ 
+diff -Nru acidlab-0.9.6b20.orig/acid_stat_time.php acidlab-0.9.6b20/acid_stat_time.php
+--- acidlab-0.9.6b20.orig/acid_stat_time.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_stat_time.php	2005-10-31 00:21:31.000000000 +0100
+@@ -114,9 +114,9 @@
+   include_once ("acid_stat_common.php");
+   include_once ("acid_qry_common.php");
+ 
+-  $time_sep = ImportHTTPVar("time_sep");
+-  $time = ImportHTTPVar("time");
+-  $submit = ImportHTTPVar("submit");
++  $time_sep = ImportHTTPVar("time_sep", VAR_ALPHA);
++  $time = ImportHTTPVar("time", VAR_DIGIT);
++  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
+ 
+   $cs = new CriteriaState("acid_stat_alerts.php");
+   $cs->ReadState();
+diff -Nru acidlab-0.9.6b20.orig/acid_stat_uaddr.php acidlab-0.9.6b20/acid_stat_uaddr.php
+--- acidlab-0.9.6b20.orig/acid_stat_uaddr.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_stat_uaddr.php	2005-10-31 00:24:17.000000000 +0100
+@@ -28,8 +28,8 @@
+  include_once("acid_common.php"); 
+  include_once("acid_qry_common.php");
+ 
+- $addr_type = ImportHTTPVar("addr_type");
+- $submit = ImportHTTPVar("submit");
++ $addr_type = ImportHTTPVar("addr_type", VAR_DIGIT);
++ $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE);
+ 
+  $et = new EventTiming($debug_time_mode);
+  $cs = new CriteriaState("acid_stat_uaddr.php", "&addr_type=$addr_type");
diff -Nru acidlab-0.9.6b20-12/debian/acidlab.014.diff acidlab-0.9.6b20-13/debian/acidlab.014.diff
--- acidlab-0.9.6b20-12/debian/acidlab.014.diff	1970-01-01 01:00:00.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/acidlab.014.diff	2006-05-02 13:11:25.000000000 +0200
@@ -0,0 +1,30 @@
+diff -Nru acidlab-0.9.6b20-12/acid_state_citems.inc acidlab-0.9.6b20/acid_state_citems.inc
+--- acidlab-0.9.6b20-12/acid_state_citems.inc	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_state_citems.inc	2005-10-31 17:36:12.000000000 +0100
+@@ -737,7 +737,10 @@
+          echo '                               <OPTION VALUE="2001" '.chk_select($this->criteria[$i][4],"2001").'>2001';
+          echo '                               <OPTION VALUE="2002" '.chk_select($this->criteria[$i][4],"2002").'>2002';
+          echo '                               <OPTION VALUE="2003" '.chk_select($this->criteria[$i][4],"2003").'>2003';
+-         echo '                               <OPTION VALUE="2004" '.chk_select($this->criteria[$i][4],"2004").'>2004</SELECT>';
++         echo '                               <OPTION VALUE="2004" '.chk_select($this->criteria[$i][4],"2004").'>2004';
++         echo '                               <OPTION VALUE="2005" '.chk_select($this->criteria[$i][4],"2005").'>2005';
++         echo '                               <OPTION VALUE="2006" '.chk_select($this->criteria[$i][4],"2006").'>2006';
++         echo '                               <OPTION VALUE="2007" '.chk_select($this->criteria[$i][4],"2007").'>2007</SELECT>';
+ 
+          echo '<INPUT TYPE="text" NAME="time['.$i.'][5]" SIZE=2 VALUE="'.$this->criteria[$i][5].'"><B>:</B>';
+          echo '<INPUT TYPE="text" NAME="time['.$i.'][6]" SIZE=2 VALUE="'.$this->criteria[$i][6].'"><B>:</B>';
+diff -Nru acidlab-0.9.6b20-12/acid_stat_time.php acidlab-0.9.6b20/acid_stat_time.php
+--- acidlab-0.9.6b20-12/acid_stat_time.php	2005-10-31 00:29:57.000000000 +0100
++++ acidlab-0.9.6b20/acid_stat_time.php	2005-10-31 17:36:44.000000000 +0100
+@@ -191,7 +191,10 @@
+              <OPTION VALUE="2001" '.chk_select($time[$i][2],"2001").'>2001
+              <OPTION VALUE="2002" '.chk_select($time[$i][2],"2002").'>2002
+              <OPTION VALUE="2003" '.chk_select($time[$i][2],"2003").'>2003
+-             <OPTION VALUE="2004" '.chk_select($time[$i][2],"2003").'>2004
++             <OPTION VALUE="2004" '.chk_select($time[$i][2],"2004").'>2004
++             <OPTION VALUE="2005" '.chk_select($time[$i][2],"2005").'>2005
++             <OPTION VALUE="2006" '.chk_select($time[$i][2],"2006").'>2006
++             <OPTION VALUE="2007" '.chk_select($time[$i][2],"2007").'>2007
+             </SELECT>';
+ 
+       if ( $i == 0 ) echo '&nbsp; -- &nbsp;&nbsp;';
diff -Nru acidlab-0.9.6b20-12/debian/acidlab.015.diff acidlab-0.9.6b20-13/debian/acidlab.015.diff
--- acidlab-0.9.6b20-12/debian/acidlab.015.diff	1970-01-01 01:00:00.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/acidlab.015.diff	2006-05-02 13:11:25.000000000 +0200
@@ -0,0 +1,31 @@
+--- acidlab-0.9.6b20.orig/acid_conf.php.orig	2005-10-31 17:41:37.000000000 +0100
++++ acidlab-0.9.6b20/acid_conf.php	2005-10-31 17:44:45.000000000 +0100
+@@ -221,20 +221,25 @@
+ /* Whois query */
+ $external_whois_link = "http://www.samspade.org/t/ipwhois?a=";
+ //$external_whois_link = "http://www.geektools.com/cgi-bin/proxy.cgi?targetnic=auto&query="
++// Alternative:
++// $external_dns_link = "http://www.dnsstuff.com/tools/whois.ch?ip=";
+ 
+  /* DNS query */
+ $external_dns_link = "http://www.samspade.org/t/dns?a=";
++// Alternative:
++// $external_dns_link = "http://www.dnsstuff.com/tools/lookup.ch?type=A&name=";
+ 
+ /* SamSpade "all" query */
+ $external_all_link = "http://www.samspade.org/t/lookat?a=";
+ 
+ /* TCP/UDP port database */
+-$external_port_link = "http://www.snort.org/ports.html?port=";
+-//$external_port_link = "http://www.portsdb.org/bin/portsdb.cgi?portnumber=";
++// No longer available:
++// $external_port_link = "http://www.snort.org/ports.html?port=";
++$external_port_link = "http://www.portsdb.org/bin/portsdb.cgi?portnumber=";
+ 
+ /* Signature references */
+ $external_sig_link = array("bugtraq"   => array("http://www.securityfocus.com/bid/", ""),
+-                           "snort"     => array("http://www.snort.org/snort-db/sid.html?sid=", ""),
++                           "snort"     => array("http://www.snort.org/pub-bin/sigs.cgi?sid=", ""),
+                            "cve"       => array("http://cve.mitre.org/cgi-bin/cvename.cgi?name=", ""),
+                            "arachnids" => array("http://www.whitehats.com/info/ids", ""),
+                            "mcafee"    => array("http://vil.nai.com/vil/content/v_", ".htm"),
diff -Nru acidlab-0.9.6b20-12/debian/acidlab.016.diff acidlab-0.9.6b20-13/debian/acidlab.016.diff
--- acidlab-0.9.6b20-12/debian/acidlab.016.diff	1970-01-01 01:00:00.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/acidlab.016.diff	2006-05-02 13:11:25.000000000 +0200
@@ -0,0 +1,24 @@
+--- acidlab-0.9.6b20/acid_graph_main.php.orig	2005-11-01 11:06:58.000000000 +0100
++++ acidlab-0.9.6b20/acid_graph_main.php	2005-11-01 11:07:51.000000000 +0100
+@@ -163,6 +163,10 @@
+         <OPTION VALUE="2001" '.chk_select($chart_begin_year, "2001").'>2001
+         <OPTION VALUE="2002" '.chk_select($chart_begin_year, "2002").'>2002
+         <OPTION VALUE="2003" '.chk_select($chart_begin_year, "2003").'>2003
++        <OPTION VALUE="2004" '.chk_select($chart_begin_year, "2004").'>2004
++        <OPTION VALUE="2005" '.chk_select($chart_begin_year, "2005").'>2005
++        <OPTION VALUE="2006" '.chk_select($chart_begin_year, "2006").'>2006
++        <OPTION VALUE="2007" '.chk_select($chart_begin_year, "2007").'>2007
+         </SELECT>';
+ 
+   echo '<br><b>Chart End:</B>&nbsp;&nbsp;&nbsp;&nbsp;
+@@ -200,6 +204,10 @@
+         <OPTION VALUE="2001" '.chk_select($chart_end_year, "2001").'>2001
+         <OPTION VALUE="2002" '.chk_select($chart_end_year, "2002").'>2002
+         <OPTION VALUE="2003" '.chk_select($chart_end_year, "2003").'>2003
++        <OPTION VALUE="2004" '.chk_select($chart_end, "2004").'>2004
++        <OPTION VALUE="2005" '.chk_select($chart_end, "2005").'>2005
++        <OPTION VALUE="2006" '.chk_select($chart_end, "2006").'>2006
++        <OPTION VALUE="2007" '.chk_select($chart_end, "2007").'>2007
+         </SELECT>';
+ 
+ 
diff -Nru acidlab-0.9.6b20-12/debian/acidlab.apache.conf acidlab-0.9.6b20-13/debian/acidlab.apache.conf
--- acidlab-0.9.6b20-12/debian/acidlab.apache.conf	2005-10-31 00:29:57.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/acidlab.apache.conf	2006-05-02 13:11:25.000000000 +0200
@@ -4,8 +4,9 @@
 <DirectoryMatch /usr/share/acidlab/>
 Options +FollowSymLinks
 AllowOverride None
-order allow,deny
-allow from all
+order deny,allow
+deny from all
+allow from 127.0.0.0/255.0.0.0
 <IfModule mod_php3.c>
   php3_magic_quotes_gpc Off
   php3_track_vars On
diff -Nru acidlab-0.9.6b20-12/debian/changelog acidlab-0.9.6b20-13/debian/changelog
--- acidlab-0.9.6b20-12/debian/changelog	2005-10-31 00:29:57.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/changelog	2006-05-02 13:11:25.000000000 +0200
@@ -1,3 +1,36 @@
+acidlab (0.9.6b20-13) unstable; urgency=high
+
+  * Patch [013] SECURITY fix:
+    - Add proper filtering in all ImportHTTP variables using either the new
+    functions to check for numeric/alphanumeric chars or the filterSql()
+    function to prevent SQL injection attacks. This patch fixes CVE-2005-3325 
+    but also other attack vectors not mentioned in the initial advisory
+    (http://www.frsirt.com/english/advisories/2005/2188)
+  * Patch [014] Updated dates of php selections up to 2007
+  * Changed patch [010]: fix locations of Nessus
+  * New patch [015]: fix location of Snort database, provided alternative
+    Ports lookup and added alternative locations for DNS queries (Closes: #315135)
+  * Fixed FSF address in debian/copyright
+  * Patch [016]: Allow graphic data to be represented until 2007. This patch
+    together with patch [014] means that acid's last date is 2007 which should be
+    enough since we are going to replace it with BASE in the short term 
+    (Closes: #314566, #307712, #303217, #270171)
+  * Document the changes that need to be done in order to extend the available
+    year options (Closes: #247730)
+  * Added a debian/TODO to describe how to fix the issue with new years with a
+    simple for each loop.
+  * Acidlab now depends on "| debconf-2.0" as requested by Joey Hess, I
+    changed debian/packages instead of debian/control this time (Closes: #331732)
+  * To reduce the risk of possible vulnerabilities in the code, made the
+    default apache.conf allow access only from localhost and document this in
+    the README file
+  * Document the fact that this version is actually 0.9.6b20+patches from the
+    latest upstream release 0.9.6b23 and that the later will never be
+    released. (Closes: #155212)
+  * Added the upstream homepage to all package descriptions.
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Sun, 30 Oct 2005 22:05:35 +0100
+
 acidlab (0.9.6b20-12) unstable; urgency=low
 
   * Added a dependency on "| debconf-2.0" as requested by Joey Hess
diff -Nru acidlab-0.9.6b20-12/debian/control acidlab-0.9.6b20-13/debian/control
--- acidlab-0.9.6b20-12/debian/control	2005-10-31 17:37:08.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/control	2006-05-02 13:11:25.000000000 +0200
@@ -17,10 +17,12 @@
  This package provides additional documentation to acidlab in HTML format
  including the FAQ, the database entity-relationship diagram, the database
  API, performance tuning, and management of alerts.
+ .
+ Homepage: http://acidlab.sourceforge.net/
 
 Package: acidlab
 Architecture: all
-Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf, acidlab-pgsql | acidlab-mysql
+Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf | debconf-2.0, acidlab-pgsql | acidlab-mysql
 Suggests: snort-mysql | snort-pgsql
 Description: Analysis Console for Intrusion Databases
  The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis
@@ -56,6 +58,8 @@
      - ipchains
      - iptables
      - ipfw
+ .
+ Homepage: http://acidlab.sourceforge.net/
 
 Package: acidlab-pgsql
 Architecture: all
@@ -68,6 +72,8 @@
  .
  This is a dummy package to automatically install the PostgreSQL version
  of Acidlab.
+ .
+ Homepage: http://acidlab.sourceforge.net/
 
 Package: acidlab-mysql
 Architecture: all
@@ -80,3 +86,5 @@
  .
  This is a dummy package to automatically install the MySQL version
  of Acidlab.
+ .
+ Homepage: http://acidlab.sourceforge.net/
diff -Nru acidlab-0.9.6b20-12/debian/copyright acidlab-0.9.6b20-13/debian/copyright
--- acidlab-0.9.6b20-12/debian/copyright	2005-10-31 00:29:57.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/copyright	2006-05-02 13:11:25.000000000 +0200
@@ -24,7 +24,7 @@
 
  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 
 On Debian systems, the complete text of the GNU General Public
 License, version 2, can be found in /usr/share/common-licenses/GPL-2.
diff -Nru acidlab-0.9.6b20-12/debian/packages acidlab-0.9.6b20-13/debian/packages
--- acidlab-0.9.6b20-12/debian/packages	2005-10-31 00:29:57.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/packages	2006-05-02 13:11:25.000000000 +0200
@@ -24,7 +24,7 @@
  **
  ** You should have received a copy of the GNU General Public License
  ** along with this program; if not, write to the Free Software
- ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ ** Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 Major-Changes:
  [006] Patched acid_conf.php for easier autoconfiguration
  [002] Patched acid_stat_common.php for cosmetic changes
@@ -38,6 +38,9 @@
  [010] Patched acid_conf.php to add Nessus references to signatures
  [011] Patched acid_signature.inc to trim references
  [012] Changed datetime to timestamp in acid_db_setup
+ [013] SECURITY FIX: Prevent SQL injection and XSS security bugs 
+ [014] Patched acid_state_citems.inc and acid_stat_time.php to use dates up to 2007
+ [015] Patched acid_conf.php: updated the ports database, added alternatives to other lookups 
 Patches: *.diff
 Build: sh
  cd html-doc && (find . -type f -a -name "*.uu"  | xargs uudecode)
@@ -55,12 +58,14 @@
  This package provides additional documentation to acidlab in HTML format
  including the FAQ, the database entity-relationship diagram, the database
  API, performance tuning, and management of alerts.
+ .
+ Homepage: http://acidlab.sourceforge.net/
 Install: sh
  yada install -doc html-doc/*html* html-doc/*gif html-doc/*jpg
 
 Package: acidlab
 Architecture: all
-Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf, acidlab-pgsql | acidlab-mysql
+Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf | debconf-2.0, acidlab-pgsql | acidlab-mysql
 Suggests: snort-mysql | snort-pgsql 
 Description: Analysis Console for Intrusion Databases
  The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis 
@@ -96,6 +101,8 @@
      - ipchains
      - iptables
      - ipfw
+ .
+ Homepage: http://acidlab.sourceforge.net/
 Install: sh
  yada install -data -into /usr/share/acidlab *.php *.html *.css *.sql *.inc
  yada install -dir /etc/acidlab
@@ -333,6 +340,8 @@
  .
  This is a dummy package to automatically install the PostgreSQL version
  of Acidlab.
+ .
+ Homepage: http://acidlab.sourceforge.net/
  
 Package: acidlab-mysql
 Architecture: all
@@ -345,4 +354,6 @@
  .
  This is a dummy package to automatically install the MySQL version
  of Acidlab.
+ .
+ Homepage: http://acidlab.sourceforge.net/
 
diff -Nru acidlab-0.9.6b20-12/debian/README acidlab-0.9.6b20-13/debian/README
--- acidlab-0.9.6b20-12/debian/README	2005-10-31 00:29:57.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/README	2006-05-02 13:11:25.000000000 +0200
@@ -2,9 +2,50 @@
 ------------------
 
 USAGE
+-----
 
-   The application should be availabe at http://localhost/acidlab/
-   after install. It is highly recommended that you run HTTPS or
-   use some form of access control to this.
+The application should be availabe at http{s}://localhost/acidlab/
+after install. It is highly recommended that you:
+   
+   a) make it only available through HTTPs, as confidential information might be disclosed
+   when viewing alerts that include packet traces
+   
+   b) use some for of access control to limit access to this interface. Notice that
+   the application does not provide any kind of per-user access control and anyone
+   accessing the above URLs will be able to view the full Snort database
+   
+The Debian package ships with a default configuration that limits access to acidlab to only
+the loopback address. Users attempting to access the ACID application from other IP
+addresses will be denied. This ensures that unauthorised users cannot access ACID
+and also, if a security vulnerability is found in the code, a default Debian
+package installation will not be remotely exploitable.
+
+Make sure to adjust the Apache configuration file provided to suit your needs.
+If you are using a web browser different from Apache you will have to configure
+it to make the webserver retrieve the pages for the URI /acidlab/ 
+from the package installation directory (/usr/share/acidlab).
+
+NEW YEARS
+---------
+
+ACID has some screens were there are options based on years. The Debian package ships
+with a list of years but you might want to extend those. If you want to extend the year
+list you will need to modify the following files: 
+/usr/share/acidlab/acid_graph_main.php, /usr/share/acidlab/acid_state_citems.inc
+and /usr/share/acidlab/acid_stat_time.php
+
+VERSION
+-------
+
+The latest version upstream (at acidlab.sourceforge.net) is 0.9.6b23. The Debian
+package provies version is 0.9.6b20 with all the relevant patches from upstream CVS 
+which (almost) puts this software at the 0.9.6b23 version. The only notable difference
+is that this version does *not* depend on jpgraph which is non-free (see Debian bug
+#173601) and retains the graphing functionality present in 0.9.6b20.
+
+Since it is a fork from the 0.9.6b20 sources and not a fork from the 0.9.6b23
+sources it has not been labeled as such. For more information please see Debian Bug
+#155212
+
+ -- Javier Fernandez-Sanguino <jfs@debian.org>  Tue,  1 Nov 2005 11:17:25 +0100
 
- -- Jeremy T. Bouse <jbouse@debian.org>  Mon, 25 Feb 2002 13:19:38 -0800
diff -Nru acidlab-0.9.6b20-12/debian/TODO acidlab-0.9.6b20-13/debian/TODO
--- acidlab-0.9.6b20-12/debian/TODO	1970-01-01 01:00:00.000000000 +0100
+++ acidlab-0.9.6b20-13/debian/TODO	2006-05-02 13:11:25.000000000 +0200
@@ -0,0 +1,11 @@
+We might want to do this if we don't make users migrate from ACID to BASE
+
+- The year selection dialogs (that need to be changed every so often) could be
+  patched so they list all the years from 1999 to the current year. Sample php code:
+
+  $date = getdate();
+  $curyear =  date['year'];
+  for ($year = 1999 ; $year <= $curyear; $year ++) {
+   echo '<OPTION VALUE="'.$year.'" >'.$year;
+  }
+