patches applied from our bz and from sourceforge tickets

phpki-0.82.bz10622.fixphpwarnings.patch         phpki-0.82-empty_pass_php_5.2.patch      phpki-0.82-remove_email_from_upload_file_name.patch
phpki-0.82-ca_admin_users.patch                 phpki-0.82-expirey.patch                 phpki-0.82-remove_security_warning.patch
phpki-0.82-ca_help.patch                        phpki-0.82-fix-dates-2.patch             phpki-0.82-sme_admin_user.patch
phpki-0.82-disable_download_after_create.patch  phpki-0.82-fix-dates-3.patch             phpki-0.82-sme_openvpn_bridge_compat.patch
phpki-0.82-display_root_pem.patch               phpki-0.82-fix-dates.patch               phpki-0.82-update_crl_via_cron.patch
phpki-0.82-dl_crl_in_pem.patch                  phpki-0.82-fix-preg_match.patch          phpki-0.82-use_sha1.patch
phpki-0.82-dl_display_ta_dh.patch               phpki-0.82-openvpn_static_key.patch
phpki-0.82-email_signing.patch                  phpki-0.82-potential_xss_php_self.patch

root/include/common.php

@@ -2,13 +2,12 @@
 
 umask(0007);
 
-if ($HTTP_SERVER_VARS['PHP_AUTH_USER'])
-	$PHPki_user = md5($HTTP_SERVER_VARS['PHP_AUTH_USER']);
+if ($HTTP_SERVER_VARS['REMOTE_USER'])
+	$PHPki_user = md5($HTTP_SERVER_VARS['REMOTE_USER']);
 else
 	$PHPki_user = md5('default');
 
-$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
-
+$PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF'], ENT_QUOTES, "utf-8");
 
 function printHeader($withmenu="default") {
 	global $config;