diff --git a/en/cgi/confirm-code.cgi b/en/cgi/confirm-code.cgi
index 4e7de50dbe..6ca752f343 100755
--- a/en/cgi/confirm-code.cgi
+++ b/en/cgi/confirm-code.cgi
@@ -1,117 +1,117 @@
 #!/usr/bin/perl -T
 #
-# $FreeBSD: www/en/cgi/confirm-code.cgi,v 1.6 2005/12/04 16:18:40 ceri Exp $
+# $FreeBSD: www/en/cgi/confirm-code.cgi,v 1.7 2005/12/04 16:36:51 ceri Exp $
 #
 # Copyright (c) 2003 Eric Anderson
 # Copyright (c) 2005 Ceri Davies <ceri@FreeBSD.org>
 
 use DB_File;
 use Fcntl qw(:DEFAULT :flock);
 use POSIX qw(strftime);
 use strict;
 
 require 'cgi-lib.pl';
 
 $ENV{"PATH"} = "/bin:/usr/bin";
 $ENV{"TMPDIR"} = "/tmp";
 
 my($fd, $db_obj, %db_hash, $currenttime, $randomcode, $pngbindata, $randompick, $pnmlist, $i);
 my(%db, $expiretime, $rfc1123_expiry, $pnmcat, $pnmtopng, $pnmdatadir, $dbpath, $FORM_db);
 # %in cannot be declared with 'my', or ReadParse fails.
 use vars qw/ %in /;
 
 ############################################
 # generate 8 character code from A-Z0-9 (no I,O,0,1 for clarity)
 my @availchars = qw(A B C D E F G H J K L M N P Q R S T U V W X Y Z 
                  2 3 4 5 6 7 8 9);
 
 $pnmcat = "/usr/local/bin/pnmcat";
 $pnmtopng = "/usr/local/bin/pnmtopng";
 $pnmdatadir = "../gifs/";
 $expiretime = 0;	# Default for the Expires: header
 ############################################
 
 # The code databases that we know about.  If a query comes in for
 # anything else, we return a zero byte "image" (rather than an image
 # with a rude word in, which was tempting).
 
 %db = (
 # The querypr one is not used, but stands as an example.
 #	querypr => {
-#		path => '/tmp/querypr-code.db',
+#		path => '/usr/local/www/var/confirm-code/querypr-code.db',
 #		lifespan => 2700,
 #	},
 	sendpr => {
-		path => '/tmp/sendpr-code.db',
+		path => '/usr/local/www/var/confirm-code/sendpr-code.db',
 		lifespan => 2700,
 	},
 );
 
 &ReadParse(*in);
 $FORM_db = $in{"db"}; $FORM_db ||= "junk";
 
 $currenttime = time();
 $rfc1123_expiry = strftime "%a, %b %d %H:%M:%S %Y %Z",
 	gmtime($currenttime + $expiretime);
 
 if (exists($db{$FORM_db})) {
 	$dbpath = $db{$FORM_db}->{'path'};
 	$expiretime = $db{$FORM_db}->{'lifespan'};
 
 	# DB stuff here
 	$db_obj = tie(%db_hash, 'DB_File', $dbpath, O_CREAT|O_RDWR, 0644)
                     or die "dbcreate $dbpath $!";
 	$fd = $db_obj->fd;
 	open(DB_FH, "+<&=$fd") or die "fdopen $!";
 
 	unless (flock (DB_FH, LOCK_EX | LOCK_NB)) {
 	    unless (flock (DB_FH, LOCK_EX)) { die "flock: $!" }
 	}
 
 	&gencode;
 
 	while ($db_hash{$randomcode}) {
 		# it already exists so:
 		# we check age (over x seconds old?)
 		# if it is, override with new date
 		# if not, generate a new code
 		if ( ($currenttime - $expiretime) <= $db_hash{$randomcode}) {
 			&gencode;
 		} else {
 			delete $db_hash{"$randomcode"};
 		}
 	}
 
 	$db_hash{$randomcode} = $currenttime;
 
 	$db_obj->sync();                   # to flush
 	flock(DB_FH, LOCK_UN);
 	undef $db_obj;                     # removing the last reference to the DB
 	                                   # closes it. Closing DB_FH is implicit.
 	untie %db_hash;
 
 	$/ = "";
 
 	open(BUILDPNG, "$pnmcat -lr $pnmlist | $pnmtopng 2>/dev/null |");
 	$pngbindata = <BUILDPNG>;
 	close(BUILDPNG);
 } else {
 	$pngbindata = undef;
 };
 
 print "Pragma: no-cache\n";
 print "Expires: $rfc1123_expiry\n";
 print "Content-type: image/png\n\n";
 print "$pngbindata";
 
 ############################################
 sub gencode {
 	srand( time() ^ ($$ + ($$ << 15)) );
 
 	for ($i = 0; $i < 8; $i++) {
 		$randompick = $availchars[int(rand(@availchars))];
 		$randomcode .= "$randompick";
 		$pnmlist .= "$pnmdatadir$randompick\.pnm ";
 	}
 }
 
diff --git a/en/cgi/dosendpr.cgi b/en/cgi/dosendpr.cgi
index 4b2247d9ec..4f85f726fb 100755
--- a/en/cgi/dosendpr.cgi
+++ b/en/cgi/dosendpr.cgi
@@ -1,190 +1,190 @@
 #!/usr/bin/perl
 #
 #  Send-pr perl script to send a pr.
 #
 # Copyright (c) 1996 Free Range Media
 #
 #  Copying and distribution permitted under the conditions of the
 #  GNU General Public License Version 2.  
 #     (http://www.gnu.ai.mit.edu/copyleft/gpl.html)
 #
-# $FreeBSD: www/en/cgi/dosendpr.cgi,v 1.23 2005/11/06 22:07:23 ceri Exp $
+# $FreeBSD: www/en/cgi/dosendpr.cgi,v 1.24 2005/11/16 23:35:57 fenner Exp $
 
 require "html.pl";
 
 use Socket;
 use DB_File;
 use Fcntl qw(:DEFAULT :flock);
 require "./Gnats.pm"; import Gnats;
 
 my $blackhole = "dnsbl.njabl.org";
 my $openproxyip = "127.0.0.9";
 my $blackhole_err = 0;
 my $openproxy;
 
 my $expiretime = 2700;
-$dbpath = "/tmp/sendpr-code.db";
+$dbpath = "/usr/local/www/var/confirm-code/sendpr-code.db";
 
 # Environment variables to stuff in the PR header.
 my @ENV_captures = qw/	REMOTE_HOST
 			REMOTE_ADDR
 			REMOTE_PORT
 			HTTP_REFERER
 			HTTP_CLIENT_IP
 			HTTP_FORWARDED
 			HTTP_VIA
 			HTTP_X_FORWARDED_FOR	/;
 
 # env2hdr (@ENV_captures)
 # Returns X-header style headers for inclusion in the header of a PR
 sub env2hdr (@) {
 	my $headers = "";
 	for my $var (shift @_) {
 		next unless $ENV{$var};
 		$headers .= "X-$var: $ENV{$var}\n";
 	}
 	return $headers;
 }
 		
 # isopenproxy ($ip, $blackhole_zone, $positive_ip)
 # Returns undef on error, 0 if DNS lookup fails, $positive_ip if verified
 # proxy. A DNS lookup failing can either means that there was a network
 # problem, or that the IP is not listed in the blackhole zone.
 sub isopenproxy ($$$) {
 	# If $? is already set, then a successful gethostbyname() leaves it set
 	local $?;
 	my ($ip, $zone, $proxyip) = @_;
 	my ($reversed_ip, $packed);
 	if (!defined $proxyip) { return undef };
 
 	$reversed_ip = join('.', reverse split(/\./, $ip));
 	$packed = gethostbyname("${reversed_ip}.${blackhole}");
 	return undef if $?;
 
 	if ($packed && (inet_ntoa($packed) eq $proxyip)) {
 		return $proxyip;
 	} else {
 		return 0;
 	}
 }
 
 sub prerror {
     &html_title ("Problem Report Error");
     &html_body();
     print "<p>There is an error in the configuration of the problem\n",
           "report form generator.  Please back up one page and report\n",
           "the problem to the owner of that page.<br />",
 	  "Report <span class=\"prerror\">$_[0]</span>.</p>";
     &html_end();
     exit (1);
 }
 
 &www_content ("text","html");
 &cgi_form_in();
 
 &prerror("request method problem") if $ENV{'REQUEST_METHOD'} eq 'GET';
 
 if (!$submission_program) { &prerror("submit program problem"); }
 
 &html_title ("Thank you for the problem report");
 &html_body ();
 
 # Verify the data ...
 
 $db_obj = tie(%db_hash, 'DB_File', $dbpath, O_CREAT|O_RDWR, 0644)
                     or die "dbcreate $dbpath $!";
 $fd = $db_obj->fd;
 open(DB_FH, "+<&=$fd") or die "fdopen $!";
 
 unless (flock (DB_FH, LOCK_EX | LOCK_NB)) {
     unless (flock (DB_FH, LOCK_EX)) { die "flock: $!" }
 }
 
 $codeentered = $cgi_data{'code-confirm'};
 $codeentered =~ s/.*/\U$&/;	# Turn input uppercase
 $currenttime = time();
 if (defined($codeentered) && $codeentered && $db_hash{$codeentered} && 
   (($currenttime - $expiretime) <= $db_hash{$codeentered})) {
     if (!$cgi_data{'email'} || !$cgi_data{'originator'} ||
         !$cgi_data{'synopsis'}) {
 	  print "<h1>Bad Data</h1><p>You need to specify at least your ",
               "electronic mail address, your name and a synopsis ",
               "of the problem.<br />  Please return to the form and add the ",
               "missing information.  Thank you.</p>";
           &html_end();
 
           exit(1);
     }
 } else {
 	print "<h1>Incorrect safety code</h1><p>You need to enter the correct ",
           "code from the image displayed.  Please return to the form and enter the ",
           "code exactly as shown. Thank you.</p>";
 
         &html_end();
 
         exit(1);
 }
 
 # This code has now been used, so remove it.
 delete $db_hash{"$codeentered"};
 
 # Sweep for and remove expired codes.
 foreach $randomcode (keys %db_hash) {
 	if ( ($currenttime - $expiretime) >= $db_hash{$randomcode}) {
 		delete $db_hash{"$randomcode"};
 	}
 }
 $db_obj->sync();                   # to flush
 flock(DB_FH, LOCK_UN);
 undef $db_obj;                     # removing the last reference to the DB
                                    # closes it. Closing DB_FH is implicit.
 untie %db_hash;
 
 
 $openproxy = isopenproxy($ENV{'REMOTE_ADDR'}, $blackhole, $openproxyip);
 if (defined $openproxy) {
 	if ($openproxy) {
 		&prerror("$ENV{'REMOTE_ADDR'} is an open proxy server");
 	}
 } else {
 	$blackhole_err++;
 }
 
 # Build the PR.
 $pr = "To: $submission_address\n" .
       "From: $cgi_data{'originator'} <$cgi_data{'email'}>\n" . 
       "Subject: $cgi_data{'synopsis'}\n" .
       env2hdr(@ENV_captures);
 if ($blackhole_err) {
       $pr .= "X-REMOTE_ADDR-Is-Open-Proxy: Maybe\n";
 }
 $pr .= "X-Send-Pr-Version: www-2.3\n\n" .
       ">Submitter-Id:\t$cgi_data{'submitterid'}\n" .
       ">Originator:\t$cgi_data{'originator'}\n" .
       ">Organization:\t$cgi_data{'organization'}\n" .
       ">Confidential:\t$cgi_data{'confidential'}\n" .
       ">Synopsis:\t$cgi_data{'synopsis'}\n" .
       ">Severity:\t$cgi_data{'severity'}\n" .
       ">Priority:\t$cgi_data{'priority'}\n" .
       ">Category:\t$cgi_data{'category'}\n" .
       ">Class:\t\t$cgi_data{'class'}\n" .
       ">Release:\t$cgi_data{'release'}\n" .
       ">Environment:\t$cgi_data{'environment'}\n" .
       ">Description:\n$cgi_data{'description'}\n" .
       ">How-To-Repeat:\n$cgi_data{'howtorepeat'}\n" .
       ">Fix:\n$cgi_data{'fix'}\n";
 
 # remove any carrage returns that appear in the report.
 $pr =~ s/\r//g;
 
 if (open (SUBMIT, "|$submission_program")){
 
     print SUBMIT $pr;
     close (SUBMIT);
     print "<h1>Thank You</h1>",
 	  "<p>Thank you for the problem report.  You should receive confirmation",
 	  " of your report by electronic mail within a day.</p>";
 } else {
     print "<h1>Error</h1><p>An error occured processing your problem report.</p>";
 }
 &html_end();