RELEASE 1.0.1

2009-06-30 20:40:33 +10:00 · 2009-06-30 20:40:33 +10:00 · 5f261ded38
commit 5f261ded38
parent eccabca011
18 changed files with 326 additions and 261 deletions
--- a/htdocs/compare_form.php
+++ b/htdocs/compare_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare_form.php,v 1.3 2005/12/10 10:34:54 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare_form.php,v 1.4 2006/04/29 06:49:31 wurley Exp $
 /**
 * Compares to DN entries side by side.
@ -14,66 +14,65 @@
 require './common.php';
-if( ! $ldapserver->haveAuthInfo())
+if (! $ldapserver->haveAuthInfo())
-	pla_error( _('Not enough information to login to server. Please check your configuration.') );
+	pla_error(_('Not enough information to login to server. Please check your configuration.'));
 $dn = (isset($_GET['dn']) ? $_GET['dn'] : '');
-
+$rdn = get_rdn($dn);
 $encoded_dn = rawurlencode( $dn );
 $rdn = get_rdn( $dn );
 $container = get_container( $dn );
 $attrs = $ldapserver->getDNAttrs($dn);
 $select_server_html = server_select_list($ldapserver->server_id,true,'server_id_dst');
-include './header.php'; ?>
+include './header.php';
-<body>
+echo '<body>';
-<h3 class="title"><?php echo _('Compare another DN with'). '&nbsp;' . $rdn; ?></h3>
+printf('<h3 class="title">%s %s</h3>',_('Compare another DN with'),htmlspecialchars($rdn));
-<h3 class="subtitle"><?php echo _('Server'); ?>: <b><?php echo $ldapserver->name; ?></b>
+printf('<h3 class="subtitle">%s: <b>%s</b>',_('Server'),$ldapserver->name);
-<?php if ($dn) { ?>
+if ($dn)
-	 &nbsp;&nbsp;&nbsp; <?php echo _('Distinguished Name')?>: <b><?php echo $dn; ?></b>
+	printf('&nbsp;&nbsp;&nbsp;%s: <b>%s</b>',_('Distinguished Name'),htmlspecialchars($dn));
-<?php } ?>
+echo '</h3>';
-</h3>
+echo "\n";
-<center>
+echo '<center>';
-<?php echo _('Compare'); ?> <b><?php echo htmlspecialchars( $rdn ); ?></b> <?php echo _('with '); ?>:<br />
+printf('%s <b>%s</b> %s<br />',_('Compare'),htmlspecialchars($rdn),_('with '));
 <br />
-<form action="compare.php" method="post" name="compare_form">
+echo '<form action="compare.php" method="post" name="compare_form">';
-<input type="hidden" name="server_id_src" value="<?php echo $ldapserver->server_id; ?>" />
+printf('<input type="hidden" name="server_id_src" value="%s" />',$ldapserver->server_id);
 echo "\n";
-<table style="border-spacing: 10px">
+echo '<table style="border-spacing: 10px">';
-<tr>
+echo "\n";
-	<?php if (! $dn) { ?>
+echo '<tr><td>';
 	<td><acronym title="<?php echo _('Compare this DN with another'); ?>"><?php echo _('Source DN'); ?></acronym>:</td>
 	<td>
 	<input type="text" name="dn_src" size="45" value="<?php echo htmlspecialchars( $dn ); ?>" />
 		<?php draw_chooser_link( 'compare_form.dn_src', 'true', $rdn ); ?></td>
 	</td>
 	<?php } else { ?>
 	<input type="hidden" name="dn_src" value="<?php echo htmlspecialchars( $dn ); ?>" />
 	<?php } ?>
 </tr>
 <tr>
 	<td><acronym title="<?php echo _('Compare this DN with another'); ?>"><?php echo _('Destination DN'); ?></acronym>:</td>
 	<td>
 		<input type="text" name="dn_dst" size="45" value="" />
 		<?php draw_chooser_link( 'compare_form.dn_dst', 'true', '' ); ?></td>
 	</td>
 </tr>
-<tr>
+if (! $dn) {
-	<td><?php echo _('Destination Server')?>:</td>
+	printf('<acronym title="%s">%s</acronym>:',_('Compare this DN with another'),_('Source DN'));
-	<td><?php echo $select_server_html; ?></td>
+	echo '</td><td>';
-</tr>
+	printf('<input type="text" name="dn_src" size="45" value="%s" />',htmlspecialchars($dn));
 	draw_chooser_link('compare_form.dn_src','true',$rdn);
-<tr>
+} else
-	<td colspan="2" align="right"><input type="submit" value="<?php echo _('Compare'); ?>" /></td>
+	printf('<input type="hidden" name="dn_src" value="%s" />',htmlspecialchars($dn));
-</tr>
+
-</table>
+echo '</td></tr>';
-</form>
+echo "\n";
-</center>
+
-</body>
+echo '<tr>';
-</html>
+printf('<td><acronym title="%s">%s</acronym>:</td>',_('Compare this DN with another'),_('Destination DN'));
 echo '<td>';
 echo '<input type="text" name="dn_dst" size="45" value="" />';
 draw_chooser_link('compare_form.dn_dst','true','');
 echo '</td>';
 echo '</tr>';
 echo "\n";
 printf('<tr><td>%s:</td><td>%s</td></tr>',_('Destination Server'),$select_server_html);
 echo "\n";
 printf('<tr><td colspan="2" align="right"><input type="submit" value="%s" /></td></tr>',_('Compare'));
 echo "\n";
 echo '</table>';
 echo '</form>';
 echo '</center>';
 echo '</body>';
 echo '</html>';
 ?>
--- a/htdocs/copy_form.php
+++ b/htdocs/copy_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy_form.php,v 1.26 2005/12/17 00:00:11 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy_form.php,v 1.27 2006/04/29 06:49:31 wurley Exp $
 /**
 * Copies a given object to create a new one.
@ -53,34 +53,46 @@ if (is_array($children) && count($children) > 0) { ?>
 echo '<body>';
-printf('<h3 class="title">%s %s</h3>',_('Copy '),$rdn);
+printf('<h3 class="title">%s %s</h3>',_('Copy'),htmlspecialchars($rdn));
-printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',_('Server'),$ldapserver->name,_('Distinguished Name'),$dn);
+printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',_('Server'),$ldapserver->name,
 	_('Distinguished Name'),htmlspecialchars($dn));
 echo "\n";
 echo '<center>';
-printf('%s <b>%s</b> %s:<br /><br />',_('Copy '),htmlspecialchars($rdn),_('to a new object'));
+printf('%s <b>%s</b> %s:<br /><br />',_('Copy'),htmlspecialchars($rdn),_('to a new object'));
 echo '<form action="copy.php" method="post" name="copy_form">';
-printf('<input type="hidden" name="old_dn" value="%s" />',$dn);
+printf('<input type="hidden" name="old_dn" value="%s" />',htmlspecialchars($dn));
 printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
 echo "\n";
 echo '<table style="border-spacing: 10px">';
 echo "\n";
 echo '<tr>';
-printf('<td><acronym title="%s">%s</acronym>:</td>',_('The full DN of the new entry to be created when copying the source entry'),_('Destination DN'));
+printf('<td><acronym title="%s">%s</acronym>:</td>',
 	_('The full DN of the new entry to be created when copying the source entry'),_('Destination DN'));
 printf('<td><input type="text" name="new_dn" size="45" value="%s" />',htmlspecialchars($dn));
-draw_chooser_link('copy_form.new_dn','true',$rdn);
+draw_chooser_link('copy_form.new_dn','true',htmlspecialchars($rdn));
 echo '</td></tr>';
 echo "\n";
 printf('<tr><td>%s</td><td>%s</td></tr>',_('Destination Server'),$select_server_html);
 echo "\n";
 if (is_array($children) && count($children) > 0) {
 	echo '<tr>';
 	printf('<td><label for="recursive">%s</label>:</td>',_('Recursive copy'));
 	echo '<td><input type="checkbox" id="recursive" name="recursive" onClick="toggle_disable_filter_field(this)" />';
 	printf('<small>(%s)</small></td>',_('Recursively copy all children of this object as well.'));
-	echo '</tr><tr>';
+	echo '</tr>'."\n";
 	echo '<tr>';
 	printf('<td><acronym title="%s">%s</acronym>:</td>',_('When performing a recursive copy, only copy those entries which match this filter'),_('Filter'));
 	echo '<td><input type="text" name="filter" value="(objectClass=*)" size="45" disabled />';
-	echo '</tr><tr>';
+	echo '</tr>'."\n";
 	echo '<tr>';
 	printf('<td>%s</td>',_('Delete after copy (move):'));
 	echo '<td><input type="checkbox" name="remove" value="yes"/ disabled>';
 	printf('<small>(%s)</small)</td>',_('Make sure your filter (above) will select all child records.'));
@ -89,9 +101,12 @@ if (is_array($children) && count($children) > 0) {
 } else {
 	printf('<tr><td>%s</td><td><input type="checkbox" name="remove" value="yes"/></td></tr>',_('Delete after copy (move):'));
 }
 echo "\n";
 printf('<tr><td colspan="2" align="right"><input type="submit" value="%s" /></td></tr>',_('Copy '));
 echo "\n";
 echo '</table></form>';
 echo "\n";
 echo '<script type="text/javascript" language="javascript">';
 echo '<!--';
@ -101,7 +116,7 @@ echo '//-->';
 echo '</script>';
 if ($config->GetValue('appearance','show_hints'))
-	printf('<small><img src="images/light.png" /><span class="hint">%s</span></small>',_('Hint: Copying between different servers only works if there are no schema violations'));
+	printf('<small><img src="images/light.png" alt="Light" /><span class="hint">%s</span></small>',_('Hint: Copying between different servers only works if there are no schema violations'));
 echo '</center></body></html>';
 ?>
--- a/htdocs/delete_form.php
+++ b/htdocs/delete_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.22 2005/12/17 00:00:11 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.23 2006/04/29 06:49:31 wurley Exp $
 /**
 * delete_form.php
@ -31,118 +31,123 @@ include './header.php';
 echo '<body>';
 printf('<h3 class="title">'._('Delete %s').'</h3>',htmlspecialchars(get_rdn($dn)));
 printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',
-	_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars(($dn)));
+	_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars($dn));
 echo "\n";
 echo '<center>';
 if ($has_children) {
 	echo '<center>';
 	printf('<b>%s</b><br /><br />',_('Permanently delete all children also?'));
 	flush();
 	# get the total number of child objects (whole sub-tree)
 	$s = $ldapserver->search(null,dn_escape($dn),'objectClass=*',array('dn'));
 	$sub_tree_count = count($s);
 ?>
-<table class="delete_confirm">
+	echo '<table class="delete_confirm">';
-<tr>
+	echo '<tr>';
-	<td>
+	echo '<td><p>';
-	<p>
+	printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count);
-	<?php printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count); ?>
+	printf('<small>(<a href="search.php?search=true&amp;server_id=%s&amp;filter=%s&amp;base_dn=%s&amp;form=advanced&amp;scope=sub">%s</a>)</small>',
-	<small>(<a href="search.php?search=true&amp;server_id=<?php echo $ldapserver->server_id; ?>&amp;filter=<?php echo rawurlencode('objectClass=*'); ?>&amp;base_dn=<?php echo rawurlencode($dn); ?>&amp;form=advanced&amp;scope=sub"><?php echo _('view entries'); ?></a>)</small>
+		$ldapserver->server_id,rawurlencode('objectClass=*'),rawurlencode($dn),_('view entries'));
-	<br />
+	echo '<br /><br />';
 	<br />
-	<?php printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1)); ?><br />
+	printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1));
-	<br />
+	echo '<br /><br />';
 	<small><?php echo _('Note: this is potentially very dangerous and you do this at your own risk. This operation cannot be undone. Take into consideration aliases, referrals, and other things that may cause problems.'); ?></small>
-	<br />
+	printf('<small>%s</small>',
-	<br />
+		_('Note: this is potentially very dangerous and you do this at your own risk. This operation cannot be undone. Take into consideration aliases, referrals, and other things that may cause problems.'));
-	<table width="100%">
+	echo '<br /><br />';
-	<tr>
+	echo "\n";
 		<td>
 		<center>
 			<form action="rdelete.php" method="post">
 			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
 			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
 			<input type="submit" class="scary" value="<?php printf(_('Delete all %s objects'),$sub_tree_count); ?>" />
 			</form>
 		</center>
 		</td>
-		<td>
+	echo '<table width="100%">';
-		<center>
+	echo '<tr>';
-			<form action="template_engine.php" method="get">
+	echo '<td><center>';
-			<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+	echo '<form action="rdelete.php" method="post">';
-			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
-			<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-			</form>
+	printf('<input type="submit" class="scary" value="%s" />',sprintf(_('Delete all %s objects'),$sub_tree_count));
-		</center>
+	echo '</form>';
-		</td>
+	echo '</center></td>';
 	</tr>
 	</table>
 	</td>
 </tr>
 </table>
-<?php flush(); ?>
+	echo '<td><center>';
-<br />
+	echo '<form action="template_engine.php" method="get">';
-<br />
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
-<?php echo _('List of entries to be deleted:'); ?><br />
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
 	printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));
 	echo '</form>';
 	echo '</center></td>';
 	echo '</tr>';
 	echo '</table>';
 	echo "\n";
-<select size="<?php echo min(10,$sub_tree_count);?>" multiple disabled style="background:white; color:black;width:500px" >
+	echo '</td>';
-	<?php $i=0;
+	echo '</tr>';
 	echo '</table>';
 	echo "\n";
 	flush();
 	echo '<br /><br />';
 	echo _('List of entries to be deleted:');
 	echo '<br />';
 	printf('<select size="%s" multiple disabled style="background:white; color:black;width:500px" >',min(10,$sub_tree_count));
 	$i=0;
 	foreach ($s as $dn => $junk) {
-		$i++; ?>
+		$i++;
 		printf('<option>%s. %s</option>',$i,htmlspecialchars(dn_unescape($dn)));
 	}
 	echo '</select>';
 	echo "\n";
-	<option><?php echo $i; ?>. <?php echo htmlspecialchars((dn_unescape($dn))); ?></option>
+} else {
-	<?php } ?>
+	echo '<table class="delete_confirm">';
-</select>
+	echo '<tr>';
 </center>
-<br />
+	echo '<td nowrap>';
 	echo _('Are you sure you want to permanently delete this object?');
 	echo '<br /><br />';
-<?php } else { ?>
+	printf('<acronym title="%s">%s</acronym>: <b>%s</b>',_('Distinguished Name'),_('DN'),pretty_print_dn($dn));
 	echo '<br />';
 	printf('%s: <b>%s</b>',_('Server'),htmlspecialchars($ldapserver->name));
 	echo '<br /><br />';
 	echo "\n";
-<center>
+	echo '<table width="100%">';
-<table class="delete_confirm">
+	echo '<tr>';
 <tr>
 	<td>
 	<?php echo _('Are you sure you want to permanently delete this object?'); ?><br />
 	<br />
 	<nobr><acronym title="<?php echo _('Distinguished Name'); ?>"><?php echo _('DN'); ?></acronym>:  <b><?php echo pretty_print_dn($dn); ?></b></nobr><br />
 	<nobr><?php echo _('Server'); ?>: <b><?php echo htmlspecialchars($ldapserver->name); ?></b></nobr><br />
 	<br />
-	<table width="100%">
+	echo '<td><center>';
-	<tr>
+	echo '<form action="delete.php" method="post">';
-		<td>
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
-			<center>
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-			<form action="delete.php" method="post">
+	printf('<input type="submit" name="submit" value="%s" class="scary" />',_('Delete'));
-			<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+	echo '</form>';
 			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
 			<input type="submit" name="submit" value="<?php echo _('Delete'); ?>" class="scary" />
 			</form>
 			</center>
 		</td>
-		<td>
+	echo '</center></td>';
 			<center>
 			<form action="template_engine.php" method="get">
 			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
 			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
 			<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />
 			</form>
 			</center>
 		</td>
 	</tr>
 	</table>
 	</td>
 </tr>
 </table>
 </center>
-<?php } ?>
+	echo '<td><center>';
 	echo '<form action="template_engine.php" method="get">';
 	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
 	printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));
 	echo '</form>';
-</body>
+	echo '</center></td>';
-</html>
+	echo '</tr>';
 	echo '</table>';
 	echo "\n";
 	echo '</td>';
 	echo '</tr>';
 	echo '</table>';
 	echo "\n";
 }
 echo '</center>';
 echo '<br />';
 echo '</body>';
 echo '</html>';
 ?>
--- a/htdocs/header.php
+++ b/htdocs/header.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/header.php,v 1.23 2005/12/17 00:00:11 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/header.php,v 1.24 2006/04/29 06:49:31 wurley Exp $
 /**
 * @package phpLDAPadmin
@ -7,7 +7,6 @@
 /* We want to get $language into scope in case we were included
   from within a function */
 global $config;
 $language = isset($config) ? $language = $config->GetValue('appearance','language') : 'auto';
 # text/xml won't work with MSIE, but is very useful for debugging xhtml code.
@ -17,8 +16,8 @@ $language = isset($config) ? $language = $config->GetValue('appearance','languag
 # XML version and encoding for well-behaved browsers
 echo '<?xml version="1.0" encoding="utf-8"?>'."\n";
-echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"';
+echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"'."\n";
-echo '  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'."\n";
+echo '"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'."\n";
 printf('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="%s" lang="%s" dir="ltr">',$language,$language);
 echo "\n\n";
--- a/htdocs/index.php
+++ b/htdocs/index.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/index.php,v 1.46 2006/02/25 13:12:05 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/index.php,v 1.47 2006/04/29 06:49:31 wurley Exp $
 /**
 * @package phpLDAPadmin
@ -33,10 +33,15 @@ if (! is_readable(LIBDIR.'functions.php')) {
 	ob_end_clean();
 	die("Cannot read the file 'functions.php' its permissions are too strict.");
 }
 require LIBDIR.'functions.php';
 $config_file = CONFDIR.'config.php';
 ob_end_clean();
 # Make sure this PHP install has gettext, we use it for language translation
 if (! extension_loaded('gettext'))
 	die('Your install of PHP appears to be missing GETTEXT support. GETTEXT is used for language translation. Please install GETTEXT support before using phpLDAPadmin. (Dont forget to restart your web server afterwards)');
 /* Helper functions.
 * Our required helper functions are defined in functions.php
 */
@ -180,12 +185,6 @@ function check_config() {
 			REQUIRED_PHP_VERSION,phpversion()));
 	}
 	# Make sure this PHP install has gettext, we use it for language translation
 	if (! extension_loaded('gettext')) {
 		pla_error('Your install of PHP appears to be missing GETTEXT support. GETTEXT is used for language translation. Please install GETTEXT support before using phpLDAPadmin. (Dont forget to restart your web server afterwards)');
 		return false;
 	}
 	# Make sure this PHP install has all our required extensions
 	if (! extension_loaded('ldap')) {
 		pla_error('Your install of PHP appears to be missing LDAP support. Please install LDAP support before using phpLDAPadmin. (Dont forget to restart your web server afterwards)');
--- a/htdocs/rename_form.php
+++ b/htdocs/rename_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename_form.php,v 1.9 2005/12/10 10:34:54 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename_form.php,v 1.10 2006/04/29 06:49:31 wurley Exp $
 /**
 * Displays a form for renaming an LDAP entry.
@ -33,7 +33,7 @@ printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>
 echo '<br /><center><form action="rename.php" method="post" class="edit_dn" />';
 printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-printf('<input type="hidden" name="dn" value="%s" />',$dn);
+printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 printf('<input type="text" name="new_rdn" size="30" value="%s" />',htmlspecialchars($rdn));
 printf('<input class="update_dn" type="submit" value="%s" />',_('Rename'));
 echo '</form></center>';
--- a/htdocs/search.php
+++ b/htdocs/search.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/search.php,v 1.75 2006/01/03 20:39:58 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/search.php,v 1.76 2006/04/29 06:49:31 wurley Exp $
 /**
 * Perform LDAP searches and draw the advanced/simple search forms
@ -233,8 +233,8 @@ if (isset($_GET['search'])) {
        <nobr>
        <small>
        <?php
-			printf('[ <a href="export_form.php?server_id=%s&amp;scope=%s&amp;dn=%s&amp;filter=%s&amp;attributes=%s"><img src="images/save.png" /> %s</a> ]',
+			printf('[ <a href="export_form.php?server_id=%s&amp;scope=%s&amp;dn=%s&amp;filter=%s&amp;attributes=%s"><img src="images/save.png" alt="Save" /> %s</a> ]',
-				$ldapserver->server_id,$scope,urlencode($base_dn),urlencode($filter),
+				$ldapserver->server_id,htmlspecialchars($scope),urlencode($base_dn),urlencode($filter),
 				urlencode(join(', ',$search_result_attributes)),_('export results'));
 			printf('[ <img src="images/rename.png" /> %s:',_('Format'));
--- a/htdocs/server_info.php
+++ b/htdocs/server_info.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/server_info.php,v 1.23 2005/12/10 10:34:54 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/server_info.php,v 1.24 2006/04/29 06:49:31 wurley Exp $
 /**
 * Fetches and displays all information that it can from the specified server
@ -58,9 +58,10 @@ $attrs = array_pop($ldapserver->search(null,'','objectClass=*',array('+','*'),'b
   on RHEL 3. */
 $attrs2 = array_pop($ldapserver->search(null,'','objectClass=*',$root_dse_attributes,'base'));
-foreach ($attrs2 as $attr => $values)
+if (is_array($attrs2))
-	if (! isset($attrs[$attr]))
+	foreach ($attrs2 as $attr => $values)
-		$attrs[$attr] = $attrs2[$attr];
+		if (! isset($attrs[$attr]))
 			$attrs[$attr] = $attrs2[$attr];
 include './header.php';
--- a/htdocs/template_engine.php
+++ b/htdocs/template_engine.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.31 2006/02/19 05:44:34 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.33 2006/05/13 12:52:26 wurley Exp $
 /**
 * Template render engine.
@ -87,7 +87,7 @@ if (isset($template['empty_attrs'])) {
 		$new_dn = sprintf('%s=%s,%s',$template['rdn'],$_REQUEST['form'][$template['rdn']],$_REQUEST['container']);
 		echo '<form action="create.php" method="post">';
-		printf('<input type="hidden" name="new_dn" value="%s" />',$new_dn);
+		printf('<input type="hidden" name="new_dn" value="%s" />',htmlspecialchars($new_dn));
 	} else {
 		echo '<form action="template_engine.php" method="post" id="template_form" name="template_form" enctype="multipart/form-data">';
@ -188,7 +188,7 @@ if (isset($template['empty_attrs'])) {
 	}
 	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-	printf('<input type="hidden" name="template" value="%s" />',$_REQUEST['template']);
+	printf('<input type="hidden" name="template" value="%s" />',htmlspecialchars($_REQUEST['template']));
 	printf('<input type="hidden" name="object_classes" value="%s" />',rawurlencode(serialize(array_values($template['objectclass']))));
 	printf('<input type="hidden" name="page" value="%s" />',$page+1);
@ -217,12 +217,12 @@ if (isset($template['empty_attrs'])) {
 			echo '<td class="heading">Container <acronym title="Distinguished Name">DN</acronym>:</td>';
 			printf('<td><input type="text" name="container" size="40" value="%s" disabled />',
 				htmlspecialchars($_REQUEST['container']));
-			printf('<input type="hidden" name="container" value="%s" /></td></tr>',$_REQUEST['container']);
+			printf('<input type="hidden" name="container" value="%s" /></td></tr>',htmlspecialchars($_REQUEST['container']));
 			echo '<tr class="spacer"><td colspan="3"></td></tr>';
 		}
 	} else {
-		printf('<td><input type="hidden" name="container" value="%s" /></td></tr>',$_REQUEST['container']);
+		printf('<td><input type="hidden" name="container" value="%s" /></td></tr>',htmlspecialchars($_REQUEST['container']));
 	}
 	$count = 0;
@ -256,7 +256,7 @@ if (isset($template['empty_attrs'])) {
 			# Some conditional checking.
 			# $detail['must'] & $detail['disable'] cannot be set at the same time.
 			if (isset($detail['must']) && $detail['must'] && isset($detail['disable']) && $detail['disable'])
-				pla_error(printf(_('Attribute [%s] is a MUST attribute, so it cannot be disabled.'),$attr));
+				pla_error(sprintf(_('Attribute [%s] is a MUST attribute, so it cannot be disabled.'),$attr));
 			# If this attribute is disabled, go to the next one.
 			if (isset($detail['disable']) && $detail['disable'])
@ -294,13 +294,17 @@ if (isset($template['empty_attrs'])) {
 					$type = 'select';
 			}
 			# @todo: $detail['must'] && $detail['hidden'] must have $detail['value'] (with a value).
 			# @todo: if value is a select list, then it cannot be hidden.
 			# If this is a hidden attribute, then set its value.
 			if (isset($detail['hidden']) && $detail['hidden']) {
-				printf('<input type="%s" name="form[%s]" id="%s" value="%s"/>','hidden',$attr,$attr,$detail['value']);
+				if (isset($detail['value'])) {
-				continue;
+					printf('<input type="%s" name="form[%s]" id="%s" value="%s"/>','hidden',$attr,$attr,$detail['value']);
 					continue;
 				} else {
 					pla_error(sprintf(_('Attribute [%s] is a HIDDEN attribute, however, it is missing a VALUE in your template.'),$attr));
 				}
 			}
 			# This is a displayed attribute.
@ -315,7 +319,7 @@ if (isset($template['empty_attrs'])) {
 			# Display the icon if one is required.
 			if (isset($detail['icon']) && trim($detail['icon']))
-				printf('<td><img src="%s" /></td>',$detail['icon']);
+				printf('<td><img src="%s" alt="Icon" /></td>',$detail['icon']);
 			else
 				printf('<td>&nbsp;</td>');
@ -324,9 +328,13 @@ if (isset($template['empty_attrs'])) {
 			# Display the label.
 			if (isset($detail['description']) && (trim($detail['description'])))
 				printf('<acronym title="%s">%s</acronym>:',$detail['description'],$detail['display']);
-			else
+
 			elseif (isset($detail['display']))
 				printf('%s:',$detail['display']);
 			else
 				printf('%s:',_('No DISPLAY/DESCRIPTION attribute in template file'));
 			echo '</td>';
 			# Calculate the events.
@ -481,7 +489,7 @@ if (isset($template['empty_attrs'])) {
 	# If there is no count, display the summary
 	if (! $count) {
-			printf('<tr><td><img src="%s" /></td><td><span class="x-small">%s :</span></td><td><b>%s</b></td></tr>',
+			printf('<tr><td><img src="%s" alt="Create" /></td><td><span class="x-small">%s :</span></td><td><b>%s</b></td></tr>',
 				$template['icon'],_('Create Object'),htmlspecialchars($new_dn));
 			echo '<tr class="spacer"><td colspan="3"></td></tr>';
@ -490,7 +498,7 @@ if (isset($template['empty_attrs'])) {
 			foreach ($_REQUEST['form'] as $attr => $value) {
 				# Remove blank attributes.
-				if (! $_REQUEST['form'][$attr]) {
+				if (! is_array($_REQUEST['form'][$attr]) && trim($_REQUEST['form'][$attr]) == '') {
 					unset($_REQUEST['form'][$attr]);
 					continue;
 				}
@ -521,12 +529,14 @@ if (isset($template['empty_attrs'])) {
 			}
-			echo '<tr class="spacer"><td colspan="3"></td></tr>';
+			if (isset($_SESSION['submitform'])) {
-			foreach (array_keys($_SESSION['submitform']) as $attr) {
+				echo '<tr class="spacer"><td colspan="3"></td></tr>';
 				foreach (array_keys($_SESSION['submitform']) as $attr) {
-				printf('<tr class="%s"><td colspan=2>%s</td><td><b>%s</b>',
+					printf('<tr class="%s"><td colspan=2>%s</td><td><b>%s</b>',
-					($counter++%2==0?'even':'odd'),$attr,_('Binary value not displayed'));
+						($counter++%2==0?'even':'odd'),$attr,_('Binary value not displayed'));
-				printf('<input type="hidden" name="attrs[]" value="%s" /></td></tr>',$attr);
+					printf('<input type="hidden" name="attrs[]" value="%s" /></td></tr>',$attr);
 				}
 			}
 	}
@ -790,15 +800,15 @@ foreach ($template['attrs'] as $attr => $vals) {
 		if (count($vals) > 1) {
 			for ($i=1; $i<=count($vals); $i++)
-				printf('<a href="%s&amp;value_num=%s"><img src="images/save.png" /> %s(%s)</a><br />',
+				printf('<a href="%s&amp;value_num=%s"><img src="images/save.png" alt="Save" /> %s(%s)</a><br />',
 					$href,$i,_('download value'),$i);
 		} else {
-			printf('<a href="%s"><img src="images/save.png" /> %s</a><br />',$href,_('download value'));
+			printf('<a href="%s"><img src="images/save.png" alt="Save" /> %s</a><br />',$href,_('download value'));
 		}
 		if (! $ldapserver->isReadOnly() && ! $ldapserver->isAttrReadOnly($attr))
-			printf('<a href="javascript:deleteAttribute(\'%s\');" style="color:red;"><img src="images/trash.png" /> %s</a>',
+			printf('<a href="javascript:deleteAttribute(\'%s\');" style="color:red;"><img src="images/trash.png" alt="Trash" /> %s</a>',
 				$attr,_('delete attribute'));
 		echo '</small>';
@ -840,10 +850,11 @@ foreach ($template['attrs'] as $attr => $vals) {
 				if (trim($val) == '')
 					printf('<span style="color:red">[%s]</span><br />',_('empty'));
-				elseif (! strcasecmp($attr,'userPassword') && $config->GetValue('appearance','obfuscate_password_display'))
+				elseif (! strcasecmp($attr,'userPassword') && $config->GetValue('appearance','obfuscate_password_display')) {
 					$user_password = $val;
 					echo preg_replace('/./','*',$val).'<br />';
-				elseif (in_array(strtolower($attr),$shadow_format_attrs)) {
+				} elseif (in_array(strtolower($attr),$shadow_format_attrs)) {
 					$shadow_date = shadow_date($attrs,$attr);
 					echo htmlspecialchars($val).'&nbsp;';
 					echo '<small>';
@ -860,18 +871,9 @@ foreach ($template['attrs'] as $attr => $vals) {
 				} else
 					echo htmlspecialchars($val).'<br />';
 			}
 //@todo: redundant?
 		} else {
 			if (! strcasecmp($attr,'userPassword') && obfuscate_password_display())
 				echo preg_replace('/./','*',$vals).'<br />';
 			else
 				echo $vals.'<br />';
 		}
-		if (! strcasecmp($attr,'userPassword'))
+		if (! strcasecmp($attr,'userPassword') && isset($user_password))
 			printf('<small><a href="javascript:passwordComparePopup(\'%s\')">%s</a></small>',base64_encode($user_password),_('Check password...'));
 		if (preg_match("/^${attr}=/",$rdn))
@ -907,8 +909,8 @@ foreach ($template['attrs'] as $attr => $vals) {
 				echo htmlspecialchars($user_password);
 			echo '<br />';
-			printf('<input style="width: 260px" type="%s" name="new_values[userpassword][]" value="" />',
+			printf('<input style="width: 260px" type="%s" name="new_values[userpassword][]" value="%s" />',
-				(obfuscate_password_display($enc_type) ? 'password' : 'text'));
+				(obfuscate_password_display($enc_type) ? 'password' : 'text'),htmlspecialchars($user_password));
 			echo enc_type_select_list($enc_type);
@ -1002,12 +1004,13 @@ foreach ($template['attrs'] as $attr => $vals) {
 		# Is this value is a structural objectClass, make it read-only
 		if (! strcasecmp($attr,'objectClass')) {
-			printf('<a title="%s" href="schema.php?server_id=%s&amp;view=objectClasses&amp;viewvalue=%s"><img src="images/info.png" /></a>&nbsp;',
+			printf('<a title="%s" href="schema.php?server_id=%s&amp;view=objectClasses&amp;viewvalue=%s"><img src="images/info.png" alt="Info" /></a>&nbsp;',
 				_('View the schema description for this objectClass'),$ldapserver->server_id,htmlspecialchars($val));
 			$schema_object = $ldapserver->getSchemaObjectClass($val);
-			if ($schema_object->getType() == 'structural') {
+			# This should be an object, but we'll test it anyway
 			if (is_object($schema_object) && $schema_object->getType() == 'structural') {
 				printf(' %s <small>(<acronym title="%s">%s</acronym>)</small><br />',
 					$val,_('This is a structural ObjectClass and cannot be removed.'),_('structural'));
 				printf('<input type="hidden" name="%s" id="%s" value="%s" />',$input_name,$input_id,htmlspecialchars($val));
@ -1027,10 +1030,10 @@ foreach ($template['attrs'] as $attr => $vals) {
 			}
 		elseif (is_mail_string($val))
-			printf('<a href="mailto:%s"><img style="vertical-align: center" src="images/mail.png" /></a>&nbsp;',htmlspecialchars($val));
+			printf('<a href="mailto:%s"><img style="vertical-align: center" src="images/mail.png" alt="Mail" /></a>&nbsp;',htmlspecialchars($val));
 		elseif (is_url_string($val))
-			printf('<a href="%s" target="new"><img style="vertical-align: center" src="images/dc.png" /></a>&nbsp;',htmlspecialchars($val));
+			printf('<a href="%s" target="new"><img style="vertical-align: center" src="images/dc.png" alt="URL" /></a>&nbsp;',htmlspecialchars($val));
 		if ($ldapserver->isMultiLineAttr($attr,$val))
 			printf('<textarea class="val" rows="3" cols="50" name="%s" id="%s">%s</textarea>',$input_name,$input_id,htmlspecialchars($val));
@ -1124,7 +1127,7 @@ else
 <!-- This form is submitted by JavaScript when the user clicks "Delete attribute" on a binary attribute -->
 <form name="delete_attribute_form" action="delete_attr.php" method="post">
 	<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
-	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+	<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
 	<input type="hidden" name="attr" value="FILLED IN BY JAVASCRIPT" />
 </form>
--- a/htdocs/update_confirm.php
+++ b/htdocs/update_confirm.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.46 2006/01/29 01:51:49 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.47 2006/05/13 12:52:26 wurley Exp $
 /**
 * Takes the results of clicking "Save" in template_engine.php and determines which
@ -76,16 +76,21 @@ foreach ($old_values as $attr => $old_val) {
 }
 # Check user password with new encoding.
-if (isset($new_values['userpassword']) && is_array($new_values['userpassword']))
+if (isset($new_values['userpassword']) && is_array($new_values['userpassword'])) {
 	foreach ($new_values['userpassword'] as $key => $userpassword) {
 		if ($userpassword) {
-			$new_val[$key] = password_hash($userpassword,$_POST['enc_type'][$key]);
+			if ($old_values['userpassword'][$key] == $new_values['userpassword'][$key] && 
 				get_enc_type($old_values['userpassword'][$key]) == $_POST['enc_type'][$key])
 				continue;
-			if ($new_val[$key] != $old_values['userpassword'][$key])
+			$new_values['userpassword'][$key] = password_hash($userpassword,$_POST['enc_type'][$key]);
 				$update_array['userpassword'][$key] = $new_val[$key];
 		}
 	}
 	if ($old_values['userpassword'] != $new_values['userpassword'])
 		$update_array['userpassword'] = $new_values['userpassword'];
 }
 # strip empty vals from update_array and ensure consecutive indices for each attribute
 foreach ($update_array as $attr => $val) {
 	if (is_array($val)) {
--- a/lib/createlm.php
+++ b/lib/createlm.php
@ -1,6 +1,6 @@
 <?php
 /*
-$Id: createlm.php,v 1.2 2005/10/23 01:05:41 wurley Exp $
+$Id: createlm.php,v 1.3 2006/04/29 07:29:10 wurley Exp $
  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
  Copyright (C) 2004 Roland Gruber
@ -133,6 +133,14 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 		array( 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8),
 		array( 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11)));
 	/**
 	* Fixes too large numbers
 	*/
 	function x($i) {
 		if ($i < 0) return 4294967296 - $i;
 		else return $i;
 	}
 	/**
 	* @param integer count
 	* @param array $data
@ -335,7 +343,11 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 	# Support functions
 	# Ported from SAMBA/source/lib/md4.c:F,G and H respectfully
 	function F($X, $Y, $Z) {
-		return ($X&$Y) | ((~$X)&$Z);
+		$ret = (($X&$Y) | ((~((int)$X))&$Z));
 		if ($this->x($ret) > 4294967296) {
 			$ret = (2*4294967296) - $this->x($ret);
 		}
 		return $ret;
 	}
 	function G($X, $Y, $Z) {
@ -468,6 +480,9 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 		$sum[1] &= 0xffff;
 		$sum[0] &= 0xffff;
 		$ret = ($sum[0]<<16) | $sum[1];
 		if ($this->x($ret) > 4294967296) {
 			$ret = (2*4294967296) - $this->x($ret);
 		}
 		return $ret;
 	}
@ -493,7 +508,14 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 	# Renamed to prevent clash with SAMBA/source/libsmb/smbdes.c:lshift
 	function md4lshift($x, $s) {
 		$x &= 0xFFFFFFFF;
-		return ((($x<<$s)&0xFFFFFFFF) | $this->unsigned_shift_r($x, (32-$s)));
+		if ($this->x($x) > 4294967296) {
 			$x = (2*4294967296) - $this->x($x);
 		}
 		$ret = ((($x<<$s)&0xFFFFFFFF) | $this->unsigned_shift_r($x, (32-$s)));
 		if ($this->x($ret) > 4294967296) {
 			$ret = (2*4294967296) - $this->x($ret);
 		}
 		return $ret;
 	}
 	/**
--- a/lib/functions.php
+++ b/lib/functions.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.290 2006/02/25 13:12:05 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.292 2006/05/13 12:52:27 wurley Exp $
 /**
 * A collection of functions used throughout phpLDAPadmin.
@ -85,6 +85,9 @@ function pretty_print_dn( $dn ) {
 	if (DEBUG_ENABLED)
 		debug_log('pretty_print_dn(): Entered with (%s)',1,$dn);
 	if (! is_dn_string($dn))
 		pla_error(sprintf(_('DN "%s" is not an LDAP distinguished name.'),htmlspecialchars($dn)));
 	$dn = pla_explode_dn( $dn );
 	foreach( $dn as $i => $element ) {
 		$element = htmlspecialchars($element);
@ -1012,7 +1015,7 @@ function pla_error( $msg, $ldap_err_msg=null, $ldap_err_no=-1, $fatal=true ) {
 	?>
 	<center>
-	<table class="error"><tr><td class="img"><img src="images/warning.png" /></td>
+	<table class="error"><tr><td class="img"><img src="images/warning.png" alt="Warning" /></td>
 	<td><center><h2><?php echo _('Error');?></h2></center>
 	<?php echo $msg; ?>
 	<br />
@ -1118,7 +1121,7 @@ function pla_error_handler( $errno, $errstr, $file, $lineno ) {
 	$errstr = preg_replace("/\s+/"," ",$errstr);
 	if( $errno == E_NOTICE ) {
-		echo sprintf(_('<center><table class=\'notice\'><tr><td colspan=\'2\'><center><img src=\'images/warning.png\' height=\'12\' width=\'13\' />
+		echo sprintf(_('<center><table class=\'notice\'><tr><td colspan=\'2\'><center><img src=\'images/warning.png\' height=\'12\' width=\'13\' alt="Warning" />
             <b>You found a non-fatal phpLDAPadmin bug!</b></td></tr><tr><td>Error:</td><td><b>%s</b> (<b>%s</b>)</td></tr><tr><td>File:</td>
             <td><b>%s</b> line <b>%s</b>, caller <b>%s</b></td></tr><tr><td>Versions:</td><td>PLA: <b>%s</b>, PHP: <b>%s</b>, SAPI: <b>%s</b>
             </td></tr><tr><td>Web server:</td><td><b>%s</b></td></tr>
@ -1262,7 +1265,7 @@ function draw_jpeg_photos($ldapserver,$dn,$attr_name='jpegPhoto',$draw_delete_bu
 			$img_height = $height;
 		}
-		printf('<img %s%s%s src="view_jpeg_photo.php?file=%s" /><br />',
+		printf('<img %s%s%s src="view_jpeg_photo.php?file=%s" alt="Photo" /><br />',
 			($fixed_width ? '' : 'width="'.$img_width.'" '),
 			($fixed_height ? '' : 'height="'.$img_height.'"'),
 			($img_html_attrs ? $img_html_attrs : ''),basename($jpeg_filename));
@ -1637,7 +1640,7 @@ function draw_chooser_link( $form_element, $include_choose_text=true, $rdn="none
 	$title = _('Click to popup a dialog to select an entry (DN) graphically');
-	printf('<a href="%s" title="%s"><img class="chooser" src="images/find.png" /></a>',$href,$title);
+	printf('<a href="%s" title="%s"><img class="chooser" src="images/find.png" alt="Find" /></a>',$href,$title);
 	if ($include_choose_text)
 		printf('<span class="x-small"><a href="%s" title="%s">%s</a></span>',$href,$title,_('browse'));
 }
@ -1659,6 +1662,8 @@ function draw_chooser_link( $form_element, $include_choose_text=true, $rdn="none
 * </code>
 */
 function pla_explode_dn($dn,$with_attributes=0) {
 	if (DEBUG_ENABLED)
 		debug_log('pla_explode_dn(): Entered with (%s,%s)',1,$dn,$with_attributes);
 	$dn = addcslashes(dn_escape($dn),'<>');
 	# split the dn
@ -1683,6 +1688,8 @@ function pla_explode_dn($dn,$with_attributes=0) {
 * Parse a DN and escape any special characters
 */
 function dn_escape($dn) {
 	$olddn = $dn;
 	# Check if the RDN has a comma and escape it.
 	while (preg_match('/([^\\\\]),(\s*[^=]*\s*),/',$dn))
 		$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*),/','$1\\\\2C$2,',$dn);
@ -1690,7 +1697,7 @@ function dn_escape($dn) {
 	$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*)([^,])$/','$1\\\\2C$2$3',$dn);
 	if (DEBUG_ENABLED)
-		debug_log('dn_escape(): Entered with (%s), Returning (%s)',1,$dn,$dn);
+		debug_log('dn_escape(): Entered with (%s), Returning (%s)',1,$olddn,$dn);
 	return $dn;
 }
@ -2783,7 +2790,7 @@ function draw_date_selector_link( $attr ) {
 	$href = "javascript:dateSelector('$attr');";
 	$title = _('Click to popup a dialog to select a date graphically');
-	printf('<a href="%s" title="%s"><img class="chooser" src="images/calendar.png" id="f_trigger_%s" style="cursor: pointer;" /></a>',$href,$title,$attr);
+	printf('<a href="%s" title="%s"><img class="chooser" src="images/calendar.png" id="f_trigger_%s" style="cursor: pointer;" alt="Calendar" /></a>',$href,$title,$attr);
 }
 function no_expire_header() {
--- a/lib/schema_functions.php
+++ b/lib/schema_functions.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/schema_functions.php,v 1.90 2006/01/03 20:39:59 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/schema_functions.php,v 1.91 2006/04/29 06:49:32 wurley Exp $
 /**
 * Classes and functions for fetching and parsing schema from an LDAP server.
@ -145,6 +145,7 @@ class ObjectClass extends SchemaItem {
 	/**
 	 * Creates a new ObjectClass object given a raw LDAP objectClass string.
 	 * @todo: Unfortunately, some schemas are not well defined - eg: dNSDomain. Where the schema definition is not case consistent with the attribute definitions. This causes us some problems, which we need to resolve.
 	 */
 	function ObjectClass($raw_ldap_schema_string,$ldapserver) {
 	        if (DEBUG_ENABLED)
--- a/lib/server_functions.php
+++ b/lib/server_functions.php
@ -1,5 +1,5 @@
 <?php
-/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.44 2006/02/25 14:04:12 wurley Exp $ */
+/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.45 2006/05/13 12:52:27 wurley Exp $ */
 /**
 * Classes and functions for LDAP server configuration and capability
@ -2334,7 +2334,7 @@ class LDAPserver {
 	 */
 	function getLoggedInPass() {
 		if (DEBUG_ENABLED)
-			debug_log('%s:getLoggedInPass(): Entered with ()',17,get_class($this));
+			debug_log('%s::getLoggedInPass(): Entered with ()',17,get_class($this));
 		if (! $this->auth_type)
 			return false;
@ -2387,6 +2387,9 @@ class LDAPserver {
 		# Set default return
 		$return = false;
 		if (DEBUG_ENABLED)
 			debug_log('%s::getLoggedInDN(): auth_type is [%s]',66,get_class($this),$this->auth_type);
 		if ($this->auth_type) {
 			switch ($this->auth_type) {
 				case 'cookie':
@ -2419,7 +2422,7 @@ class LDAPserver {
 		}
 		if (DEBUG_ENABLED)
-			debug_log('%s:getLoggedInDN(): Entered with (), Returning (%s)',17,get_class($this),$return);
+			debug_log('%s::getLoggedInDN(): Entered with (), Returning (%s)',17,get_class($this),$return);
 		return $return;
 	}
--- a/lib/template_functions.php
+++ b/lib/template_functions.php
@ -1,5 +1,5 @@
 <?php
-/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/template_functions.php,v 1.34 2006/02/25 12:47:57 wurley Exp $ */
+/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/template_functions.php,v 1.35 2006/04/29 06:49:32 wurley Exp $ */
 /**
 * Classes and functions for the template engine.ation and capability
@ -464,7 +464,7 @@ class Templates {
 			U:    Make the result upper case.
 			*/
 			case 'autoFill' :
-				list($attr,$string) = split(',',$arg);
+				list($attr,$string) = preg_split('(([^,]+),(.*))',$arg,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
 				preg_match_all('/%(\w+)(\|[0-9]*-[0-9]*)?(\/[klTU]+)?%/U',$string,$matchall);
 				//print"<PRE>";print_r($matchall); //0 = highlevel match, 1 = attr, 2 = subst, 3 = mod
--- a/lib/tree_functions.php
+++ b/lib/tree_functions.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/tree_functions.php,v 1.23 2006/01/03 20:39:59 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/tree_functions.php,v 1.25 2006/05/13 12:52:27 wurley Exp $
 /**
 * @package phpLDAPadmin
@ -89,7 +89,9 @@ function draw_server_tree() {
 					$logged_in_dn_array = explode(',',$logged_in_branch);
 				}
-				$logged_in_dn_array[] = $ldapserver->getDNBase($logged_in_dn);
+				$bases = $ldapserver->getDNBase($logged_in_dn);
 				if (is_array($bases) && count($bases))
 					$logged_in_dn_array[] = $bases;
 				$rdn = $logged_in_dn;
@ -190,9 +192,6 @@ function draw_server_tree() {
 					$icon = isset($tree['browser'][$base_dn]['icon']) ? $tree['browser'][$base_dn]['icon'] : get_icon($ldapserver,$base_dn);
 					# Shall we draw the "mass-delete" checkbox?
 					if ($ldapserver->isMassDeleteEnabled())
 						printf('<td><input type="checkbox" name="mass_delete[%s]" /></td>',htmlspecialchars($base_dn));
 					if ($config->GetValue('appearance','tree_plm')) {
 						$tree_plm .= sprintf(".|%s|%s|%s|%s|%s|%s\n",
@ -200,6 +199,11 @@ function draw_server_tree() {
 					} else {
 						echo '<tr>';
 						# Shall we draw the "mass-delete" checkbox?
 						if ($ldapserver->isMassDeleteEnabled())
 							printf('<td><input type="checkbox" name="mass_delete[%s]" /></td>',htmlspecialchars($base_dn));
 						printf('<td class="expander"><a href="%s"><img src="%s" alt="%s" /></a></td>',$expand_href,$expand_img,$expand_alt);
 						printf('<td class="icon"><a href="%s" target="right_frame"><img src="images/%s" alt="img" /></a></td>',$edit_href,$icon);
 						printf('<td class="rdn" colspan="98"><nobr><a href="%s" target="right_frame">%s</a>',$edit_href,pretty_print_dn($base_dn));
--- a/templates/creation/custom.php
+++ b/templates/creation/custom.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/creation/custom.php,v 1.45 2005/12/17 00:00:12 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/creation/custom.php,v 1.46 2006/04/29 06:49:32 wurley Exp $
 $rdn = isset($_POST['rdn']) ? $_POST['rdn'] : null;
 $container = $_POST['container'];
@ -146,8 +146,10 @@ if ($step == 1) {
 			# is there a user-friendly translation available for this attribute?
 			if (isset($friendly_attrs[strtolower($attr)]))
-				$attr_display = sprintf('<acronym title='._('Note: \'%s\' is an alias for \'%s\'').'">%s</acronym>"',
+				$attr_display = sprintf('<acronym title="%s: \'%s\' %s \'%s\'">%s</acronym>',
-					htmlspecialchars($attr),htmlspecialchars($friendly_attrs[strtolower($attr)]));
+					_('Note'),htmlspecialchars($attr),_('is an alias for'),
 					htmlspecialchars($friendly_attrs[strtolower($attr)]),
 					htmlspecialchars($friendly_attrs[strtolower($attr)]));
 			else
 				$attr_display = htmlspecialchars($attr);
--- a/templates/template_header.php
+++ b/templates/template_header.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/template_header.php,v 1.7 2005/12/10 10:34:57 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/template_header.php,v 1.8 2006/04/29 06:49:32 wurley Exp $
 /**
 * Header page for engine.
@ -27,8 +27,8 @@ $addattr_href = sprintf('add_attr_form.php?%s',$url_base);
 echo '<body>';
 if ($dn) {
-	$actionlayout = '<td class="icon"><img src="images/%s" /></td><td><a href="%s" title="%s">%s</a></td>';
+	$actionlayout = '<td class="icon"><img src="images/%s" alt="%s" /></td><td><a href="%s" title="%s">%s</a></td>';
-	$hintlayout = '<td class="icon"><img src="images/light.png" /></td><td colspan="3"><span class="hint">%s</span></td>';
+	$hintlayout = '<td class="icon"><img src="images/light.png" alt="Hint" /></td><td colspan="3"><span class="hint">%s</span></td>';
 	printf('<h3 class="title">%s</h3>',htmlspecialchars($rdn));
 	printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',
@ -37,24 +37,24 @@ if ($dn) {
 	echo "\n";
 	echo '<table class="edit_dn_menu"><tr>';
-	printf($actionlayout,'refresh.png',$refresh_href,_('Refresh this entry'),_('Refresh'));
+	printf($actionlayout,'refresh.png','Refresh',$refresh_href,_('Refresh this entry'),_('Refresh'));
-	printf($actionlayout,'save.png',$export_href_base,_('Save a dump of this object'),_('Export'));
+	printf($actionlayout,'save.png','Save',$export_href_base,_('Save a dump of this object'),_('Export'));
 	echo '</tr><tr>';
-	printf($actionlayout,'cut.png',$copy_href,_('Copy this object to another location, a new DN, or another server'),_('Copy or move this entry'));
+	printf($actionlayout,'cut.png','Cut',$copy_href,_('Copy this object to another location, a new DN, or another server'),_('Copy or move this entry'));
 	if ($show_internal_attrs)
-		printf($actionlayout,'tools-no.png',$refresh_href,'',_('Hide internal attributes'));
+		printf($actionlayout,'tools-no.png','Hide',$refresh_href,'',_('Hide internal attributes'));
 	else
-		printf($actionlayout,'tools.png',$intattr_href,'',_('Show internal attributes'));
+		printf($actionlayout,'tools.png','Show',$intattr_href,'',_('Show internal attributes'));
 	echo '</tr>';
 	if (! $ldapserver->isReadOnly()) {
 		echo '<tr>';
-		printf($actionlayout,'trash.png',$delete_href,_('You will be prompted to confirm this decision'),_('Delete this entry'));
+		printf($actionlayout,'trash.png','Trash',$delete_href,_('You will be prompted to confirm this decision'),_('Delete this entry'));
-		printf($actionlayout,'rename.png',$rename_href,'',_('Rename'));
+		printf($actionlayout,'rename.png','Rename',$rename_href,'',_('Rename'));
 		echo '</tr>';
 		if ($config->GetValue('appearance','show_hints')) {
@ -64,12 +64,12 @@ if ($dn) {
 		}
 		echo '<tr>';
-		printf($actionlayout,'compare.png',$compare_href,'',_('Compare with another entry'));
+		printf($actionlayout,'compare.png','Compare',$compare_href,'',_('Compare with another entry'));
 		echo '</tr>';
 		echo '<tr>';
-		printf($actionlayout,'star.png',$create_href,'',_('Create a child entry'));
+		printf($actionlayout,'star.png','Create',$create_href,'',_('Create a child entry'));
-		printf($actionlayout,'add.png',$addattr_href,'',_('Add new attribute'));
+		printf($actionlayout,'add.png','Add',$addattr_href,'',_('Add new attribute'));
 		echo '</tr>';
 	}
@ -84,8 +84,8 @@ if ($dn) {
 			$ldapserver->server_id,rawurlencode('objectClass=*'),$encoded_dn);
 		echo '<tr>';
-		printf($actionlayout,'children.png',$child_href,'',($children_count == 1) ? _('View 1 child') : sprintf(_('View %s children'),$children_count));
+		printf($actionlayout,'children.png','Children',$child_href,'',($children_count == 1) ? _('View 1 child') : sprintf(_('View %s children'),$children_count));
-		printf($actionlayout,'save.png',$export_href_sub,_('Save a dump of this object and all of its children'),_('Export subtree'));
+		printf($actionlayout,'save.png','Save',$export_href_sub,_('Save a dump of this object and all of its children'),_('Export subtree'));
 		echo '</tr>';
 	}
@ -116,7 +116,7 @@ if ($dn) {
 	if (! $ldapserver->isReadOnly()) {
 		echo '<form action="update_confirm.php" method="post" name="edit_form">';
 		printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-		printf('<input type="hidden" name="dn" value="%s" />',$dn);
+		printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 	}
 	echo '<br />'."\n\n";