RELEASE 0.9.8.5

INSTALL

@@ -1,5 +1,5 @@
 For install instructions in non-English languages, see the wiki:
-    http://wiki.pldapadmin.com
+    http://wiki.phpldapadmin.info
 
 * Requirements
 
@@ -17,7 +17,7 @@ For install instructions in non-English languages, see the wiki:
 * For additional help
 
   See the wiki:
-    http://wiki.pldapadmin.com
+    http://wiki.phpldapadmin.info
 
   Join our mailing list: 
     https://lists.sourceforge.net/lists/listinfo/phpldapadmin-devel

VERSION

@@ -1 +1 @@
-$Name: RELEASE-0_9_8_1 $
+$Name: RELEASE-0_9_8_5 $

config/config.php.example

@@ -1,4 +1,9 @@
 <?php
+/** NOTE **
+ ** Make sure that <?php is the FIRST line of this file!
+ ** IE: There should NOT be any blank lines or spaces BEFORE <?php
+ **/
+
 /**
  * The phpLDAPadmin config file
  *
@@ -9,8 +14,8 @@
  * For example, the default for defining the language in config_default.php
  *
  * $this->default->appearance['lang'] = array(
- *	'desc'=>'Language',
- *	'default'=>'auto');
+ *  'desc'=>'Language',
+ *  'default'=>'auto');
  *
  * to override this, use $config->custom->appearance['lang'] = 'en';
  *
@@ -141,7 +146,7 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server');
 /* If 'login_attr' is used above such that phpLDAPadmin will search for your DN
    at login, you may restrict the search to a specific objectClass. EG, set this
    to 'posixAccount' or 'inetOrgPerson', depending upon your setup. */
-// $ldapservers->SetValue($i,'login','class','');
+// $ldapservers->SetValue($i,'login','class',null);
 
 /* Specify true If you want phpLDAPadmin to not display or permit any
    modification to the LDAP server. */
@@ -164,50 +169,50 @@ $ldapservers->SetValue($i,'server','name','My LDAP Server');
 // $ldapservers->SetValue($i,'auto_number','mechanism','search');
 
 /* The DN of the search base when the 'search' mechanism is used above. */
-// $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com');
+#  $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com');
 
 /* The minimum number to use when searching for the next available UID number
    (only when 'search' is used for auto_uid_number_mechanism' */
 // $ldapservers->SetValue($i,'auto_number','min','1000');
 
 /* The DN of the uidPool entry when 'uidpool' mechanism is used above. */
-// $servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
+#  $servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
 
 /* If you set this, then phpldapadmin will bind to LDAP with this user ID when
    searching for the uidnumber. The idea is, this user id would have full
    (readonly) access to uidnumber in your ldap directory (the logged in user
    may not), so that you can be guaranteed to get a unique uidnumber for your
    directory. */
-// $ldapservers->SetValue($i,'auto_number','dn','');
+// $ldapservers->SetValue($i,'auto_number','dn',null);
 
 /* The password for the dn above. */
-// $ldapservers->SetValue($i,'auto_number','pass','');
+// $ldapservers->SetValue($i,'auto_number','pass',null);
 
 /* Enable anonymous bind login. */
 // $ldapservers->SetValue($i,'login','anon_bind',true);
 
 /* Use customized page with prefix when available. */
-// $ldapservers->SetValue($i,'custom','pages_prefix','custom_');
+#  $ldapservers->SetValue($i,'custom','pages_prefix','custom_');
 
 /* If you set this, then phpldapadmin will bind to LDAP with this user when
    testing for unique attributes (as set in unique_attrs array). If you want to
    enforce unique attributes, than this id should have full (readonly) access
    to the attributes in question (the logged in user may not have enough access)
 */
-// $ldapservers->SetValue($i,'unique_attrs','dn','');
+// $ldapservers->SetValue($i,'unique_attrs','dn',null);
 
 /* The password for the dn above */
-// $ldapservers->SetValue($i,'unique_attrs','pass','');
+// $ldapservers->SetValue($i,'unique_attrs','pass',null);
 
 /* If you set this, then only these DNs are allowed to log in. This array can
    contain individual users, groups or ldap search filter(s). Keep in mind that
    the user has not authenticated yet, so this will be an anonymous search to
    the LDAP server, so make your ACLs allow these searches to return results! */
-# $ldapservers->SetValue($i,'login','allowed_dns',array(
-#	'uid=stran,ou=People,dc=example,dc=com',
-# 	'(&(gidNumber=811)(objectClass=groupOfNames))',
-# 	'(|(uidNumber=200)(uidNumber=201))',
-# 	'cn=callcenter,ou=Group,dc=example,dc=com'));
+#  $ldapservers->SetValue($i,'login','allowed_dns',array(
+#   'uid=stran,ou=People,dc=example,dc=com',
+#   '(&(gidNumber=811)(objectClass=groupOfNames))',
+#   '(|(uidNumber=200)(uidNumber=201))',
+#   'cn=callcenter,ou=Group,dc=example,dc=com'));
 
 /* Set this if you dont want this LDAP server to show in the tree */
 // $ldapservers->SetValue($i,'appearance','visible',true);
@@ -240,20 +245,20 @@ $ldapservers->SetValue($i,'server','tls',false);
 $ldapservers->SetValue($i,'server','low_bandwidth',false);
 $ldapservers->SetValue($i,'appearance','password_hash','md5');
 $ldapservers->SetValue($i,'login','attr','dn');
-$ldapservers->SetValue($i,'login','string','');
-$ldapservers->SetValue($i,'login','class','');
+$ldapservers->SetValue($i,'login','string',null);
+$ldapservers->SetValue($i,'login','class',null);
 $ldapservers->SetValue($i,'server','read_only',false);
 $ldapservers->SetValue($i,'appearance','show_create',true);
 $ldapservers->SetValue($i,'auto_number','enable',true);
 $ldapservers->SetValue($i,'auto_number','mechanism','search');
-$ldapservers->SetValue($i,'auto_number','search_base','');
+$ldapservers->SetValue($i,'auto_number','search_base',null);
 $ldapservers->SetValue($i,'auto_number','min','1000');
-$ldapservers->SetValue($i,'auto_number','dn','');
-$ldapservers->SetValue($i,'auto_number','pass','');
+$ldapservers->SetValue($i,'auto_number','dn',null);
+$ldapservers->SetValue($i,'auto_number','pass',null);
 $ldapservers->SetValue($i,'login','anon_bind',true);
 $ldapservers->SetValue($i,'custom','pages_prefix','custom_');
-$ldapservers->SetValue($i,'unique_attrs','dn','');
-$ldapservers->SetValue($i,'unique_attrs','pass','');
+$ldapservers->SetValue($i,'unique_attrs','dn',null);
+$ldapservers->SetValue($i,'unique_attrs','pass',null);
 */
 
 /*********************************************/
@@ -265,7 +270,7 @@ $ldapservers->SetValue($i,'unique_attrs','pass','');
 $friendly_attrs = array();
 
 $friendly_attrs['facsimileTelephoneNumber'] = 'Fax';
-$friendly_attrs['telephoneNumber']			= 'Phone';
+$friendly_attrs['telephoneNumber']          = 'Phone';
 
 /*********************************************/
 /* Support for attrs display order           */
@@ -277,16 +282,16 @@ $friendly_attrs['telephoneNumber']			= 'Phone';
    attributes that are not specified in this array will be displayed after in
    alphabetical order. */
 #  $attrs_display_order = array(
-#	'givenName',
-# 	'sn',
-# 	'cn',
-# 	'displayName',
-# 	'uid',
-# 	'uidNumber',
-# 	'gidNumber',
-# 	'homeDirectory',
-# 	'mail',
-# 	'userPassword'
+#   'givenName',
+#   'sn',
+#   'cn',
+#   'displayName',
+#   'uid',
+#   'uidNumber',
+#   'gidNumber',
+#   'homeDirectory',
+#   'mail',
+#   'userPassword'
 #  );
 
 /*********************************************/
@@ -305,8 +310,8 @@ $friendly_attrs['telephoneNumber']			= 'Phone';
 /* Hidden attributes in read-only mode. If undefined, it will be equal to
    $hidden_attrs. */
 #  $hidden_attrs_ro = array(
-#	'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax',
-#	'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire');
+#   'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax',
+#   'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire');
 
 /**                                         **/
 /** Read-only attributes                    **/
@@ -357,7 +362,7 @@ $queries[$q]['scope'] = 'sub';
 $queries[$q]['filter'] = '(&(objectClass=posixAccount)(uid=*))';
 
 /* The attributes to return */
-$queries[$q]['attributes'] = 'cn, uid, homeDirectory';
+$queries[$q]['attributes'] = 'cn, uid, homeDirectory, telephonenumber, jpegphoto';
 
 /* If you want to configure more pre-defined queries, copy and paste the above (including the "$q++;") */
 $q++;

doc/README-translation.txt

@@ -1,2 +1,2 @@
-Please see http://wiki.pldapadmin.com/Translating now for information on
+Please see http://wiki.phpldapadmin.info/Translating now for information on
 translating PLA.

htdocs/add_value_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/add_value_form.php,v 1.34.2.4 2005/12/11 08:59:08 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/add_value_form.php,v 1.34.2.5 2007/01/27 12:51:47 wurley Exp $
 
 /**
  * Displays a form to allow the user to enter a new value to add
@@ -34,10 +34,16 @@ else
 	$rdn = null;
 
 $current_values = $ldapserver->getDNAttr($dn,$attr);
-if ($current_values)
-	$num_current_values = (is_array($current_values) ? count($current_values) : 1);
-else
+if ($current_values) {
+	if (! is_array($current_values))
+		$current_values = array($current_values);
+
+	$num_current_values = count($current_values);
+
+} else {
+	$current_values = array();
 	$num_current_values = 0;
+}
 
 $is_object_class = (strcasecmp($attr, 'objectClass') == 0) ? true : false;
 
@@ -107,18 +113,18 @@ if ($num_current_values) {
 			if (strcasecmp($attr,'userPassword') == 0) {
 				foreach ($current_values as $key => $value) {
 					if (obfuscate_password_display(get_enc_type($value)))
-						echo '<li><nobr>'.preg_replace('/./','*',$value).'<br /></li>';
+						echo '<li><span style="white-space: nowrap;">'.preg_replace('/./','*',$value).'<br /></li>';
 					else
-						echo '<li><nobr>'.htmlspecialchars($value).'<br /></li>';
+						echo '<li><span style="white-space: nowrap;">'.htmlspecialchars($value).'<br /></li>';
 				}
 
 			} else {
 				foreach ($current_values as $val)
-					printf('<li><nobr>%s</nobr></li>',htmlspecialchars($val));
+					printf('<li><span style="white-space: nowrap;">%s</span></li>',htmlspecialchars($val));
 			}
 
 		} else {
-			printf('<li><nobr>%s</nobr></li>',htmlspecialchars($current_values));
+			printf('<li><span style="white-space: nowrap;">%s</span></li>',htmlspecialchars($current_values));
 		}
 
 		echo '</ul>';

htdocs/collapse.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/collapse.php,v 1.13.4.1 2005/11/26 05:17:06 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/collapse.php,v 1.13.4.2 2007/03/18 03:16:05 wurley Exp $
 
 /**
  * This script alters the session variable 'tree', collapsing it
@@ -23,17 +23,11 @@ $tree = get_cached_item($ldapserver->server_id,'tree');
 $tree['browser'][$dn]['open'] = false;
 set_cached_item($ldapserver->server_id,'tree','null',$tree);
 
-/* This is for Opera. By putting "random junk" in the query string, it thinks
-   that it does not have a cached version of the page, and will thus
-   fetch the page rather than display the cached version */
-$time = gettimeofday();
-$random_junk = md5(strtotime('now').$time['usec']);
-
 /* If cookies were disabled, build the url parameter for the session id.
    It will be append to the url to be redirect */
 $id_session_param = '';
 if (SID != '')
 	$id_session_param = sprintf('&%s=%s',session_name(),session_id());
 
-header(sprintf('Location:tree.php?foo=%s#%s_%s%s',$random_junk,$ldapserver->server_id,rawurlencode($dn),$id_session_param));
+header(sprintf('Location:tree.php?foo=%s#%s_%s%s',random_junk(),$ldapserver->server_id,rawurlencode($dn),$id_session_param));
 ?>

htdocs/compare.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare.php,v 1.12.2.5 2005/12/17 01:28:33 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare.php,v 1.12.2.6 2007/01/27 12:38:59 wurley Exp $
 
 /**
  * Compare two DNs - the destination DN is editable.
@@ -163,7 +163,7 @@ foreach ($attrs_all as $attr) {
 		if ($side == 'src') { ?>
 			<td class="attr">
 				<?php $schema_href="schema.php?server_id=$server_id_src&amp;view=attributes&amp;viewvalue=".real_attr_name($attr); ?>
-				<b><a title="<?php echo sprintf(_('Click to view the schema defintion for attribute type \'%s\''),$attr) ?>" href="<?php echo $schema_href; ?>"><?php echo $attr_display; ?></a></b>
+				<b><a title="<?php echo sprintf(_('Click to view the schema definition for attribute type \'%s\''),$attr) ?>" href="<?php echo $schema_href; ?>"><?php echo $attr_display; ?></a></b>
 			</td>
 
 			<td class="attr_note">

htdocs/compare_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare_form.php,v 1.2.4.2 2005/12/09 14:29:15 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare_form.php,v 1.2.4.3 2006/04/29 03:15:34 wurley Exp $
 
 /**
  * Compares to DN entries side by side.
@@ -14,66 +14,65 @@
 
 require './common.php';
 
-if( ! $ldapserver->haveAuthInfo())
-	pla_error( _('Not enough information to login to server. Please check your configuration.') );
+if (! $ldapserver->haveAuthInfo())
+	pla_error(_('Not enough information to login to server. Please check your configuration.'));
 
 $dn = (isset($_GET['dn']) ? $_GET['dn'] : '');
-
-$encoded_dn = rawurlencode( $dn );
-$rdn = get_rdn( $dn );
-$container = get_container( $dn );
-
-$attrs = $ldapserver->getDNAttrs($dn);
+$rdn = get_rdn($dn);
 $select_server_html = server_select_list($ldapserver->server_id,true,'server_id_dst');
 
-include './header.php'; ?>
+include './header.php';
 
-<body>
+echo '<body>';
 
-<h3 class="title"><?php echo _('Compare another DN with'). '&nbsp;' . $rdn; ?></h3>
-<h3 class="subtitle"><?php echo _('Server'); ?>: <b><?php echo $ldapserver->name; ?></b>
-<?php if ($dn) { ?>
-	 &nbsp;&nbsp;&nbsp; <?php echo _('Distinguished Name')?>: <b><?php echo $dn; ?></b>
-<?php } ?>
-</h3>
+printf('<h3 class="title">%s %s</h3>',_('Compare another DN with'),htmlspecialchars($rdn));
+printf('<h3 class="subtitle">%s: <b>%s</b>',_('Server'),$ldapserver->name);
+if ($dn)
+	printf('&nbsp;&nbsp;&nbsp;%s: <b>%s</b>',_('Distinguished Name'),htmlspecialchars($dn));
+echo '</h3>';
+echo "\n";
 
-<center>
-<?php echo _('Compare'); ?> <b><?php echo htmlspecialchars( $rdn ); ?></b> <?php echo _('with '); ?>:<br />
-<br />
+echo '<center>';
+printf('%s <b>%s</b> %s<br />',_('Compare'),htmlspecialchars($rdn),_('with '));
 
-<form action="compare.php" method="post" name="compare_form">
-<input type="hidden" name="server_id_src" value="<?php echo $ldapserver->server_id; ?>" />
+echo '<form action="compare.php" method="post" name="compare_form">';
+printf('<input type="hidden" name="server_id_src" value="%s" />',$ldapserver->server_id);
+echo "\n";
 
-<table style="border-spacing: 10px">
-<tr>
-	<?php if (! $dn) { ?>
-	<td><acronym title="<?php echo _('Compare this DN with another'); ?>"><?php echo _('Source DN'); ?></acronym>:</td>
-	<td>
-	<input type="text" name="dn_src" size="45" value="<?php echo htmlspecialchars( $dn ); ?>" />
-		<?php draw_chooser_link( 'compare_form.dn_src', 'true', $rdn ); ?></td>
-	</td>
-	<?php } else { ?>
-	<input type="hidden" name="dn_src" value="<?php echo htmlspecialchars( $dn ); ?>" />
-	<?php } ?>
-</tr>
-<tr>
-	<td><acronym title="<?php echo _('Compare this DN with another'); ?>"><?php echo _('Destination DN'); ?></acronym>:</td>
-	<td>
-		<input type="text" name="dn_dst" size="45" value="" />
-		<?php draw_chooser_link( 'compare_form.dn_dst', 'true', '' ); ?></td>
-	</td>
-</tr>
+echo '<table style="border-spacing: 10px">';
+echo "\n";
+echo '<tr><td>';
 
-<tr>
-	<td><?php echo _('Destination Server')?>:</td>
-	<td><?php echo $select_server_html; ?></td>
-</tr>
+if (! $dn) {
+	printf('<acronym title="%s">%s</acronym>:',_('Compare this DN with another'),_('Source DN'));
+	echo '</td><td>';
+	printf('<input type="text" name="dn_src" size="45" value="%s" />',htmlspecialchars($dn));
+	draw_chooser_link('compare_form.dn_src','true',$rdn);
 
-<tr>
-	<td colspan="2" align="right"><input type="submit" value="<?php echo _('Compare'); ?>" /></td>
-</tr>
-</table>
-</form>
-</center>
-</body>
-</html>
+} else
+	printf('<input type="hidden" name="dn_src" value="%s" />',htmlspecialchars($dn));
+
+echo '</td></tr>';
+echo "\n";
+
+echo '<tr>';
+printf('<td><acronym title="%s">%s</acronym>:</td>',_('Compare this DN with another'),_('Destination DN'));
+echo '<td>';
+echo '<input type="text" name="dn_dst" size="45" value="" />';
+draw_chooser_link('compare_form.dn_dst','true','');
+echo '</td>';
+echo '</tr>';
+echo "\n";
+
+printf('<tr><td>%s:</td><td>%s</td></tr>',_('Destination Server'),$select_server_html);
+echo "\n";
+
+printf('<tr><td colspan="2" align="right"><input type="submit" value="%s" /></td></tr>',_('Compare'));
+echo "\n";
+
+echo '</table>';
+echo '</form>';
+echo '</center>';
+echo '</body>';
+echo '</html>';
+?>

htdocs/copy.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy.php,v 1.36.2.10 2005/12/31 03:13:47 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy.php,v 1.36.2.12 2007/03/18 01:31:19 wurley Exp $
 
 /**
  * Copies a given object to create a new one.
@@ -88,7 +88,7 @@ if ($copy_result) {
 
 	if ($do_remove) {
 		sleep(2);
-		$delete_url = sprintf('delete_form.php?server_id=%s&dn=%s',$server_id_dst,rawurlencode($dn_src));
+		$delete_url = sprintf('delete_form.php?server_id=%s&dn=%s',$server_id_src,rawurlencode($dn_src));
 		echo '<!-- redirect to the delete form -->';
 		printf('<script type="text/javascript" language="javascript">parent.right_frame.location="%s" </script>',$delete_url);
 	}
@@ -99,7 +99,7 @@ function r_copy_dn($ldapserver_src,$ldapserver_dst,$snapshottree,$root_dn,$dn_ds
 		debug_log('r_copy_dn: Entered with (%s,%s,%s,%s,%s)',1,
 			$ldapserver_src->server_id,$ldapserver_dst->server_id,$snapshottree,$root_dn,$dn_dst);
 
-	printf('<nobr>%s %s...',_('Copying '),htmlspecialchars($root_dn));
+	printf('<span style="white-space: nowrap;">%s %s...',_('Copying'),htmlspecialchars($root_dn));
 	flush();
 
 	$copy_result = copy_dn($ldapserver_src,$ldapserver_dst,$root_dn,$dn_dst);
@@ -107,7 +107,7 @@ function r_copy_dn($ldapserver_src,$ldapserver_dst,$snapshottree,$root_dn,$dn_ds
 	if (! $copy_result)
 		return false;
 
-	printf('<span style="color:green">%s</span></nobr><br />',_('Success'));
+	printf('<span style="color:green">%s</span><br />',_('Success'));
 	flush();
 
 	$children = isset($snapshottree[$root_dn]) ? $snapshottree[$root_dn] : null;
@@ -172,6 +172,7 @@ function build_tree($ldapserver,$dn,$buildtree) {
 		debug_log('build_tree: Entered with (%s,%s,%s)',1,
 			$ldapserver->server_id,$dn,$buildtree);
 
+	# we search all children, not only the visible children in the tree
 	$children = $ldapserver->getContainerContents($dn,0);
 
 	if (is_array($children) && count($children) > 0) {

htdocs/copy_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy_form.php,v 1.24.4.4 2005/12/11 08:21:03 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy_form.php,v 1.24.4.5 2006/04/29 03:27:41 wurley Exp $
 
 /**
  * Copies a given object to create a new one.
@@ -53,34 +53,46 @@ if (is_array($children) && count($children) > 0) { ?>
 
 echo '<body>';
 
-printf('<h3 class="title">%s %s</h3>',_('Copy '),$rdn);
-printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',_('Server'),$ldapserver->name,_('Distinguished Name'),$dn);
+printf('<h3 class="title">%s %s</h3>',_('Copy'),htmlspecialchars($rdn));
+printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',_('Server'),$ldapserver->name,
+	_('Distinguished Name'),htmlspecialchars($dn));
+echo "\n";
 
 echo '<center>';
-printf('%s <b>%s</b> %s:<br /><br />',_('Copy '),htmlspecialchars($rdn),_('to a new object'));
+printf('%s <b>%s</b> %s:<br /><br />',_('Copy'),htmlspecialchars($rdn),_('to a new object'));
 
 echo '<form action="copy.php" method="post" name="copy_form">';
-printf('<input type="hidden" name="old_dn" value="%s" />',$dn);
+printf('<input type="hidden" name="old_dn" value="%s" />',htmlspecialchars($dn));
 printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
+echo "\n";
 
 echo '<table style="border-spacing: 10px">';
+echo "\n";
+
 echo '<tr>';
-printf('<td><acronym title="%s">%s</acronym>:</td>',_('The full DN of the new entry to be created when copying the source entry'),_('Destination DN'));
+printf('<td><acronym title="%s">%s</acronym>:</td>',
+	_('The full DN of the new entry to be created when copying the source entry'),_('Destination DN'));
 printf('<td><input type="text" name="new_dn" size="45" value="%s" />',htmlspecialchars($dn));
-draw_chooser_link('copy_form.new_dn','true',$rdn);
+draw_chooser_link('copy_form.new_dn','true',htmlspecialchars($rdn));
 echo '</td></tr>';
+echo "\n";
 
 printf('<tr><td>%s</td><td>%s</td></tr>',_('Destination Server'),$select_server_html);
+echo "\n";
 
 if (is_array($children) && count($children) > 0) {
 	echo '<tr>';
 	printf('<td><label for="recursive">%s</label>:</td>',_('Recursive copy'));
 	echo '<td><input type="checkbox" id="recursive" name="recursive" onClick="toggle_disable_filter_field(this)" />';
 	printf('<small>(%s)</small></td>',_('Recursively copy all children of this object as well.'));
-	echo '</tr><tr>';
+	echo '</tr>'."\n";
+
+	echo '<tr>';
 	printf('<td><acronym title="%s">%s</acronym>:</td>',_('When performing a recursive copy, only copy those entries which match this filter'),_('Filter'));
 	echo '<td><input type="text" name="filter" value="(objectClass=*)" size="45" disabled />';
-	echo '</tr><tr>';
+	echo '</tr>'."\n";
+
+	echo '<tr>';
 	printf('<td>%s</td>',_('Delete after copy (move):'));
 	echo '<td><input type="checkbox" name="remove" value="yes"/ disabled>';
 	printf('<small>(%s)</small)</td>',_('Make sure your filter (above) will select all child records.'));
@@ -89,9 +101,12 @@ if (is_array($children) && count($children) > 0) {
 } else {
 	printf('<tr><td>%s</td><td><input type="checkbox" name="remove" value="yes"/></td></tr>',_('Delete after copy (move):'));
 }
+echo "\n";
 
 printf('<tr><td colspan="2" align="right"><input type="submit" value="%s" /></td></tr>',_('Copy '));
+echo "\n";
 echo '</table></form>';
+echo "\n";
 
 echo '<script type="text/javascript" language="javascript">';
 echo '<!--';
@@ -101,7 +116,7 @@ echo '//-->';
 echo '</script>';
 
 if ($config->GetValue('appearance','show_hints'))
-	printf('<small><img src="images/light.png" /><span class="hint">%s</span></small>',_('Hint: Copying between different servers only works if there are no schema violations'));
+	printf('<small><img src="images/light.png" alt="Light" /><span class="hint">%s</span></small>',_('Hint: Copying between different servers only works if there are no schema violations'));
 
 echo '</center></body></html>';
 ?>

htdocs/create_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/create_form.php,v 1.31.2.5 2005/12/31 04:21:37 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/Attic/create_form.php,v 1.31.2.5 2005/12/31 04:21:37 wurley Exp $
 
 /**
  * The menu where the user chooses an RDN, Container, and Template for creating a new entry.

htdocs/css/style.css

@@ -1,4 +1,4 @@
-/* $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/css/style.css,v 1.44.4.2 2005/12/06 22:00:54 wurley Exp $ */
+/* $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/css/style.css,v 1.44.4.3 2008/11/28 14:21:37 wurley Exp $ */
 span.hint {
 	font-size: small;
 	font-weight: normal;
@@ -35,7 +35,7 @@ table.schema_attr th {
 	padding: 5px;
 	color: white;
 	font-weight: bold;
-	font-size: 125%;
+	font-size: 100%;
 }
 
 table.schema_attr td {
@@ -163,7 +163,7 @@ a img {
 body {
 	font-family: arial, helvetica, sans-serif;
 	background-color: white;
-	font-size: 12pt;
+	font-size: 10pt;
 }
 
 table.tree tr.login td {
@@ -204,7 +204,7 @@ table.tree tr.server td {
 	padding-top: 15px;
 	padding-bottom: 0px;
 	vertical-align: top;
-	font-size: 20px;
+	font-size: 12px;
 	text-align: left;
 }
 
@@ -212,7 +212,7 @@ table.tree td.icon {
 	text-align: center;
 	padding: 0px;
 	width: 14px;
-	font-size: 1px;
+	font-size: 10px;
 }
 
 table.tree td.rdn {
@@ -267,7 +267,7 @@ h3.title {
 	background-color: #018;
 	border: 1px solid black;
 	font-weight: normal;
-	font-size: 150%;
+	font-size: 140%;
 }
 
 h3.subtitle {
@@ -317,14 +317,14 @@ table.edit_dn input {
 }
 
 table.edit_dn input.val {
-	font-size: 14px;
+	font-size: 12px;
 	width: 350px; 
 	font-family: arial, helvetica, sans-serif;
 	background-color: white;
 }
 
 table.edit_dn textarea.val {
-	font-size: 14px;
+	font-size: 12px;
 	width: 350px; 
 	font-family: arial, helvetica, sans-serif;
 	background-color: white;
@@ -418,7 +418,7 @@ input.update_dn {
 }
 
 small {
-	font-size: 10pt;
+	font-size: 8pt;
 }
 
 form.edit_dn {
@@ -433,7 +433,7 @@ h4.oclass {
 	margin-top: 8px;
 	font-weight: normal;
 	border: 1px solid black;
-	font-size: 140%;
+	font-size: 120%;
 	color: white;
 }
 
@@ -595,7 +595,7 @@ table.create td.heading {
 }
 
 table.create td.name {
-	font-size: 13px;
+	font-size: 11px;
 	width: 350px; 
 }
 
@@ -642,7 +642,7 @@ table.export_form {
 }
 
 table.export_form tr td {
-	font-size: 13px;
+	font-size: 11px;
 	text-align: left;
 	vertical-align: top;
 	padding: 4px;

htdocs/delete_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.20.4.5 2005/12/11 08:21:03 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.20.4.6 2006/04/29 04:05:14 wurley Exp $
 
 /**
  * delete_form.php
@@ -31,118 +31,123 @@ include './header.php';
 echo '<body>';
 printf('<h3 class="title">'._('Delete %s').'</h3>',htmlspecialchars(get_rdn($dn)));
 printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',
-	_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars(($dn)));
+	_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars($dn));
+echo "\n";
+
+echo '<center>';
 
 if ($has_children) {
-	echo '<center>';
 	printf('<b>%s</b><br /><br />',_('Permanently delete all children also?'));
 	flush();
 
 	# get the total number of child objects (whole sub-tree)
 	$s = $ldapserver->search(null,dn_escape($dn),'objectClass=*',array('dn'));
 	$sub_tree_count = count($s);
-?>
 
-<table class="delete_confirm">
-<tr>
-	<td>
-	<p>
-	<?php printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count); ?>
-	<small>(<a href="search.php?search=true&amp;server_id=<?php echo $ldapserver->server_id; ?>&amp;filter=<?php echo rawurlencode('objectClass=*'); ?>&amp;base_dn=<?php echo rawurlencode($dn); ?>&amp;form=advanced&amp;scope=sub"><?php echo _('view entries'); ?></a>)</small>
-	<br />
-	<br />
+	echo '<table class="delete_confirm">';
+	echo '<tr>';
+	echo '<td><p>';
+	printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count);
+	printf('<small>(<a href="search.php?search=true&amp;server_id=%s&amp;filter=%s&amp;base_dn=%s&amp;form=advanced&amp;scope=sub">%s</a>)</small>',
+		$ldapserver->server_id,rawurlencode('objectClass=*'),rawurlencode($dn),_('view entries'));
+	echo '<br /><br />';
 
-	<?php printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1)); ?><br />
-	<br />
-	<small><?php echo _('Note: this is potentially very dangerous and you do this at your own risk. This operation cannot be undone. Take into consideration aliases, referrals, and other things that may cause problems.'); ?></small>
+	printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1));
+	echo '<br /><br />';
 
-	<br />
-	<br />
-	<table width="100%">
-	<tr>
-		<td>
-		<center>
-			<form action="rdelete.php" method="post">
-			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
-			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
-			<input type="submit" class="scary" value="<?php printf(_('Delete all %s objects'),$sub_tree_count); ?>" />
-			</form>
-		</center>
-		</td>
+	printf('<small>%s</small>',
+		_('Note: this is potentially very dangerous and you do this at your own risk. This operation cannot be undone. Take into consideration aliases, referrals, and other things that may cause problems.'));
+	echo '<br /><br />';
+	echo "\n";
 
-		<td>
-		<center>
-			<form action="template_engine.php" method="get">
-			<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
-			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
-			<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />
-			</form>
-		</center>
-		</td>
-	</tr>
-	</table>
-	</td>
-</tr>
-</table>
+	echo '<table width="100%">';
+	echo '<tr>';
+	echo '<td><center>';
+	echo '<form action="rdelete.php" method="post">';
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
+	printf('<input type="submit" class="scary" value="%s" />',sprintf(_('Delete all %s objects'),$sub_tree_count));
+	echo '</form>';
+	echo '</center></td>';
 
-<?php flush(); ?>
-<br />
-<br />
-<?php echo _('List of entries to be deleted:'); ?><br />
+	echo '<td><center>';
+	echo '<form action="template_engine.php" method="get">';
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
+	printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));
+	echo '</form>';
+	echo '</center></td>';
+	echo '</tr>';
+	echo '</table>';
+	echo "\n";
 
-<select size="<?php echo min(10,$sub_tree_count);?>" multiple disabled style="background:white; color:black;width:500px" >
-	<?php $i=0;
+	echo '</td>';
+	echo '</tr>';
+	echo '</table>';
+	echo "\n";
+
+	flush();
+
+	echo '<br /><br />';
+	echo _('List of entries to be deleted:');
+	echo '<br />';
+
+	printf('<select size="%s" multiple disabled style="background:white; color:black;width:500px" >',min(10,$sub_tree_count));
+	$i=0;
 	foreach ($s as $dn => $junk) {
-		$i++; ?>
+		$i++;
+		printf('<option>%s. %s</option>',$i,htmlspecialchars(dn_unescape($dn)));
+	}
+	echo '</select>';
+	echo "\n";
 
-	<option><?php echo $i; ?>. <?php echo htmlspecialchars((dn_unescape($dn))); ?></option>
-	<?php } ?>
-</select>
-</center>
+} else {
+	echo '<table class="delete_confirm">';
+	echo '<tr>';
 
-<br />
+	echo '<td nowrap>';
+	echo _('Are you sure you want to permanently delete this object?');
+	echo '<br /><br />';
 
-<?php } else { ?>
+	printf('<acronym title="%s">%s</acronym>: <b>%s</b>',_('Distinguished Name'),_('DN'),pretty_print_dn($dn));
+	echo '<br />';
+	printf('%s: <b>%s</b>',_('Server'),htmlspecialchars($ldapserver->name));
+	echo '<br /><br />';
+	echo "\n";
 
-<center>
-<table class="delete_confirm">
-<tr>
-	<td>
-	<?php echo _('Are you sure you want to permanently delete this object?'); ?><br />
-	<br />
-	<nobr><acronym title="<?php echo _('Distinguished Name'); ?>"><?php echo _('DN'); ?></acronym>:  <b><?php echo pretty_print_dn($dn); ?></b></nobr><br />
-	<nobr><?php echo _('Server'); ?>: <b><?php echo htmlspecialchars($ldapserver->name); ?></b></nobr><br />
-	<br />
+	echo '<table width="100%">';
+	echo '<tr>';
 
-	<table width="100%">
-	<tr>
-		<td>
-			<center>
-			<form action="delete.php" method="post">
-			<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
-			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
-			<input type="submit" name="submit" value="<?php echo _('Delete'); ?>" class="scary" />
-			</form>
-			</center>
-		</td>
+	echo '<td><center>';
+	echo '<form action="delete.php" method="post">';
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
+	printf('<input type="submit" name="submit" value="%s" class="scary" />',_('Delete'));
+	echo '</form>';
 
-		<td>
-			<center>
-			<form action="template_engine.php" method="get">
-			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
-			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
-			<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />
-			</form>
-			</center>
-		</td>
-	</tr>
-	</table>
-	</td>
-</tr>
-</table>
-</center>
+	echo '</center></td>';
 
-<?php } ?>
+	echo '<td><center>';
+	echo '<form action="template_engine.php" method="get">';
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
+	printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));
+	echo '</form>';
 
-</body>
-</html>
+	echo '</center></td>';
+	echo '</tr>';
+	echo '</table>';
+	echo "\n";
+
+	echo '</td>';
+	echo '</tr>';
+	echo '</table>';
+	echo "\n";
+
+}
+
+echo '</center>';
+echo '<br />';
+echo '</body>';
+echo '</html>';
+?>

htdocs/entry_chooser.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/entry_chooser.php,v 1.27.2.4 2005/12/31 03:13:48 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/entry_chooser.php,v 1.27.2.5 2008/11/28 14:21:37 wurley Exp $
 
 /**
  * Display a selection (popup window) to pick a DN.
@@ -70,7 +70,9 @@ if (isset($ldapserver) && $container !== false) {
 
 	else
 		foreach ($dn_list as $dn) {
-			$href = sprintf("javascript:returnDN('%s%s')",($rdn ? "$rdn," : ''),$dn);
+			$href = sprintf("javascript:returnDN('%s%s')",
+				($rdn ? '"'.htmlspecialchars(dn_js_escape($rdn)).',"' : ''),
+				htmlspecialchars(dn_js_escape($dn)));
 			echo '&nbsp;&nbsp;&nbsp;';
 			printf('<a href="entry_chooser.php?server_id=%s&amp;form_element=%s&amp;rdn=%s&amp;container=%s"><img src="images/plus.png" /></a>',
 				$ldapserver->server_id,$return_form_element,$rdn,rawurlencode($dn));

htdocs/expand.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/expand.php,v 1.22.4.2 2005/12/08 11:50:06 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/expand.php,v 1.22.4.3 2007/03/18 03:16:05 wurley Exp $
 
 /**
  * This script alters the session variable 'tree', expanding it
@@ -35,17 +35,11 @@ $tree = get_cached_item($ldapserver->server_id,'tree');
 $tree['browser'][$dn]['open'] = true;
 set_cached_item($ldapserver->server_id,'tree','null',$tree);
 
-/* This is for Opera. By putting "random junk" in the query string, it thinks
-   that it does not have a cached version of the page, and will thus
-   fetch the page rather than display the cached version */
-$time = gettimeofday();
-$random_junk = md5(strtotime('now').$time['usec']);
-
 /* If cookies were disabled, build the url parameter for the session id.
    It will be append to the url to be redirect */
 $id_session_param = '';
 if (SID != '')
 	$id_session_param = sprintf('&%s=%s',session_name(),session_id());
 
-header(sprintf('Location:tree.php?foo=%s#%s_%s%s',$random_junk,$ldapserver->server_id,rawurlencode($dn),$id_session_param));
+header(sprintf('Location:tree.php?foo=%s#%s_%s%s',random_junk(),$ldapserver->server_id,rawurlencode($dn),$id_session_param));
 ?>

htdocs/export_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/export_form.php,v 1.22.4.6 2005/12/11 07:41:04 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/export_form.php,v 1.22.4.7 2007/03/18 03:16:05 wurley Exp $
 
 /**
  * export_form.php
@@ -52,9 +52,9 @@ printf('<tr><td>%s</td><td>%s</td></tr>',_('Server'),server_select_list());
 
 echo '<tr>';
 printf('<td style="white-space:nowrap">%s</td>',_('Base DN'));
-printf('<td><nobr><input type="text" name="dn" id="dn" style="width:230px" value="%s" />&nbsp;',htmlspecialchars($dn));
+printf('<td><span style="white-space: nowrap;"><input type="text" name="dn" id="dn" style="width:230px" value="%s" />&nbsp;',htmlspecialchars($dn));
 draw_chooser_link('export_form.dn');
-echo '</nobr></td>';
+echo '</span></td>';
 echo '</tr>';
 
 echo '<tr>';

htdocs/header.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/header.php,v 1.21.2.3 2005/12/11 04:00:23 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/header.php,v 1.21.2.4 2006/04/29 03:14:45 wurley Exp $
 
 /**
  * @package phpLDAPadmin
@@ -7,7 +7,6 @@
 
 /* We want to get $language into scope in case we were included
    from within a function */
-global $config;
 $language = isset($config) ? $language = $config->GetValue('appearance','language') : 'auto';
 
 # text/xml won't work with MSIE, but is very useful for debugging xhtml code.
@@ -17,8 +16,8 @@ $language = isset($config) ? $language = $config->GetValue('appearance','languag
 # XML version and encoding for well-behaved browsers
 echo '<?xml version="1.0" encoding="utf-8"?>'."\n";
 
-echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"';
-echo '  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'."\n";
+echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"'."\n";
+echo '"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'."\n";
 
 printf('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="%s" lang="%s" dir="ltr">',$language,$language);
 echo "\n\n";

htdocs/help.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/help.php,v 1.5 2005/02/26 12:35:05 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/Attic/help.php,v 1.5 2005/02/26 12:35:05 wurley Exp $
 
 /**
  * @package phpLDAPadmin

htdocs/login.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login.php,v 1.51.2.9 2005/12/31 03:13:48 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login.php,v 1.51.2.10 2007/01/27 13:03:56 wurley Exp $
 
 /**
  * For servers whose auth_type is set to 'cookie' or 'session'. Pass me the
@@ -38,7 +38,7 @@ if (! $anon_bind)
 $save_auth_type = $ldapserver->auth_type;
 
 if ($anon_bind) {
-        if (DEBUG_ENABLED)
+	if (DEBUG_ENABLED)
 		debug_log('Anonymous Login was posted [%s].',64,$anon_bind);
 
 	$dn = null;
@@ -78,14 +78,15 @@ if ($anon_bind) {
 
 		# Got through each of the BASE DNs and test the login.
 		foreach ($ldapserver->getBaseDN() as $base_dn) {
-		        if (DEBUG_ENABLED)
+			if (DEBUG_ENABLED)
 				debug_log('Searching LDAP with base [%s]',64,$base_dn);
 
-			$result = array_pop($ldapserver->search(null,$base_dn,$filter,array('dn')));
+			$result = $ldapserver->search(null,$base_dn,$filter,array('dn'));
+			$result = array_pop($result);
 			$dn = $result['dn'];
 
 			if ($dn) {
-			        if (DEBUG_ENABLED)
+				if (DEBUG_ENABLED)
 					debug_log('Got DN [%s] for user ID [%s]',64,$dn,$uid);
 				break;
 			}

htdocs/login_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login_form.php,v 1.25.4.2 2005/12/11 09:03:07 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login_form.php,v 1.25.4.3 2008/11/28 14:21:37 wurley Exp $
 
 /**
  * Displays the login form for a server for users who specify 'cookie' or 'session' for their auth_type.
@@ -69,12 +69,6 @@ include './header.php'; ?>
 <center>
 <table class="login">
 
-<?php if( $ldapserver->isAnonBindAllowed() ) { ?>
-<tr>
-	<td colspan="2"><small><label for="anonymous_bind_checkbox"><?php echo _('Anonymous Bind'); ?></label></small> <input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)" id="anonymous_bind_checkbox"/></td>
-</tr>
-<?php } ?>
-
 <tr>
 <td><small>
 <?php
@@ -94,7 +88,15 @@ else
 </tr>
 
 <tr>
-	<td colspan="2"><center><input type="submit" name="submit" value="<?php echo _('Authenticate'); ?>" /></center></td>
+	<td colspan="2" align="center" valign="bottom">
+	<input type="submit" name="submit" value="<?php echo _('Authenticate'); ?>" />
+<?php if( $ldapserver->isAnonBindAllowed() ) { ?>
+	&nbsp;&nbsp;&nbsp;
+	<input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)" 
+	id="anonymous_bind_checkbox"/>&nbsp;
+	<small><label for="anonymous_bind_checkbox"><?php echo _('Anonymous Bind'); ?></label></small>
+<?php } ?>
+	</td>
 </tr>
 </table>
 </center>

htdocs/rdelete.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rdelete.php,v 1.23.2.2 2005/12/08 11:54:19 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rdelete.php,v 1.23.2.3 2007/03/18 03:16:05 wurley Exp $
 
 /**
  * Recursively deletes the specified DN and all of its children
@@ -57,13 +57,13 @@ function pla_rdelete($ldapserver,$dn) {
 	$children = $ldapserver->getContainerContents($dn);
 
 	if (! is_array($children) || count($children) == 0) {
-		printf('<nobr>'._('Deleting %s').'...',htmlspecialchars($dn));
+		printf('<span style="white-space: nowrap;">%s %s...',_('Deleting'),htmlspecialchars($dn));
 		flush();
 
 		if (run_hook('pre_entry_delete',array('server_id'=>$ldapserver->server_id,'dn'=>$dn)))
 			if ($ldapserver->delete($dn)) {
 		                run_hook('post_entry_delete',array('server_id'=>$ldapserver->server_id,'dn'=>$dn));
-				printf(' <span style="color:green">%s</span></nobr><br />',_('Success'));
+				printf(' <span style="color:green">%s</span></span><br />',_('Success'));
 				return true;
 
 			} else {
@@ -74,13 +74,13 @@ function pla_rdelete($ldapserver,$dn) {
 		foreach ($children as $child_dn)
 			pla_rdelete($ldapserver,$child_dn);
 
-		printf('<nobr>'._('Deleting %s').'...',htmlspecialchars($dn));
+		printf('<span style="white-space: nowrap;">%s %s...',_('Deleting'),htmlspecialchars($dn));
 		flush();
 
 		if (run_hook('pre_entry_delete',array('server_id'=>$ldapserver->server_id,'dn'=>$dn)))
 			if ($ldapserver->delete($dn)) {
 		                run_hook('post_entry_delete',array('server_id'=>$ldapserver->server_id,'dn'=>$dn));
-				printf(' <span style="color:green">%s</span></nobr><br />',_('Success'));
+				printf(' <span style="color:green">%s</span></span><br />',_('Success'));
 				return true;
 
 			} else {

htdocs/rename.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename.php,v 1.29.2.3 2005/12/08 11:54:19 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename.php,v 1.29.2.4 2008/11/28 14:21:37 wurley Exp $
 
 /**
  * Renames a DN to a different name.
@@ -47,13 +47,13 @@ if (count($new_dn_value) != 2 || ! isset($new_dn_value[1]))
 $new_dn_attr = $new_dn_value[0];
 $new_dn_value = $new_dn_value[1];
 
-$success = run_hook('pre_rename_entry',array('server_id'=>$ldapserver->server_id,'old_dn'=>$dn,'new_dn'=>$new_dn_value));
+$success = run_hook('pre_rename_entry',array('server_id'=>$ldapserver->server_id,'old_dn'=>dn_escape($dn),'new_dn'=>dn_escape($new_dn_value)));
 
 if ($success) {
 	$success = false;
 
 	$deleteoldrdn = $old_dn_attr == $new_dn_attr;
-	$success = $ldapserver->rename($dn,$new_rdn,$container,$deleteoldrdn);
+	$success = $ldapserver->rename(dn_escape($dn),dn_escape($new_rdn),$container,$deleteoldrdn);
 
 } else {
 	pla_error(_('Could not rename the entry') );

htdocs/rename_form.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename_form.php,v 1.8.4.2 2005/12/08 11:55:06 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename_form.php,v 1.8.4.3 2006/04/29 03:29:19 wurley Exp $
 
 /**
  * Displays a form for renaming an LDAP entry.
@@ -33,7 +33,7 @@ printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>
 
 echo '<br /><center><form action="rename.php" method="post" class="edit_dn" />';
 printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-printf('<input type="hidden" name="dn" value="%s" />',$dn);
+printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 printf('<input type="text" name="new_rdn" size="30" value="%s" />',htmlspecialchars($rdn));
 printf('<input class="update_dn" type="submit" value="%s" />',_('Rename'));
 echo '</form></center>';

htdocs/schema.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/schema.php,v 1.61.2.5 2005/12/30 11:52:54 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/schema.php,v 1.61.2.7 2007/03/21 23:33:19 wurley Exp $
 
 /**
  * Displays the schema for the specified server_id

htdocs/search.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/search.php,v 1.72.2.11 2005/12/31 03:13:48 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/search.php,v 1.72.2.13 2006/10/28 05:56:56 wurley Exp $
 
 /**
  * Perform LDAP searches and draw the advanced/simple search forms
@@ -43,6 +43,7 @@ if (isset($ldapserver)) {
 }
 
 $filter = isset($_GET['filter']) ? clean_search_vals($_GET['filter']) : null;
+$orderby = isset($_GET['orderby']) ? clean_search_vals($_GET['orderby']) : null;
 $attr = isset($_GET['attribute']) ? $_GET['attribute'] : null;
 
 # grab the base dn for the search
@@ -207,7 +208,8 @@ if (isset($_GET['search'])) {
 					debug_log('Search with base DN [%s]',64,$base_dn);
 			}
 
-			$results = $ldapserver->search(null,dn_escape($base_dn),$filter,$search_result_attributes,$scope,true,$config->GetValue('deref','search'));
+			$results = $ldapserver->search(null,dn_escape($base_dn),$filter,
+				$search_result_attributes,$scope,$orderby,$config->GetValue('deref','search'));
 
 			if ((! $results) && $ldapserver->errno())
 				pla_error(_('Encountered an error while performing search.'),$ldapserver->error(),$ldapserver->errno());
@@ -233,8 +235,8 @@ if (isset($_GET['search'])) {
         <nobr>
         <small>
         <?php
-			printf('[ <a href="export_form.php?server_id=%s&amp;scope=%s&amp;dn=%s&amp;filter=%s&amp;attributes=%s"><img src="images/save.png" /> %s</a> ]',
-				$ldapserver->server_id,$scope,urlencode($base_dn),urlencode($filter),
+			printf('[ <a href="export_form.php?server_id=%s&amp;scope=%s&amp;dn=%s&amp;filter=%s&amp;attributes=%s"><img src="images/save.png" alt="Save" /> %s</a> ]',
+				$ldapserver->server_id,htmlspecialchars($scope),urlencode($base_dn),urlencode($filter),
 				urlencode(join(', ',$search_result_attributes)),_('export results'));
 
 			printf('[ <img src="images/rename.png" /> %s:',_('Format'));

htdocs/server_info.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/server_info.php,v 1.22.2.4 2006/03/08 23:00:18 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/server_info.php,v 1.22.2.5 2007/01/27 13:11:06 wurley Exp $
 
 /**
  * Fetches and displays all information that it can from the specified server
@@ -50,13 +50,15 @@ if (! $ldapserver->haveAuthInfo())
 	pla_error( _('Not enough information to login to server. Please check your configuration.') );
 
 # Fetch basic RootDSE attributes using the + and *.
-$attrs = array_pop($ldapserver->search(null,'','objectClass=*',array('+','*'),'base'));
+$attrs = $ldapserver->search(null,'','objectClass=*',array('+','*'),'base');
+$attrs = array_pop($attrs);
 
 /* After fetching the "basic" attributes from the RootDSE, try fetching the
    more advanced ones (from ths list). Add them to the list of attrs to display
    if they weren't already fetched. (this was added as a work-around for OpenLDAP
    on RHEL 3. */
-$attrs2 = array_pop($ldapserver->search(null,'','objectClass=*',$root_dse_attributes,'base'));
+$attrs2 = $ldapserver->search(null,'','objectClass=*',$root_dse_attributes,'base');
+$attrs2 = array_pop($attrs2);
 
 if (is_array($attrs2))
 	foreach ($attrs2 as $attr => $values)
@@ -83,7 +85,7 @@ foreach ($attrs as $attr => $values) {
 	$schema_href = sprintf('schema.php?server_id=%s&amp;view=attributes&amp;viewvalue=%s',$ldapserver->server_id,$attr);
 
 	echo '<tr><td class="attr">';
-	printf('<b><a title="'._('Click to view the schema defintion for attribute type \'%s\'').'" href="%s">%s</a></b>',
+	printf('<b><a title="'._('Click to view the schema definition for attribute type \'%s\'').'" href="%s">%s</a></b>',
 		$attr,$schema_href,htmlspecialchars($attr));
 	echo '</td></tr>';
 

htdocs/template_engine.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.26.2.34 2006/03/13 23:13:43 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.26.2.40 2008/11/28 14:21:37 wurley Exp $
 
 /**
  * Template render engine.
@@ -38,7 +38,7 @@ if (isset($_REQUEST['dn'])) {
 	if (! $ldapserver->haveAuthInfo())
 		pla_error(_('Not enough information to login to server. Please check your configuration.'));
 
-	$ldapserver->dnExists($dn)
+	$ldapserver->dnExists(dn_escape($dn))
 		or pla_error(sprintf(_('No such entry: %s'),pretty_print_dn($dn)));
 
 	$rdn = get_rdn($dn);
@@ -87,7 +87,7 @@ if (isset($template['empty_attrs'])) {
 		$new_dn = sprintf('%s=%s,%s',$template['rdn'],$_REQUEST['form'][$template['rdn']],$_REQUEST['container']);
 
 		echo '<form action="create.php" method="post">';
-		printf('<input type="hidden" name="new_dn" value="%s" />',$new_dn);
+		printf('<input type="hidden" name="new_dn" value="%s" />',htmlspecialchars($new_dn));
 
 	} else {
 		echo '<form action="template_engine.php" method="post" id="template_form" name="template_form" enctype="multipart/form-data">';
@@ -188,7 +188,7 @@ if (isset($template['empty_attrs'])) {
 	}
 
 	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-	printf('<input type="hidden" name="template" value="%s" />',$_REQUEST['template']);
+	printf('<input type="hidden" name="template" value="%s" />',htmlspecialchars($_REQUEST['template']));
 	printf('<input type="hidden" name="object_classes" value="%s" />',rawurlencode(serialize(array_values($template['objectclass']))));
 	printf('<input type="hidden" name="page" value="%s" />',$page+1);
 
@@ -217,12 +217,12 @@ if (isset($template['empty_attrs'])) {
 			echo '<td class="heading">Container <acronym title="Distinguished Name">DN</acronym>:</td>';
 			printf('<td><input type="text" name="container" size="40" value="%s" disabled />',
 				htmlspecialchars($_REQUEST['container']));
-			printf('<input type="hidden" name="container" value="%s" /></td></tr>',$_REQUEST['container']);
+			printf('<input type="hidden" name="container" value="%s" /></td></tr>',htmlspecialchars($_REQUEST['container']));
 			echo '<tr class="spacer"><td colspan="3"></td></tr>';
 		}
 
 	} else {
-		printf('<td><input type="hidden" name="container" value="%s" /></td></tr>',$_REQUEST['container']);
+		printf('<td><input type="hidden" name="container" value="%s" /></td></tr>',htmlspecialchars($_REQUEST['container']));
 	}
 
 	$count = 0;
@@ -319,7 +319,7 @@ if (isset($template['empty_attrs'])) {
 
 			# Display the icon if one is required.
 			if (isset($detail['icon']) && trim($detail['icon']))
-				printf('<td><img src="%s" /></td>',$detail['icon']);
+				printf('<td><img src="%s" alt="Icon" /></td>',$detail['icon']);
 			else
 				printf('<td>&nbsp;</td>');
 
@@ -489,7 +489,7 @@ if (isset($template['empty_attrs'])) {
 
 	# If there is no count, display the summary
 	if (! $count) {
-			printf('<tr><td><img src="%s" /></td><td><span class="x-small">%s :</span></td><td><b>%s</b></td></tr>',
+			printf('<tr><td><img src="%s" alt="Create" /></td><td><span class="x-small">%s :</span></td><td><b>%s</b></td></tr>',
 				$template['icon'],_('Create Object'),htmlspecialchars($new_dn));
 
 			echo '<tr class="spacer"><td colspan="3"></td></tr>';
@@ -519,9 +519,11 @@ if (isset($template['empty_attrs'])) {
 
 				else {
 					$display = $value;
-					if (isset($template['attribute'][$attr]['type']) && $template['attribute'][$attr]['type'] == 'password')
-						if (obfuscate_password_display($_REQUEST['enc']))
+					if (isset($template['attribute'][$attr]['type']) && $template['attribute'][$attr]['type'] == 'password') {
+						$enc = (isset($_REQUEST['enc'])) ? $_REQUEST['enc'] : get_enc_type($value);
+						if (obfuscate_password_display($enc))
 							$display = '********';
+					}
 
 					printf('<input type="hidden" name="vals[]" value="%s" />',$value);
 					printf('%s</td><td><b>%s</b></td></tr>',$attr,htmlspecialchars($display));
@@ -742,7 +744,7 @@ foreach ($template['attrs'] as $attr => $vals) {
 	$schema_href = sprintf('schema.php?server_id=%s&amp;view=attributes&amp;viewvalue=%s',
 		$ldapserver->server_id,real_attr_name($attr));
 
-	printf('<b><a title="'._('Click to view the schema defintion for attribute type \'%s\'').'" href="%s">%s</a></b>',$attr,$schema_href,$attr_display);
+	printf('<b><a title="'._('Click to view the schema definition for attribute type \'%s\'').'" href="%s">%s</a></b>',$attr,$schema_href,$attr_display);
 	echo '</td>';
 
 	echo '<td class="attr_note">';
@@ -800,15 +802,15 @@ foreach ($template['attrs'] as $attr => $vals) {
 
 		if (count($vals) > 1) {
 			for ($i=1; $i<=count($vals); $i++)
-				printf('<a href="%s&amp;value_num=%s"><img src="images/save.png" /> %s(%s)</a><br />',
+				printf('<a href="%s&amp;value_num=%s"><img src="images/save.png" alt="Save" /> %s(%s)</a><br />',
 					$href,$i,_('download value'),$i);
 
 		} else {
-			printf('<a href="%s"><img src="images/save.png" /> %s</a><br />',$href,_('download value'));
+			printf('<a href="%s"><img src="images/save.png" alt="Save" /> %s</a><br />',$href,_('download value'));
 		}
 
 		if (! $ldapserver->isReadOnly() && ! $ldapserver->isAttrReadOnly($attr))
-			printf('<a href="javascript:deleteAttribute(\'%s\');" style="color:red;"><img src="images/trash.png" /> %s</a>',
+			printf('<a href="javascript:deleteAttribute(\'%s\');" style="color:red;"><img src="images/trash.png" alt="Trash" /> %s</a>',
 				$attr,_('delete attribute'));
 
 		echo '</small>';
@@ -850,10 +852,11 @@ foreach ($template['attrs'] as $attr => $vals) {
 				if (trim($val) == '')
 					printf('<span style="color:red">[%s]</span><br />',_('empty'));
 
-				elseif (! strcasecmp($attr,'userPassword') && $config->GetValue('appearance','obfuscate_password_display'))
+				elseif (! strcasecmp($attr,'userPassword') && $config->GetValue('appearance','obfuscate_password_display')) {
+					$user_password = $val;
 					echo preg_replace('/./','*',$val).'<br />';
 
-				elseif (in_array(strtolower($attr),$shadow_format_attrs)) {
+				} elseif (in_array(strtolower($attr),$shadow_format_attrs)) {
 					$shadow_date = shadow_date($attrs,$attr);
 					echo htmlspecialchars($val).'&nbsp;';
 					echo '<small>';
@@ -867,24 +870,46 @@ foreach ($template['attrs'] as $attr => $vals) {
 
 					echo '</small>';
 
-				} else
-					echo htmlspecialchars($val).'<br />';
+				} else {
+		if (is_dn_string($val) || $ldapserver->isDNAttr($attr))
+
+			if ($ldapserver->dnExists($val)) {
+				printf('<a title="'._('Go to %s').
+					'" href="template_engine.php?server_id=%s&amp;dn=%s"><img '.
+					'style="vertical-align: top" src="images/go.png" alt="Go" '.
+					'/>&nbsp;%s</a>&nbsp;',
+					htmlspecialchars($val),$ldapserver->server_id,
+					rawurlencode($val),dn_unescape($val));
+			} else {
+				printf('<a title="'._('DN not available %s').'"><img '.
+					'style="vertical-align: top" src="images/nogo.png" alt="N/E" '.
+					'/>&nbsp;%s</a>&nbsp;',
+					htmlspecialchars($val),$ldapserver->server_id,
+					rawurlencode($val),dn_unescape($val));
 			}
 
-//@todo: redundant?
-		} else {
+		elseif (is_mail_string($val))
+			printf('<img style="vertical-align: center" src="images/mail.png"'.
+				' alt="Mail" />&nbsp;<a href="mailto:%s">%s</a>&nbsp;',
+			 	htmlspecialchars($val),$val);
 
-			if (! strcasecmp($attr,'userPassword') && obfuscate_password_display())
-				echo preg_replace('/./','*',$vals).'<br />';
-			else
-				echo $vals.'<br />';
+		elseif (is_url_string($val))
+			printf('<img style="vertical-align: center" src="images/dc.png" '.
+				'alt="URL" />&nbsp;<a href="%s" target="new">%s</a>&nbsp;',
+				htmlspecialchars($val),$val);
 
+		else
+					echo htmlspecialchars($val).'<br />';
+
+				}
+			}
 		}
 
-		if (! strcasecmp($attr,'userPassword'))
+		if (! strcasecmp($attr,'userPassword') && isset($user_password))
 			printf('<small><a href="javascript:passwordComparePopup(\'%s\')">%s</a></small>',base64_encode($user_password),_('Check password...'));
 
-		if (preg_match("/^${attr}=/",$rdn))
+		if (preg_match("/^${attr}=/",$rdn) &&
+		 !($ldapserver->isReadOnly() || $ldapserver->isAttrReadOnly($attr)))
 			printf('<small>(<a href="%s">%s</a>)</small>',$rename_href,_('rename'));
 
 		echo '</td>';
@@ -917,8 +942,8 @@ foreach ($template['attrs'] as $attr => $vals) {
 				echo htmlspecialchars($user_password);
 
 			echo '<br />';
-			printf('<input style="width: 260px" type="%s" name="new_values[userpassword][]" value="" />',
-				(obfuscate_password_display($enc_type) ? 'password' : 'text'));
+			printf('<input style="width: 260px" type="%s" name="new_values[userpassword][]" value="%s" />',
+				(obfuscate_password_display($enc_type) ? 'password' : 'text'),htmlspecialchars($user_password));
 
 			echo enc_type_select_list($enc_type);
 
@@ -976,10 +1001,10 @@ foreach ($template['attrs'] as $attr => $vals) {
 		$val = $vals[0];
 
 		printf('<input type="hidden" name="old_values[%s][]" value="%s" />',htmlspecialchars($attr),htmlspecialchars($val));
-		printf('<nobr><input type="text" size="30" id="f_date_%s" name="new_values[%s][0]" value="%s" />&nbsp;',
+		printf('<span style="white-space: nowrap;"><input type="text" size="30" id="f_date_%s" name="new_values[%s][0]" value="%s" />&nbsp;',
 			$attr,htmlspecialchars($attr),htmlspecialchars($val));
 		draw_date_selector_link($attr);
-		echo '</nobr></td>';
+		echo '</span></td>';
 		echo '</tr>';
 		$js[] = sprintf('<script type="text/javascript" language="javascript">defaults[\'f_date_%s\'] = \'%s\';</script>',$attr,$js_date_attrs[$attr]);
 
@@ -1012,8 +1037,8 @@ foreach ($template['attrs'] as $attr => $vals) {
 		# Is this value is a structural objectClass, make it read-only
 		if (! strcasecmp($attr,'objectClass')) {
 
-			printf('<a title="%s" href="schema.php?server_id=%s&amp;view=objectClasses&amp;viewvalue=%s"><img src="images/info.png" /></a>&nbsp;',
-				_('View the schema description for this objectClass'),$ldapserver->server_id,htmlspecialchars($val));
+			printf('<a title="%s" href="schema.php?server_id=%s&amp;view=objectClasses&amp;viewvalue=%s"><img src="images/info.png" alt="Info" /></a>&nbsp;',
+				_('View the schema description for this objectClass'),$ldapserver->server_id,strtolower(htmlspecialchars($val)));
 
 			$schema_object = $ldapserver->getSchemaObjectClass($val);
 
@@ -1030,23 +1055,23 @@ foreach ($template['attrs'] as $attr => $vals) {
 		if (is_dn_string($val) || $ldapserver->isDNAttr($attr))
 
 			if ($ldapserver->dnExists($val)) {
-				printf('<a title="'._('Go to %s').'" href="template_engine.php?server_id=%s&amp;dn=%s"><img style="vertical-align: top" src="images/go.png" /></a>&nbsp;',
+				printf('<a title="'._('Go to %s').'" href="template_engine.php?server_id=%s&amp;dn=%s"><img style="vertical-align: top" src="images/go.png" alt="Go" /></a>&nbsp;',
 					htmlspecialchars($val),$ldapserver->server_id,rawurlencode($val));
 			} else {
-				printf('<a title="'._('DN not available %s').'"><img style="vertical-align: top" src="images/nogo.png" /></a>&nbsp;',
+				printf('<a title="'._('DN not available %s').'"><img style="vertical-align: top" src="images/nogo.png" alt="N/E" /></a>&nbsp;',
 					htmlspecialchars($val),$ldapserver->server_id,rawurlencode($val));
 			}
 
 		elseif (is_mail_string($val))
-			printf('<a href="mailto:%s"><img style="vertical-align: center" src="images/mail.png" /></a>&nbsp;',htmlspecialchars($val));
+			printf('<a href="mailto:%s"><img style="vertical-align: center" src="images/mail.png" alt="Mail" /></a>&nbsp;',htmlspecialchars($val));
 
 		elseif (is_url_string($val))
-			printf('<a href="%s" target="new"><img style="vertical-align: center" src="images/dc.png" /></a>&nbsp;',htmlspecialchars($val));
+			printf('<a href="%s" target="new"><img style="vertical-align: center" src="images/dc.png" alt="URL" /></a>&nbsp;',htmlspecialchars($val));
 
 		if ($ldapserver->isMultiLineAttr($attr,$val))
-			printf('<textarea class="val" rows="3" cols="50" name="%s" id="%s">%s</textarea>',$input_name,$input_id,htmlspecialchars($val));
+			printf('<textarea class="val" rows="3" cols="50" name="%s" id="%s">%s</textarea>',$input_name,$input_id,htmlspecialchars(dn_unescape($val)));
 		else
-			printf('<input type="text" class="val" name="%s" id="%s" value="%s" />&nbsp;',$input_name,$input_id,htmlspecialchars($val));
+			printf('<input type="text" class="val" name="%s" id="%s" value="%s" />&nbsp;',$input_name,$input_id,htmlspecialchars(dn_unescape($val)));
 
 		/* draw a link for popping up the entry browser if this is the type of attribute
 		   that houses DNs. */
@@ -1077,8 +1102,12 @@ foreach ($template['attrs'] as $attr => $vals) {
 
 				$description = isset($group['description']) ? $group['description'] : null;
 
-				if ($description)
+				if (is_array($description)) {
+					foreach ($description as $item)
+						printf(' (%s)',htmlspecialchars($item));
+				} else {
 					printf(' (%s)',htmlspecialchars($description));
+				}
 
 				echo '</small>';
 			}
@@ -1135,7 +1164,7 @@ else
 <!-- This form is submitted by JavaScript when the user clicks "Delete attribute" on a binary attribute -->
 <form name="delete_attribute_form" action="delete_attr.php" method="post">
 	<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
-	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+	<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
 	<input type="hidden" name="attr" value="FILLED IN BY JAVASCRIPT" />
 </form>
 

htdocs/tree.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/tree.php,v 1.88.4.9 2005/12/21 19:28:31 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/Attic/tree.php,v 1.88.4.10 2007/03/18 03:16:06 wurley Exp $
 
 /**
  * This script displays the LDAP tree for all the servers that you have
@@ -77,24 +77,24 @@ echo "\n\n";
 echo '<!-- Links at the top of the tree viewer -->';
 echo '<table class="edit_dn_menu" width=100%><tr>';
 printf('<td><img src="images/home.png" alt="%s" /></td>',_('Home'));
-printf('<td width=50%%><nobr><a href="welcome.php" target="right_frame">%s</a></nobr></td>',_('Home'));
+printf('<td width=50%%><span style="white-space: nowrap;"><a href="welcome.php" target="right_frame">%s</a></span></td>',_('Home'));
 printf('<td><img src="images/trash.png" alt="%s" /></td>',_('Purge caches'));
-printf('<td width=50%%><nobr><a href="purge_cache.php" target="right_frame" title="%s">%s</a></nobr></td>',_('Purge all cached data in phpLDAPadmin, including server schemas.'),_('Purge caches'));
+printf('<td width=50%%><span style="white-space: nowrap;"><a href="purge_cache.php" target="right_frame" title="%s">%s</a></span></td>',_('Purge all cached data in phpLDAPadmin, including server schemas.'),_('Purge caches'));
 echo '</tr><tr>';
 
 if (! $config->GetValue('appearance','hide_configuration_management')) {
 	printf('<td><img src="images/light.png" alt="%s" /></td>',_('light'));
-	printf('<td width=50%%><nobr><a href="%s" target="new">%s</a></nobr></td>',get_href('add_rfe'),_('Request feature'));
+	printf('<td width=50%%><span style="white-space: nowrap;"><a href="%s" target="new">%s</a></span></td>',get_href('add_rfe'),_('Request feature'));
 	printf('<td><img src="images/bug.png" alt="%s" /></td>',_('bug'));
-	printf('<td width=50%%><nobr><a href="%s" target="new">%s</a></nobr></td>',get_href('add_bug'),_('Report a bug'));
+	printf('<td width=50%%><span style="white-space: nowrap;"><a href="%s" target="new">%s</a></span></td>',get_href('add_bug'),_('Report a bug'));
 	echo '</tr><tr>';
 
 	printf('<td><img src="images/smile.png" alt="%s" /></td>',_('Donate'));
-	printf('<td width=50%%><nobr><a href="%s" target="right_frame">%s</a></nobr></td>',get_href('donate'),_('Donate'));
+	printf('<td width=50%%><span style="white-space: nowrap;"><a href="%s" target="right_frame">%s</a></span></td>',get_href('donate'),_('Donate'));
 }
 
 printf('<td><img src="images/help.png" alt="%s" /></td>',_('Help'));
-printf('<td><nobr><a href="help.php" target="right_frame">%s</a></nobr></td>',_('Help'));
+printf('<td><span style="white-space: nowrap;"><a href="help.php" target="right_frame">%s</a></span></td>',_('Help'));
 echo '</tr></table>';
 
 echo "\n\n";

htdocs/update.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update.php,v 1.25.2.6 2006/01/14 23:33:39 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update.php,v 1.25.2.7 2008/11/28 14:21:37 wurley Exp $
 
 /**
  * Updates or deletes a value from a specified attribute for a specified dn.
@@ -49,28 +49,35 @@ $failed_attrs = array();
 if (! is_array($update_array))
 	pla_error(_('update_array is malformed. This might be a phpLDAPadmin bug. Please report it.'));
 
-run_hook ('pre_update',array('server_id'=>$ldapserver->server_id,'dn'=>$dn,'update_array'=>$update_array));
 
 # Check for delete attributes (indicated by the attribute entry appearing like this: attr => ''
-foreach ($update_array as $attr => $val)
-	if (! is_array($val))
+foreach ($update_array as $attr => $val) {
+	if (! is_array($val)) {
 		if (array_key_exists($attr,$skip_array))
 			unset($update_array[$attr]);
-
 		elseif ($val == '')
 			$update_array[$attr] = array();
 
 		# Skip change
-		else
+		else {
+			if (is_dn_string($val) || $ldapserver->isDNAttr($attr))
+				$val=dn_escape($val);
 			$update_array[$attr] = $val;
-
-	else
+		}
+	} else {
 		if (array_key_exists($attr,$skip_array))
 			unset($update_array[$attr]);
 
 		else
-			foreach ($val as $i => $v)
+			foreach ($val as $i => $v) {
+				if (is_dn_string($v) || $ldapserver->isDNAttr($attr))
+					$v=dn_escape($v);
 				$update_array[$attr][$i] = $v;
+			}
+	}
+}
+run_hook ('pre_update',array('server_id'=>$ldapserver->server_id,'dn'=>$dn,'update_array'=>$update_array));
+#die();
 
 /* Call the custom callback for each attribute modification
    and verify that it should be modified.*/

htdocs/update_confirm.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.43.2.8 2006/01/12 22:04:51 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.43.2.13 2008/11/28 14:21:37 wurley Exp $
 
 /**
  * Takes the results of clicking "Save" in template_engine.php and determines which
@@ -76,16 +76,21 @@ foreach ($old_values as $attr => $old_val) {
 }
 
 # Check user password with new encoding.
-if (isset($new_values['userpassword']) && is_array($new_values['userpassword']))
+if (isset($new_values['userpassword']) && is_array($new_values['userpassword'])) {
 	foreach ($new_values['userpassword'] as $key => $userpassword) {
 		if ($userpassword) {
-			$new_val[$key] = password_hash($userpassword,$_POST['enc_type'][$key]);
+			if ($old_values['userpassword'][$key] == $new_values['userpassword'][$key] && 
+				get_enc_type($old_values['userpassword'][$key]) == $_POST['enc_type'][$key])
+				continue;
 
-			if ($new_val[$key] != $old_values['userpassword'][$key])
-				$update_array['userpassword'][$key] = $new_val[$key];
+			$new_values['userpassword'][$key] = password_hash($userpassword,$_POST['enc_type'][$key]);
 		}
 	}
 
+	if ($old_values['userpassword'] != $new_values['userpassword'])
+		$update_array['userpassword'] = $new_values['userpassword'];
+}
+
 # strip empty vals from update_array and ensure consecutive indices for each attribute
 foreach ($update_array as $attr => $val) {
 	if (is_array($val)) {
@@ -139,25 +144,25 @@ if (count($update_array) > 0) {
 
 		printf('<tr class="%s">',$counter%2 ? 'even' : 'odd');
 		printf('<td><b>%s</b></td>',htmlspecialchars($attr));
-		echo '<td><nobr>';
+		echo '<td><span style="white-space: nowrap;">';
 
 		if (strcasecmp($attr,'userPassword') == 0) {
 			foreach ($old_values[$attr] as $key => $value) {
 				if (obfuscate_password_display(get_enc_type($old_values[$attr][$key])))
 					echo preg_replace('/./','*',$old_values[$attr][$key]).'<br />';
 				else
-					echo nl2br(htmlspecialchars($old_values[$attr][$key])).'<br />';
+					echo nl2br(htmlspecialchars(dn_unescape($old_values[$attr][$key]))).'<br />';
 			}
 
 		} elseif (is_array($old_values[$attr]))
 			foreach ($old_values[$attr] as $v)
-				echo nl2br(htmlspecialchars($v)).'<br />';
+				echo nl2br(htmlspecialchars(dn_unescape($v))).'<br />';
 
 		else
-			echo nl2br(htmlspecialchars($old_values[$attr])).'<br />';
+			echo nl2br(htmlspecialchars(dn_unescape($old_values[$attr]))).'<br />';
 
-		echo '</nobr></td>';
-		echo '<td><nobr>';
+		echo '</span></td>';
+		echo '<td><span style="white-space: nowrap;">';
 
 		# Is this a multi-valued attribute?
 		if (is_array($new_val)) {
@@ -167,7 +172,7 @@ if (count($update_array) > 0) {
 						if (obfuscate_password_display(get_enc_type($new_val[$key])))
 							echo preg_replace('/./','*',$new_val[$key]).'<br />';
 						else
-							echo htmlspecialchars($new_val[$key]).'<br />';
+							echo htmlspecialchars(dn_unescape($new_val[$key])).'<br />';
 					}
 				}
 
@@ -180,7 +185,7 @@ if (count($update_array) > 0) {
 						$update_array[$attr] = array_values($update_array[$attr]);
 
 					} else {
-						echo nl2br(htmlspecialchars($v)).'<br />';
+						echo nl2br(htmlspecialchars(dn_unescape($v))).'<br />';
 					}
 				}
 			}
@@ -196,7 +201,7 @@ if (count($update_array) > 0) {
 		} elseif ($new_val != '')
 				printf('<span style="color: red">%s</span>',_('[attribute deleted]'));
 
-		echo '</nobr></td>';
+		echo '</span></td>';
 
  		printf('<td><input name="skip_array[%s]" type="checkbox" /></td>',htmlspecialchars($attr));
 		echo '</tr>'."\n\n";

lib/common.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/common.php,v 1.76.2.6 2005/12/30 02:32:41 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/common.php,v 1.76.2.8 2007/01/27 13:21:35 wurley Exp $
 
 /**
  * Contains code to be executed at the top of each phpLDAPadmin page.
@@ -53,9 +53,6 @@ ob_end_clean();
 # We are now ready for error reporting.
 # Turn on all notices and warnings. This helps us write cleaner code (we hope at least)
 if (phpversion() >= '5') {
-	# Work-around to get PLA to work in PHP5
-	ini_set('zend.ze1_compatibility_mode',1);
-
 	# E_DEBUG is PHP5 specific and prevents warnings about using 'var' to declare class members
 	error_reporting(E_DEBUG);
 } else
@@ -110,6 +107,7 @@ if ($language == 'auto') {
 
 				# Set language
 				putenv('LANG='.$HTTP_LANG); # e.g. LANG=de_DE
+				$HTTP_LANG .= '.UTF-8';
 				setlocale(LC_ALL,$HTTP_LANG); # set LC_ALL to de_DE
 				bindtextdomain('messages',LANGDIR);
 				bind_textdomain_codeset('messages','UTF-8');
@@ -130,6 +128,7 @@ if ($language == 'auto') {
 
 		# Set language
 		putenv('LANG='.$language); # e.g. LANG=de_DE
+		$language .= '.UTF-8';
 		setlocale(LC_ALL,$language); # set LC_ALL to de_DE
 		bindtextdomain('messages',LANGDIR);
 		bind_textdomain_codeset('messages','UTF-8');

lib/config_default.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/config_default.php,v 1.16.2.5 2005/12/08 19:54:38 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/config_default.php,v 1.16.2.6 2007/01/27 13:25:49 wurley Exp $
 
 /**
  * Configuration processing and defaults.
@@ -94,7 +94,7 @@ class Config {
 		 */
 		$this->default->appearance['obfuscate_password_display'] = array(
 			'desc'=>'Obfuscate the display of passwords',
-			'default'=>false);
+			'default'=>true);
 
 		$this->default->appearance['show_clear_password'] = array(
 			'desc'=>'Whether to show clear passwords if we dont obfuscate them',

lib/createlm.php

@@ -1,6 +1,6 @@
 <?php
 /*
-$Id: createlm.php,v 1.2 2005/10/23 01:05:41 wurley Exp $
+$Id: createlm.php,v 1.2.2.1 2006/04/29 07:31:08 wurley Exp $
 
   This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
   Copyright (C) 2004 Roland Gruber
@@ -133,6 +133,14 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 		array( 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8),
 		array( 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11)));
 
+	/**
+	* Fixes too large numbers
+	*/
+	function x($i) {
+		if ($i < 0) return 4294967296 - $i;
+		else return $i;
+	}
+
 	/**
 	* @param integer count
 	* @param array $data
@@ -335,7 +343,11 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 	# Support functions
 	# Ported from SAMBA/source/lib/md4.c:F,G and H respectfully
 	function F($X, $Y, $Z) {
-		return ($X&$Y) | ((~$X)&$Z);
+		$ret = (($X&$Y) | ((~((int)$X))&$Z));
+		if ($this->x($ret) > 4294967296) {
+			$ret = (2*4294967296) - $this->x($ret);
+		}
+		return $ret;
 	}
 
 	function G($X, $Y, $Z) {
@@ -468,6 +480,9 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 		$sum[1] &= 0xffff;
 		$sum[0] &= 0xffff;
 		$ret = ($sum[0]<<16) | $sum[1];
+		if ($this->x($ret) > 4294967296) {
+			$ret = (2*4294967296) - $this->x($ret);
+		}
 		return $ret;
 	}
 
@@ -493,7 +508,14 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 	# Renamed to prevent clash with SAMBA/source/libsmb/smbdes.c:lshift
 	function md4lshift($x, $s) {
 		$x &= 0xFFFFFFFF;
-		return ((($x<<$s)&0xFFFFFFFF) | $this->unsigned_shift_r($x, (32-$s)));
+		if ($this->x($x) > 4294967296) {
+			$x = (2*4294967296) - $this->x($x);
+		}
+		$ret = ((($x<<$s)&0xFFFFFFFF) | $this->unsigned_shift_r($x, (32-$s)));
+		if ($this->x($ret) > 4294967296) {
+			$ret = (2*4294967296) - $this->x($ret);
+		}
+		return $ret;
 	}
 
 	/**

lib/export_functions.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/export_functions.php,v 1.32.2.8 2005/12/10 12:04:37 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/export_functions.php,v 1.32.2.10 2007/01/27 13:28:06 wurley Exp $
 
 /**
  * Fuctions and classes for exporting ldap entries to others formats

lib/functions.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.283.2.33 2006/03/13 23:13:43 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.283.2.42 2008/11/28 14:21:37 wurley Exp $
 
 /**
  * A collection of functions used throughout phpLDAPadmin.
@@ -86,7 +86,7 @@ function pretty_print_dn( $dn ) {
 		debug_log('pretty_print_dn(): Entered with (%s)',1,$dn);
 
 	if (! is_dn_string($dn))
-		pla_error(sprintf(_('DN %s is not an LDAP distinguished name.'),$dn));
+		pla_error(sprintf(_('DN "%s" is not an LDAP distinguished name.'),htmlspecialchars($dn)));
 
 	$dn = pla_explode_dn( $dn );
 	foreach( $dn as $i => $element ) {
@@ -316,6 +316,10 @@ function pla_compare_dns($dn1,$dn2) {
 
 	$dn1_parts = pla_explode_dn(pla_reverse_dn($dn1));
 	$dn2_parts = pla_explode_dn(pla_reverse_dn($dn2));
+
+	if (! $dn1_parts || ! $dn2_parts)
+		return;
+
 	assert(is_array($dn1_parts));
 	assert(is_array($dn2_parts));
 
@@ -420,15 +424,16 @@ function get_next_number(&$ldapserver,$startbase='',$type='uid') {
 
 				if (is_null($base_dn))
 					pla_error(sprintf(_('You specified the "auto_uid_number_mechanism" as "search" in your
-                              configuration for server <b>%s</b>, but you did not specify the
-                              "auto_uid_number_search_base". Please specify it before proceeding.'),$ldapserver->name));
+						configuration for server <b>%s</b>, but you did not specify the
+						"auto_uid_number_search_base". Please specify it before proceeding.'),$ldapserver->name));
 
 			} else {
 				$base_dn = $startbase;
 			}
 
 			if (! $ldapserver->dnExists($base_dn))
-				pla_error(sprintf(_('Your phpLDAPadmin configuration specifies an invalid auto_uid_search_base for server %s'),$ldapserver->name));
+				pla_error(sprintf(_('Your phpLDAPadmin configuration specifies an invalid auto_uid_search_base for server %s'),
+					$ldapserver->name));
 
 			$filter = '(|(uidNumber=*)(gidNumber=*))';
 			$results = array();
@@ -500,8 +505,8 @@ function get_next_number(&$ldapserver,$startbase='',$type='uid') {
 		# No other cases allowed. The user has an error in the configuration
 		default :
 			pla_error( sprintf( _('You specified an invalid value for auto_uid_number_mechanism ("%s")
-                                   in your configration. Only "uidpool" and "search" are valid.
-                                   Please correct this problem.') , $mechanism) );
+				in your configration. Only "uidpool" and "search" are valid.
+				Please correct this problem.') , $mechanism) );
 	}
 }
 
@@ -1015,7 +1020,7 @@ function pla_error( $msg, $ldap_err_msg=null, $ldap_err_no=-1, $fatal=true ) {
 
 	?>
 	<center>
-	<table class="error"><tr><td class="img"><img src="images/warning.png" /></td>
+	<table class="error"><tr><td class="img"><img src="images/warning.png" alt="Warning" /></td>
 	<td><center><h2><?php echo _('Error');?></h2></center>
 	<?php echo $msg; ?>
 	<br />
@@ -1088,15 +1093,16 @@ function pla_error( $msg, $ldap_err_msg=null, $ldap_err_no=-1, $fatal=true ) {
  *
  * @see set_error_handler
  */
-function pla_error_handler( $errno, $errstr, $file, $lineno ) {
+function pla_error_handler($errno,$errstr,$file,$lineno) {
 	if (DEBUG_ENABLED)
 		debug_log('pla_error_handler(): Entered with (%s,%s,%s,%s)',1,$errno,$errstr,$file,$lineno);
 
-	// error_reporting will be 0 if the error context occurred
-	// within a function call with '@' preprended (ie, @ldap_bind() );
-	// So, don't report errors if the caller has specifically
-	// disabled them with '@'
-	if( 0 == ini_get( 'error_reporting' ) || 0 == error_reporting() )
+	/* error_reporting will be 0 if the error context occurred
+	 * within a function call with '@' preprended (ie, @ldap_bind() );
+	 * So, don't report errors if the caller has specifically
+	 * disabled them with '@'
+	 */
+	if (ini_get('error_reporting') == 0 || error_reporting() == 0)
 		return;
 
 	$file = basename( $file );
@@ -1121,7 +1127,7 @@ function pla_error_handler( $errno, $errstr, $file, $lineno ) {
 
 	$errstr = preg_replace("/\s+/"," ",$errstr);
 	if( $errno == E_NOTICE ) {
-		echo sprintf(_('<center><table class=\'notice\'><tr><td colspan=\'2\'><center><img src=\'images/warning.png\' height=\'12\' width=\'13\' />
+		echo sprintf(_('<center><table class=\'notice\'><tr><td colspan=\'2\'><center><img src=\'images/warning.png\' height=\'12\' width=\'13\' alt="Warning" />
              <b>You found a non-fatal phpLDAPadmin bug!</b></td></tr><tr><td>Error:</td><td><b>%s</b> (<b>%s</b>)</td></tr><tr><td>File:</td>
              <td><b>%s</b> line <b>%s</b>, caller <b>%s</b></td></tr><tr><td>Versions:</td><td>PLA: <b>%s</b>, PHP: <b>%s</b>, SAPI: <b>%s</b>
              </td></tr><tr><td>Web server:</td><td><b>%s</b></td></tr>
@@ -1216,7 +1222,8 @@ function draw_jpeg_photos($ldapserver,$dn,$attr_name='jpegPhoto',$draw_delete_bu
 	if (isset($table_html_attrs) && trim($table_html_attrs) )
 		printf('<table %s><tr><td><center>',$table_html_attrs);
 
-	$jpeg_data = array_pop($ldapserver->search(null,$dn,'objectClass=*',array($attr_name),'base'));
+	$jpeg_data = $ldapserver->search(null,$dn,'objectClass=*',array($attr_name),'base');
+	$jpeg_data = array_pop($jpeg_data);
 	if (! $jpeg_data) {
 		printf(_('Could not fetch jpeg data from LDAP server for attribute %s.'),htmlspecialchars($attr_name));
 		return;
@@ -1265,7 +1272,7 @@ function draw_jpeg_photos($ldapserver,$dn,$attr_name='jpegPhoto',$draw_delete_bu
 			$img_height = $height;
 		}
 
-		printf('<img %s%s%s src="view_jpeg_photo.php?file=%s" /><br />',
+		printf('<img %s%s%s src="view_jpeg_photo.php?file=%s" alt="Photo" /><br />',
 			($fixed_width ? '' : 'width="'.$img_width.'" '),
 			($fixed_height ? '' : 'height="'.$img_height.'"'),
 			($img_html_attrs ? $img_html_attrs : ''),basename($jpeg_filename));
@@ -1640,7 +1647,7 @@ function draw_chooser_link( $form_element, $include_choose_text=true, $rdn="none
 
 	$title = _('Click to popup a dialog to select an entry (DN) graphically');
 
-	printf('<a href="%s" title="%s"><img class="chooser" src="images/find.png" /></a>',$href,$title);
+	printf('<a href="%s" title="%s"><img class="chooser" src="images/find.png" alt="Find" /></a>',$href,$title);
 	if ($include_choose_text)
 		printf('<span class="x-small"><a href="%s" title="%s">%s</a></span>',$href,$title,_('browse'));
 }
@@ -1662,6 +1669,8 @@ function draw_chooser_link( $form_element, $include_choose_text=true, $rdn="none
  * </code>
  */
 function pla_explode_dn($dn,$with_attributes=0) {
+	if (DEBUG_ENABLED)
+		debug_log('pla_explode_dn(): Entered with (%s,%s)',1,$dn,$with_attributes);
 	$dn = addcslashes(dn_escape($dn),'<>');
 
 	# split the dn
@@ -1683,17 +1692,41 @@ function pla_explode_dn($dn,$with_attributes=0) {
 }
 
 /**
- * Parse a DN and escape any special characters
+ * Parse a DN and escape any special characters (rfc2253)
  */
 function dn_escape($dn) {
-	# Check if the RDN has a comma and escape it.
-	while (preg_match('/([^\\\\]),(\s*[^=]*\s*),/',$dn))
-		$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*),/','$1\\\\2C$2,',$dn);
-
-	$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*)([^,])$/','$1\\\\2C$2$3',$dn);
-
+	$olddn = $dn;
+	#
+	# http://rfc.net/rfc2253.html
+	# special    = '"' / "," / "=" / "+" / "<" /  ">" / "#" / ";"
+	# Check if the RDN has special chars escape them.
+	# -  only simplest cases are dealt with 
+	# TODO: '=' unhandled
+	# ';' may be used instead of ',' but its use is discouraged
+	while (preg_match('/([^\\\\])[;,](\s*[^=]*\s*)([;,]|$)/',$dn)) {
+		$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*)([;,]|$)/','$1\\\\2c$2$3',$dn);
+		$dn = preg_replace('/([^\\\\]);(\s*[^=]*\s*)([;,]|$)/','$1\\\\3b$2$3',$dn);
+	}
+	$dn = preg_replace('/([^\\\\])\+/','$1\\\\2b',$dn);
+	$dn = preg_replace('/([^\\\\])"/','$1\\\\22',$dn);
+	$dn = preg_replace('/([^\\\\])#([^0-9a-f]|$)/i','$1\\\\23$2',$dn);
+	$dn = preg_replace('/([^\\\\])>/','$1\\\\3e',$dn);
+	$dn = preg_replace('/([^\\\\])</','$1\\\\3c',$dn);
 	if (DEBUG_ENABLED)
-		debug_log('dn_escape(): Entered with (%s), Returning (%s)',1,$dn,$dn);
+		debug_log('dn_escape(): Entered with (%s), Returning (%s)',1,$olddn,$dn);
+
+	return $dn;
+}
+
+/**
+ * Parse a DN and escape any special characters for use in javascript selection
+ */
+function dn_js_escape($dn) {
+	$olddn = $dn;
+	#
+	$dn = preg_replace('/([^\\\\])\'/','$1\\\\\'',$dn);
+	if (DEBUG_ENABLED)
+		debug_log('dn_js_escape(): Entered with (%s), Returning (%s)',1,$olddn,$dn);
 
 	return $dn;
 }
@@ -1715,7 +1748,7 @@ function dn_unescape($dn) {
  */
 function get_href($type,$extra_info='') {
 	$sf = 'https://sourceforge.net';
-	$pla = 'http://wiki.pldapadmin.com';
+	$pla = 'http://wiki.phpldapadmin.info';
 	$group_id = '61828';
 	$bug_atid = '498546';
 	$rfe_atid = '498549';
@@ -1828,6 +1861,7 @@ function pla_reverse_dn($dn) {
 	if (DEBUG_ENABLED)
 		debug_log('pla_reverse_dn(): Entered with (%s)',1,$dn);
 
+	$rev = '';
 	foreach (pla_explode_dn($dn) as $key => $branch) {
 
 		// pla_expode_dn returns the array with an extra count attribute, we can ignore that.
@@ -2267,8 +2301,8 @@ function shadow_date( $attrs, $attr) {
 	if (DEBUG_ENABLED)
 		debug_log('shadow_date(): Entered with (%s,%s)',1,$attrs,$attr);
 
-	$shadowLastChange = isset($attrs['shadowLastChange']) ? $attrs['shadowLastChange'][0] : null;
-	$shadowMax = isset($attrs['shadowMax']) ? $attrs['shadowMax'][0] : null;
+	$shadowLastChange = isset($attrs['shadowLastChange']) ? $attrs['shadowLastChange'] : null;
+	$shadowMax = isset($attrs['shadowMax']) ? $attrs['shadowMax'] : null;
 
 	if( 0 == strcasecmp( $attr, 'shadowLastChange' ) && $shadowLastChange)
 		$shadow_date = $shadowLastChange;
@@ -2676,7 +2710,7 @@ function password_generate() {
 			$leftover = array_merge($leftover,$llower,$lupper,$numbers,$punc);
 
 		shuffle($leftover);
-		$outarray = array_merge($outarray, a_array_rand($leftover, $criteria['num'] - $num_spec));
+		$outarray = array_merge($outarray, a_array_rand($leftover,$length-$num_spec));
 	}
 
 	shuffle($outarray);
@@ -2800,7 +2834,7 @@ function draw_date_selector_link( $attr ) {
 
 	$href = "javascript:dateSelector('$attr');";
 	$title = _('Click to popup a dialog to select a date graphically');
-	printf('<a href="%s" title="%s"><img class="chooser" src="images/calendar.png" id="f_trigger_%s" style="cursor: pointer;" /></a>',$href,$title,$attr);
+	printf('<a href="%s" title="%s"><img class="chooser" src="images/calendar.png" id="f_trigger_%s" style="cursor: pointer;" alt="Calendar" /></a>',$href,$title,$attr);
 }
 
 function no_expire_header() {
@@ -2810,4 +2844,14 @@ function no_expire_header() {
 	header('Cache-Control: post-check=0, pre-check=0', false);
 	header('Pragma: no-cache');
 }
+
+/**
+ * This is for Opera. By putting "random junk" in the query string, it thinks
+ * that it does not have a cached version of the page, and will thus
+ * fetch the page rather than display the cached version
+ */
+function random_junk() {
+	$time = gettimeofday();
+	return md5(strtotime('now').$time['usec']);
+}
 ?>

lib/hooks.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/hooks.php,v 1.6.4.1 2006/01/26 11:49:15 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/hooks.php,v 1.6.4.2 2007/01/27 13:53:20 wurley Exp $
 
 /**
  * Functions related to hooks management.
@@ -171,13 +171,13 @@ function clear_hooks ( $hook_name )      {
 }
 
 /* Evaluating user-made hooks */
-if ( is_dir(HOOKSDIR) ) {
-  $dir = dir (HOOKSDIR);
+if (is_dir(HOOKSDIR)) {
+  $dir = dir(HOOKSDIR);
 
-  while (false !== ($entry = $dir -> read() ) ) {
-      if ( is_file ("hooks/$entry") and eregi ('php[0-9]?$', $entry) ) {
-	  require_once "hooks/$entry";
-      }
+  while (false !== ($entry = $dir->read())) {
+      $filename = sprintf('%s/%s',HOOKSDIR,$entry);
+		if (is_file($filename) and eregi('php[0-9]?$',$entry))
+			require_once "hooks/$entry";
   }
 
   $dir -> close();

lib/search_form_advanced.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/search_form_advanced.php,v 1.23.2.2 2005/12/08 12:06:58 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/search_form_advanced.php,v 1.23.2.3 2006/10/28 05:56:56 wurley Exp $
 
 /**
  * @package phpLDAPadmin
@@ -87,6 +87,12 @@ if( isset( $base_dn_does_not_exist ) && $base_dn_does_not_exist )
 					join(', ',$config->GetValue('search','result_attributes')); ?>" />
 
 	</tr>
+	<tr>
+		<td><small><acronym title="<?php echo htmlspecialchars(_('Order by').'...'); ?>">
+			<?php echo _('Order by'); ?></acronym></small></td>
+
+		<td><input type="text" name="orderby" id="orderby" style="width: 200px" value="<?php echo  $filter ? htmlspecialchars($orderby) : ''; ?>" /></td>
+	</tr>
 	<tr>
 		<td colspan="2"><br /><center><input type="submit" value="<?php echo _('Search'); ?>" /></center></td>
 	</tr>

lib/server_functions.php

@@ -1,5 +1,5 @@
 <?php
-/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.34.2.28 2006/02/25 14:08:54 wurley Exp $ */
+/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.34.2.33 2008/11/28 14:21:37 wurley Exp $ */
 
 /**
  * Classes and functions for LDAP server configuration and capability
@@ -148,7 +148,7 @@ class LDAPserver {
 
 		# Quick return if we have already connected.
 		$resource = $this->_connect($connect_id);
-		if ($resource && ! $reconnect)
+		if (is_resource($resource) && ! $reconnect)
 			return $resource;
 
 		if (DEBUG_ENABLED)
@@ -219,7 +219,7 @@ class LDAPserver {
 
 		# Now that we have worked out the connect_id, lets just check and see if we have already connected.
 		$resource = $this->_connect($connect_id);
-		if ($resource && ! $reconnect)
+		if (is_resource($resource) && ! $reconnect)
 			return $resource;
 
 		run_hook('pre_connect',array('server_id'=>$this->server_id,'connect_id'=>$connect_id));
@@ -335,7 +335,8 @@ class LDAPserver {
 				debug_log('%s::getBaseDN(): Connect to LDAP to find BaseDN',80,get_class($this));
 
 			if ($this->connect()) {
-				$r = array_pop($this->search(null,'','objectClass=*',array('namingContexts'),'base'));
+				$r = $this->search(null,'','objectClass=*',array('namingContexts'),'base');
+				$r = array_pop($r);
 				if (is_array($r))
 						$r = array_change_key_case($r);
 
@@ -1670,13 +1671,13 @@ class LDAPserver {
 	 * @param array $attrs An array of attributes to include in the search result (example: array( "objectClass", "uid", "sn" )).
 	 * @param string $scope The LDAP search scope. Must be one of "base", "one", or "sub". Standard LDAP search scope.
 	 * @param bool $sort_results Specify false to not sort results by DN or true to have the
-	 *                  returned array sorted by DN (uses ksort)
+	 *  returned array sorted by DN (uses ksort)
 	 * @param int $deref When handling aliases or referrals, this specifies whether to follow referrals. Must be one of
-	 *                  LDAP_DEREF_ALWAYS, LDAP_DEREF_NEVER, LDAP_DEREF_SEARCHING, or LDAP_DEREF_FINDING. See the PHP LDAP API for details.
+	 *  LDAP_DEREF_ALWAYS, LDAP_DEREF_NEVER, LDAP_DEREF_SEARCHING, or LDAP_DEREF_FINDING. See the PHP LDAP API for details.
 	 * @param int $size_limit Size limit for search
 	 * @todo: Add entries to tree cache.
 	 */
-	function search($resource=null,$base_dn=null,$filter,$attrs=array(),$scope='sub',$sort_results=true,$deref=LDAP_DEREF_NEVER,$size_limit=0) {
+	function search($resource=null,$base_dn=null,$filter,$attrs=array(),$scope='sub',$sort_results=false,$deref=LDAP_DEREF_NEVER,$size_limit=0) {
 		if (DEBUG_ENABLED)
 			debug_log('%s::search(): Entered with (%s,%s,%s,%s,%s,%s,%s)',17,
 				get_class($this),is_resource($this),$base_dn,$filter,$attrs,$scope,$sort_results,$deref);
@@ -1697,16 +1698,16 @@ class LDAPserver {
 
 		switch ($scope) {
 			case 'base':
-				$search = @ldap_read($resource,$base_dn,$filter,$attrs,0,$size_limit,0,$deref);
+				$search = @ldap_read($resource,dn_escape($base_dn),$filter,$attrs,0,$size_limit,0,$deref);
 				break;
 
 			case 'one':
-				$search = @ldap_list($resource,$base_dn,$filter,$attrs,0,$size_limit,0,$deref);
+				$search = @ldap_list($resource,dn_escape($base_dn),$filter,$attrs,0,$size_limit,0,$deref);
 				break;
 
 			case 'sub':
 			default:
-				$search = @ldap_search($resource,$base_dn,$filter,$attrs,0,$size_limit,0,$deref);
+				$search = @ldap_search($resource,dn_escape($base_dn),$filter,$attrs,0,$size_limit,0,$deref);
 				break;
 		}
 
@@ -1719,6 +1720,10 @@ class LDAPserver {
 
 		$return = array();
 
+		if ($sort_results && is_array($return))
+			if (version_compare(phpversion(),'4.2.0','>='))
+				ldap_sort($resource, $search,$sort_results);
+
 		# Get the first entry identifier
 		if ($entry_id = ldap_first_entry($resource,$search))
 
@@ -1758,8 +1763,6 @@ class LDAPserver {
 
 			} # End while entry_id
 
-		if ($sort_results && is_array($return))
-			ksort($return);
 
 		if (DEBUG_ENABLED)
 			debug_log('%s::search(): Returning (%s)',17,get_class($this),$return);
@@ -2250,7 +2253,7 @@ class LDAPserver {
 	 */
 	function getLoggedInPass() {
 		if (DEBUG_ENABLED)
-			debug_log('%s:getLoggedInPass(): Entered with ()',17,get_class($this));
+			debug_log('%s::getLoggedInPass(): Entered with ()',17,get_class($this));
 
 		if (! $this->auth_type)
 			return false;
@@ -2303,6 +2306,9 @@ class LDAPserver {
 		# Set default return
 		$return = false;
 
+		if (DEBUG_ENABLED)
+			debug_log('%s::getLoggedInDN(): auth_type is [%s]',66,get_class($this),$this->auth_type);
+
 		if ($this->auth_type) {
 			switch ($this->auth_type) {
 				case 'cookie':
@@ -2335,7 +2341,7 @@ class LDAPserver {
 		}
 
 		if (DEBUG_ENABLED)
-			debug_log('%s:getLoggedInDN(): Entered with (), Returning (%s)',17,get_class($this),$return);
+			debug_log('%s::getLoggedInDN(): Entered with (), Returning (%s)',17,get_class($this),$return);
 
 		return $return;
 	}
@@ -2437,7 +2443,8 @@ class LDAPserver {
 			debug_log('%s:getDNAttrs(): Entered with (%s,%s,%s)',17,
 				get_class($this),$dn,$lower_case_attr_names,$deref);
 
-		$attrs = array_pop($this->search(null,dn_escape($dn),'(objectClass=*)',array(),'base',false,$deref));
+		$attrs = $this->search(null,dn_escape($dn),'(objectClass=*)',array(),'base',false,$deref);
+		$attrs = array_pop($attrs);
 
 		if (is_array($attrs)) {
 			if ($lower_case_attr_names)

lib/template_functions.php

@@ -1,5 +1,5 @@
 <?php
-/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/template_functions.php,v 1.29.2.18 2006/02/25 12:14:17 wurley Exp $ */
+/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/template_functions.php,v 1.29.2.20 2007/03/21 23:12:03 wurley Exp $ */
 
 /**
  * Classes and functions for the template engine.ation and capability
@@ -464,7 +464,7 @@ class Templates {
 			U:    Make the result upper case.
 			*/
 			case 'autoFill' :
-				list($attr,$string) = split(',',$arg);
+				list($attr,$string) = preg_split('(([^,]+),(.*))',$arg,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
 				preg_match_all('/%(\w+)(\|[0-9]*-[0-9]*)?(\/[klTU]+)?%/U',$string,$matchall);
 				//print"<PRE>";print_r($matchall); //0 = highlevel match, 1 = attr, 2 = subst, 3 = mod
 
@@ -670,7 +670,7 @@ class Templates {
 
 			else
 				# @todo: Enable size and width configuration in template
-				$html = sprintf('<input type="text" name="%s" size="8">',$id);
+				$html = sprintf('<input type="text" name="%s" size="8" />',$id);
 
 		} else {
 			if (is_array($helper)) {

lib/tree_functions.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/tree_functions.php,v 1.20.2.19 2006/01/02 13:30:34 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/Attic/tree_functions.php,v 1.20.2.23 2007/03/18 03:21:18 wurley Exp $
 
 /**
  * @package phpLDAPadmin
@@ -39,13 +39,13 @@ function draw_server_tree() {
 	echo '<tr class="server">';
 	printf('<td class="icon"><img src="images/server.png" alt="%s" /></td>',_('Server'));
 	printf('<td colspan="99"><a name="%s"></a>',$ldapserver->server_id);
-	printf('<nobr>%s ',htmlspecialchars($ldapserver->name));
+	printf('<span style="white-space: nowrap;">%s ',htmlspecialchars($ldapserver->name));
 
 	if ($ldapserver->haveAuthInfo() && $ldapserver->auth_type != 'config')
 		printf('<acronym title="%s"><img width=14 height=14 src="images/timeout.png" alt="timeout" /></acronym>',
 			sprintf(_('Inactivity will log you off at %s'),strftime('%H:%M',time()+($ldapserver->session_timeout*60))));
 
-	echo '</nobr></td></tr>';
+	echo '</span></td></tr>';
 
 	/* do we have what it takes to authenticate here, or do we need to
 	   present the user with a login link (for 'cookie' and 'session' auth_types)? */
@@ -62,7 +62,7 @@ function draw_server_tree() {
 
 			# Draw the quick-links below the server name:
 			echo '<tr><td colspan="100" class="links">';
-			echo '<nobr>';
+			echo '<span style="white-space: nowrap;">';
 			echo '( ';
 			printf('<a title="%s %s" href="%s">%s</a> | ',_('View schema for'),$ldapserver->name,$schema_href,_('schema'));
 			printf('<a title="%s %s" href="%s">%s</a> | ',_('search'),$ldapserver->name,$search_href,_('search'));
@@ -74,11 +74,11 @@ function draw_server_tree() {
 			if ($ldapserver->auth_type != 'config')
 				printf(' | <a title="%s" href="%s" target="right_frame">%s</a>',_('Logout of this server'),$logout_href,_('logout'));
 
-			echo ' )</nobr></td></tr>';
+			echo ' )</span></td></tr>';
 
 			if ($ldapserver->auth_type != 'config') {
 				$logged_in_dn = $ldapserver->getLoggedInDN();
-				echo '<tr><td class="links" colspan="100"><nobr>'._('Logged in as: ');
+				echo '<tr><td class="links" colspan="100"><span style="white-space: nowrap;">'._('Logged in as: ');
 
 				if ($ldapserver->getDNBase($logged_in_dn) == $logged_in_dn) {
 					$logged_in_branch = '';
@@ -86,10 +86,12 @@ function draw_server_tree() {
 
 				} else {
 					$logged_in_branch = preg_replace('/,'.$ldapserver->getDNBase($logged_in_dn).'$/','',$logged_in_dn);
-					$logged_in_dn_array = explode(',',$logged_in_branch);
+					$logged_in_dn_array = pla_explode_dn($logged_in_branch);
 				}
 
-				$logged_in_dn_array[] = $ldapserver->getDNBase($logged_in_dn);
+				$bases = $ldapserver->getDNBase($logged_in_dn);
+				if (is_array($bases) && count($bases))
+					$logged_in_dn_array[] = $bases;
 
 				$rdn = $logged_in_dn;
 
@@ -108,11 +110,11 @@ function draw_server_tree() {
 				} else
 					echo 'Anonymous';
 
-				echo '</nobr></td></tr>';
+				echo '</span></td></tr>';
 			}
 
 			if ($ldapserver->isReadOnly())
-				printf('<tr><td class="links" colspan="100"><nobr>(%s)</nobr></td></tr>',_('read only'));
+				printf('<tr><td class="links" colspan="100"><span style="white-space: nowrap;">(%s)</span></td></tr>',_('read only'));
 
 			$javascript_forms = '';
 			$javascript_id = 0;
@@ -190,9 +192,6 @@ function draw_server_tree() {
 
 					$icon = isset($tree['browser'][$base_dn]['icon']) ? $tree['browser'][$base_dn]['icon'] : get_icon($ldapserver,$base_dn);
 
-					# Shall we draw the "mass-delete" checkbox?
-					if ($ldapserver->isMassDeleteEnabled())
-						printf('<td><input type="checkbox" name="mass_delete[%s]" /></td>',htmlspecialchars($base_dn));
 
 					if ($config->GetValue('appearance','tree_plm')) {
 						$tree_plm .= sprintf(".|%s|%s|%s|%s|%s|%s\n",
@@ -200,14 +199,19 @@ function draw_server_tree() {
 
 					} else {
 						echo '<tr>';
+
+						# Shall we draw the "mass-delete" checkbox?
+						if ($ldapserver->isMassDeleteEnabled())
+							printf('<td><input type="checkbox" name="mass_delete[%s]" /></td>',htmlspecialchars($base_dn));
+
 						printf('<td class="expander"><a href="%s"><img src="%s" alt="%s" /></a></td>',$expand_href,$expand_img,$expand_alt);
 						printf('<td class="icon"><a href="%s" target="right_frame"><img src="images/%s" alt="img" /></a></td>',$edit_href,$icon);
-						printf('<td class="rdn" colspan="98"><nobr><a href="%s" target="right_frame">%s</a>',$edit_href,pretty_print_dn($base_dn));
+						printf('<td class="rdn" colspan="98"><span style="white-space: nowrap;"><a href="%s" target="right_frame">%s</a>',$edit_href,pretty_print_dn($base_dn));
 
 						if ($child_count)
 							printf(' <span class="count">(%s)</span>',$child_count);
 
-						echo '</nobr></td>';
+						echo '</span></td>';
 						echo '</tr>';
 					}
 
@@ -332,9 +336,9 @@ function draw_tree_html($dn,$ldapserver,$level=0) {
 		$child_count = number_format(count($tree['browser'][$dn]['children']));
 
 		if ((! $child_count) && (! $ldapserver->isShowCreateEnabled()))
-			echo '<td class="expander"><nobr><img src="images/minus.png" alt="-" /></nobr></td>';
+			echo '<td class="expander"><span style="white-space: nowrap;"><img src="images/minus.png" alt="-" /></span></td>';
 		else
-			printf('<td class="expander"><nobr><a href="%s"><img src="images/minus.png" alt="-" /></a></nobr></td>',$collapse_href);
+			printf('<td class="expander"><span style="white-space: nowrap;"><a href="%s"><img src="images/minus.png" alt="-" /></a></span></td>',$collapse_href);
 
 	} else {
 		$size_limit = $config->GetValue('search','size_limit');
@@ -350,21 +354,21 @@ function draw_tree_html($dn,$ldapserver,$level=0) {
 		}
 
 		if ((! $child_count) && (! $ldapserver->isShowCreateEnabled()))
-			echo '<td class="expander"><nobr><img src="images/minus.png" alt="-" /></nobr></td>';
+			echo '<td class="expander"><span style="white-space: nowrap;"><img src="images/minus.png" alt="-" /></span></td>';
 		else
-			printf('<td class="expander"><nobr><a href="%s"><img src="images/plus.png" alt="+" /></a></nobr></td>',$expand_href);
+			printf('<td class="expander"><span style="white-space: nowrap;"><a href="%s"><img src="images/plus.png" alt="+" /></a></span></td>',$expand_href);
 	}
 
 	printf('<td class="icon"><a href="%s" target="right_frame" name="%s_%s"><img src="%s" alt="img" /></a></td>',
 		$edit_href,$ldapserver->server_id,$encoded_dn,$img_src);
 
-	printf('<td class="rdn" colspan="%s"><nobr>',97-$level);
+	printf('<td class="rdn" colspan="%s"><span style="white-space: nowrap;">',97-$level);
 	printf('<a href="%s" target="right_frame">%s</a>',$edit_href,draw_formatted_dn($ldapserver,$dn));
 
 	if ($child_count)
 		printf(' <span class="count">(%s)</span>',$child_count);
 
-	echo '</nobr></td></tr>';
+	echo '</span></td></tr>';
 
 	if (isset($tree['browser'][$dn]['open']) && $tree['browser'][$dn]['open']) {
 		/* Draw the "create new" link at the top of the tree list if there are more than 10

templates/creation/custom.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/creation/custom.php,v 1.43.2.6 2006/03/01 01:04:05 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/creation/Attic/custom.php,v 1.43.2.6 2006/03/01 01:04:05 wurley Exp $
 
 $rdn = isset($_POST['rdn']) ? $_POST['rdn'] : null;
 $container = $_POST['container'];

templates/template_header.php

@@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/template_header.php,v 1.6.4.5 2005/12/09 14:32:37 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/Attic/template_header.php,v 1.6.4.7 2007/03/18 03:23:26 wurley Exp $
 
 /**
  * Header page for engine.
@@ -9,13 +9,11 @@
 
 include './header.php';
 
-$time = gettimeofday();
-$random_junk = md5(strtotime('now').$time['usec']);
 $url_base = sprintf('server_id=%s&amp;dn=%s',$ldapserver->server_id,$encoded_dn);
 
 $export_href_base = sprintf('export_form.php?%s&amp;scope=%s',$url_base,'base');
 $export_href_sub = sprintf('export_form.php?%s&amp;scope=%s',$url_base,'sub');
-$refresh_href = sprintf('template_engine.php?%s&amp;random=%s',$url_base,$random_junk);
+$refresh_href = sprintf('template_engine.php?%s&amp;random=%s',$url_base,random_junk());
 $copy_href = sprintf('copy_form.php?%s',$url_base);
 $intattr_href = sprintf('template_engine.php?%s&amp;show_internal_attrs=true',$url_base);
 $delete_href = sprintf('delete_form.php?%s',$url_base);
@@ -27,8 +25,8 @@ $addattr_href = sprintf('add_attr_form.php?%s',$url_base);
 echo '<body>';
 
 if ($dn) {
-	$actionlayout = '<td class="icon"><img src="images/%s" /></td><td><a href="%s" title="%s">%s</a></td>';
-	$hintlayout = '<td class="icon"><img src="images/light.png" /></td><td colspan="3"><span class="hint">%s</span></td>';
+	$actionlayout = '<td class="icon"><img src="images/%s" alt="%s" /></td><td><a href="%s" title="%s">%s</a></td>';
+	$hintlayout = '<td class="icon"><img src="images/light.png" alt="Hint" /></td><td colspan="3"><span class="hint">%s</span></td>';
 
 	printf('<h3 class="title">%s</h3>',htmlspecialchars($rdn));
 	printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',
@@ -37,24 +35,24 @@ if ($dn) {
 	echo "\n";
 
 	echo '<table class="edit_dn_menu"><tr>';
-	printf($actionlayout,'refresh.png',$refresh_href,_('Refresh this entry'),_('Refresh'));
-	printf($actionlayout,'save.png',$export_href_base,_('Save a dump of this object'),_('Export'));
+	printf($actionlayout,'refresh.png','Refresh',$refresh_href,_('Refresh this entry'),_('Refresh'));
+	printf($actionlayout,'save.png','Save',$export_href_base,_('Save a dump of this object'),_('Export'));
 	echo '</tr><tr>';
 
-	printf($actionlayout,'cut.png',$copy_href,_('Copy this object to another location, a new DN, or another server'),_('Copy or move this entry'));
+	printf($actionlayout,'cut.png','Cut',$copy_href,_('Copy this object to another location, a new DN, or another server'),_('Copy or move this entry'));
 
 	if ($show_internal_attrs)
-		printf($actionlayout,'tools-no.png',$refresh_href,'',_('Hide internal attributes'));
+		printf($actionlayout,'tools-no.png','Hide',$refresh_href,'',_('Hide internal attributes'));
 
 	else
-		printf($actionlayout,'tools.png',$intattr_href,'',_('Show internal attributes'));
+		printf($actionlayout,'tools.png','Show',$intattr_href,'',_('Show internal attributes'));
 
 	echo '</tr>';
 
 	if (! $ldapserver->isReadOnly()) {
 		echo '<tr>';
-		printf($actionlayout,'trash.png',$delete_href,_('You will be prompted to confirm this decision'),_('Delete this entry'));
-		printf($actionlayout,'rename.png',$rename_href,'',_('Rename'));
+		printf($actionlayout,'trash.png','Trash',$delete_href,_('You will be prompted to confirm this decision'),_('Delete this entry'));
+		printf($actionlayout,'rename.png','Rename',$rename_href,'',_('Rename'));
 		echo '</tr>';
 
 		if ($config->GetValue('appearance','show_hints')) {
@@ -64,12 +62,12 @@ if ($dn) {
 		}
 
 		echo '<tr>';
-		printf($actionlayout,'compare.png',$compare_href,'',_('Compare with another entry'));
+		printf($actionlayout,'compare.png','Compare',$compare_href,'',_('Compare with another entry'));
 		echo '</tr>';
 
 		echo '<tr>';
-		printf($actionlayout,'star.png',$create_href,'',_('Create a child entry'));
-		printf($actionlayout,'add.png',$addattr_href,'',_('Add new attribute'));
+		printf($actionlayout,'star.png','Create',$create_href,'',_('Create a child entry'));
+		printf($actionlayout,'add.png','Add',$addattr_href,'',_('Add new attribute'));
 		echo '</tr>';
 	}
 
@@ -84,8 +82,8 @@ if ($dn) {
 			$ldapserver->server_id,rawurlencode('objectClass=*'),$encoded_dn);
 
 		echo '<tr>';
-		printf($actionlayout,'children.png',$child_href,'',($children_count == 1) ? _('View 1 child') : sprintf(_('View %s children'),$children_count));
-		printf($actionlayout,'save.png',$export_href_sub,_('Save a dump of this object and all of its children'),_('Export subtree'));
+		printf($actionlayout,'children.png','Children',$child_href,'',($children_count == 1) ? _('View 1 child') : sprintf(_('View %s children'),$children_count));
+		printf($actionlayout,'save.png','Save',$export_href_sub,_('Save a dump of this object and all of its children'),_('Export subtree'));
 		echo '</tr>';
 	}
 
@@ -116,7 +114,7 @@ if ($dn) {
 	if (! $ldapserver->isReadOnly()) {
 		echo '<form action="update_confirm.php" method="post" name="edit_form">';
 		printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-		printf('<input type="hidden" name="dn" value="%s" />',$dn);
+		printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 	}
 
 	echo '<br />'."\n\n";
@@ -130,7 +128,7 @@ if ($dn) {
 			$schema_href = sprintf('schema.php?server_id=%s&amp;view=attributes&amp;viewvalue=%s',
 				$ldapserver->server_id,real_attr_name($attr));
 
-			printf('<tr><td colspan="2" class="attr"><b><a title="'._('Click to view the schema defintion for attribute type \'%s\'').'" href="%s" />%s</b></td></tr>',
+			printf('<tr><td colspan="2" class="attr"><b><a title="'._('Click to view the schema definition for attribute type \'%s\'').'" href="%s" />%s</b></td></tr>',
 				$attr,$schema_href,htmlspecialchars($attr));
 
 			echo '<tr><td class="val"><small>';

tools/po/make_po_ca

@@ -6,4 +6,4 @@
 # This script is run after make_po to merge the existing German translations to messages.po
 
 ./make_po
-msgmerge -v ../locale/ca_ES/LC_MESSAGES/messages.po messages.po -o messages.po
+msgmerge -v ../../locale/ca_ES/LC_MESSAGES/messages.po messages.po -o messages.po

tools/po/make_po_de

@@ -6,4 +6,4 @@
 # This script is run after make_po to merge the existing German translations to messages.po
 
 ./make_po
-msgmerge -v ../locale/de_DE/LC_MESSAGES/messages.po messages.po -o messages.po
+msgmerge -v ../../locale/de_DE/LC_MESSAGES/messages.po messages.po -o messages.po

tools/po/make_po_es

@@ -6,4 +6,4 @@
 # This script is run to update the existing Spanish translations in messages.po
 
 ./make_po
-msgmerge -v ../locale/es_ES/LC_MESSAGES/messages.po messages.po -o messages.po
+msgmerge -v ../../locale/es_ES/LC_MESSAGES/messages.po messages.po -o messages.po

tools/po/make_po_fr

@@ -6,4 +6,4 @@
 # This script is run after make_po to merge the existing German translations to messages.po
 
 ./make_po
-msgmerge -v ../locale/fr_FR/LC_MESSAGES/messages.po messages.po -o messages.po
+msgmerge -v ../../locale/fr_FR/LC_MESSAGES/messages.po messages.po -o messages.po

tools/po/make_po_hu

@@ -6,4 +6,4 @@
 # This script is run after make_po to merge the existing Hungarian translations to messages.po
 
 ./make_po
-msgmerge -v ../locale/hu_HU/LC_MESSAGES/messages.po messages.po -o messages.po
+msgmerge -v ../../locale/hu_HU/LC_MESSAGES/messages.po messages.po -o messages.po

tools/po/make_po_it

@@ -6,4 +6,4 @@
 # This script is run after make_po to merge the existing German translations to messages.po
 
 ./make_po
-msgmerge -v ../locale/it_IT/LC_MESSAGES/messages.po messages.po -o messages.po
+msgmerge -v ../../locale/it_IT/LC_MESSAGES/messages.po messages.po -o messages.po

tools/po/make_po_ja

@@ -6,4 +6,4 @@
 # This script is run after make_po to merge the existing Japanese translations to messages.po
 
 ./make_po
-msgmerge -v ../locale/ja_JP/LC_MESSAGES/messages.po messages.po -o messages.po
+msgmerge -v ../../locale/ja_JP/LC_MESSAGES/messages.po messages.po -o messages.po

tools/po/messages.header

@@ -3,7 +3,7 @@
 
 msgid ""
 msgstr ""
-"Project-Id-Version: phpldapadmin $Name: RELEASE-0_9_8_1 $\n"
+"Project-Id-Version: phpldapadmin $Name: RELEASE-0_9_8_5 $\n"
 "Report-Msgid-Bugs-To: phpldapadmin-devel@lists.sf.net\n"
 "POT-Creation-Date: 2004-01-14 17:45+0200\n"
 "PO-Revision-Date: 2004-01-14 17:45+0200\n"