RELEASE 0.9.8.3

2009-06-30 20:27:56 +10:00 · 2009-06-30 20:27:56 +10:00 · a01f7c8289
commit a01f7c8289
parent 7741110caf
15 changed files with 284 additions and 239 deletions
--- a/htdocs/compare_form.php
+++ b/htdocs/compare_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare_form.php,v 1.2.4.2 2005/12/09 14:29:15 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/compare_form.php,v 1.2.4.3 2006/04/29 03:15:34 wurley Exp $
 /**
 * Compares to DN entries side by side.
@ -18,62 +18,61 @@ if( ! $ldapserver->haveAuthInfo())
 	pla_error(_('Not enough information to login to server. Please check your configuration.'));
 $dn = (isset($_GET['dn']) ? $_GET['dn'] : '');
 $encoded_dn = rawurlencode( $dn );
 $rdn = get_rdn($dn);
 $container = get_container( $dn );
 $attrs = $ldapserver->getDNAttrs($dn);
 $select_server_html = server_select_list($ldapserver->server_id,true,'server_id_dst');
-include './header.php'; ?>
+include './header.php';
-<body>
+echo '<body>';
-<h3 class="title"><?php echo _('Compare another DN with'). '&nbsp;' . $rdn; ?></h3>
+printf('<h3 class="title">%s %s</h3>',_('Compare another DN with'),htmlspecialchars($rdn));
-<h3 class="subtitle"><?php echo _('Server'); ?>: <b><?php echo $ldapserver->name; ?></b>
+printf('<h3 class="subtitle">%s: <b>%s</b>',_('Server'),$ldapserver->name);
-<?php if ($dn) { ?>
+if ($dn)
-	 &nbsp;&nbsp;&nbsp; <?php echo _('Distinguished Name')?>: <b><?php echo $dn; ?></b>
+	printf('&nbsp;&nbsp;&nbsp;%s: <b>%s</b>',_('Distinguished Name'),htmlspecialchars($dn));
-<?php } ?>
+echo '</h3>';
-</h3>
+echo "\n";
-<center>
+echo '<center>';
-<?php echo _('Compare'); ?> <b><?php echo htmlspecialchars( $rdn ); ?></b> <?php echo _('with '); ?>:<br />
+printf('%s <b>%s</b> %s<br />',_('Compare'),htmlspecialchars($rdn),_('with '));
 <br />
-<form action="compare.php" method="post" name="compare_form">
+echo '<form action="compare.php" method="post" name="compare_form">';
-<input type="hidden" name="server_id_src" value="<?php echo $ldapserver->server_id; ?>" />
+printf('<input type="hidden" name="server_id_src" value="%s" />',$ldapserver->server_id);
 echo "\n";
-<table style="border-spacing: 10px">
+echo '<table style="border-spacing: 10px">';
-<tr>
+echo "\n";
-	<?php if (! $dn) { ?>
+echo '<tr><td>';
 	<td><acronym title="<?php echo _('Compare this DN with another'); ?>"><?php echo _('Source DN'); ?></acronym>:</td>
 	<td>
 	<input type="text" name="dn_src" size="45" value="<?php echo htmlspecialchars( $dn ); ?>" />
 		<?php draw_chooser_link( 'compare_form.dn_src', 'true', $rdn ); ?></td>
 	</td>
 	<?php } else { ?>
 	<input type="hidden" name="dn_src" value="<?php echo htmlspecialchars( $dn ); ?>" />
 	<?php } ?>
 </tr>
 <tr>
 	<td><acronym title="<?php echo _('Compare this DN with another'); ?>"><?php echo _('Destination DN'); ?></acronym>:</td>
 	<td>
 		<input type="text" name="dn_dst" size="45" value="" />
 		<?php draw_chooser_link( 'compare_form.dn_dst', 'true', '' ); ?></td>
 	</td>
 </tr>
-<tr>
+if (! $dn) {
-	<td><?php echo _('Destination Server')?>:</td>
+	printf('<acronym title="%s">%s</acronym>:',_('Compare this DN with another'),_('Source DN'));
-	<td><?php echo $select_server_html; ?></td>
+	echo '</td><td>';
-</tr>
+	printf('<input type="text" name="dn_src" size="45" value="%s" />',htmlspecialchars($dn));
 	draw_chooser_link('compare_form.dn_src','true',$rdn);
-<tr>
+} else
-	<td colspan="2" align="right"><input type="submit" value="<?php echo _('Compare'); ?>" /></td>
+	printf('<input type="hidden" name="dn_src" value="%s" />',htmlspecialchars($dn));
-</tr>
+
-</table>
+echo '</td></tr>';
-</form>
+echo "\n";
-</center>
+
-</body>
+echo '<tr>';
-</html>
+printf('<td><acronym title="%s">%s</acronym>:</td>',_('Compare this DN with another'),_('Destination DN'));
 echo '<td>';
 echo '<input type="text" name="dn_dst" size="45" value="" />';
 draw_chooser_link('compare_form.dn_dst','true','');
 echo '</td>';
 echo '</tr>';
 echo "\n";
 printf('<tr><td>%s:</td><td>%s</td></tr>',_('Destination Server'),$select_server_html);
 echo "\n";
 printf('<tr><td colspan="2" align="right"><input type="submit" value="%s" /></td></tr>',_('Compare'));
 echo "\n";
 echo '</table>';
 echo '</form>';
 echo '</center>';
 echo '</body>';
 echo '</html>';
 ?>
--- a/htdocs/copy_form.php
+++ b/htdocs/copy_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy_form.php,v 1.24.4.4 2005/12/11 08:21:03 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/copy_form.php,v 1.24.4.5 2006/04/29 03:27:41 wurley Exp $
 /**
 * Copies a given object to create a new one.
@ -53,34 +53,46 @@ if (is_array($children) && count($children) > 0) { ?>
 echo '<body>';
-printf('<h3 class="title">%s %s</h3>',_('Copy '),$rdn);
+printf('<h3 class="title">%s %s</h3>',_('Copy'),htmlspecialchars($rdn));
-printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',_('Server'),$ldapserver->name,_('Distinguished Name'),$dn);
+printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',_('Server'),$ldapserver->name,
 	_('Distinguished Name'),htmlspecialchars($dn));
 echo "\n";
 echo '<center>';
 printf('%s <b>%s</b> %s:<br /><br />',_('Copy'),htmlspecialchars($rdn),_('to a new object'));
 echo '<form action="copy.php" method="post" name="copy_form">';
-printf('<input type="hidden" name="old_dn" value="%s" />',$dn);
+printf('<input type="hidden" name="old_dn" value="%s" />',htmlspecialchars($dn));
 printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
 echo "\n";
 echo '<table style="border-spacing: 10px">';
 echo "\n";
 echo '<tr>';
-printf('<td><acronym title="%s">%s</acronym>:</td>',_('The full DN of the new entry to be created when copying the source entry'),_('Destination DN'));
+printf('<td><acronym title="%s">%s</acronym>:</td>',
 	_('The full DN of the new entry to be created when copying the source entry'),_('Destination DN'));
 printf('<td><input type="text" name="new_dn" size="45" value="%s" />',htmlspecialchars($dn));
-draw_chooser_link('copy_form.new_dn','true',$rdn);
+draw_chooser_link('copy_form.new_dn','true',htmlspecialchars($rdn));
 echo '</td></tr>';
 echo "\n";
 printf('<tr><td>%s</td><td>%s</td></tr>',_('Destination Server'),$select_server_html);
 echo "\n";
 if (is_array($children) && count($children) > 0) {
 	echo '<tr>';
 	printf('<td><label for="recursive">%s</label>:</td>',_('Recursive copy'));
 	echo '<td><input type="checkbox" id="recursive" name="recursive" onClick="toggle_disable_filter_field(this)" />';
 	printf('<small>(%s)</small></td>',_('Recursively copy all children of this object as well.'));
-	echo '</tr><tr>';
+	echo '</tr>'."\n";
 	echo '<tr>';
 	printf('<td><acronym title="%s">%s</acronym>:</td>',_('When performing a recursive copy, only copy those entries which match this filter'),_('Filter'));
 	echo '<td><input type="text" name="filter" value="(objectClass=*)" size="45" disabled />';
-	echo '</tr><tr>';
+	echo '</tr>'."\n";
 	echo '<tr>';
 	printf('<td>%s</td>',_('Delete after copy (move):'));
 	echo '<td><input type="checkbox" name="remove" value="yes"/ disabled>';
 	printf('<small>(%s)</small)</td>',_('Make sure your filter (above) will select all child records.'));
@ -89,9 +101,12 @@ if (is_array($children) && count($children) > 0) {
 } else {
 	printf('<tr><td>%s</td><td><input type="checkbox" name="remove" value="yes"/></td></tr>',_('Delete after copy (move):'));
 }
 echo "\n";
 printf('<tr><td colspan="2" align="right"><input type="submit" value="%s" /></td></tr>',_('Copy '));
 echo "\n";
 echo '</table></form>';
 echo "\n";
 echo '<script type="text/javascript" language="javascript">';
 echo '<!--';
@ -101,7 +116,7 @@ echo '//-->';
 echo '</script>';
 if ($config->GetValue('appearance','show_hints'))
-	printf('<small><img src="images/light.png" /><span class="hint">%s</span></small>',_('Hint: Copying between different servers only works if there are no schema violations'));
+	printf('<small><img src="images/light.png" alt="Light" /><span class="hint">%s</span></small>',_('Hint: Copying between different servers only works if there are no schema violations'));
 echo '</center></body></html>';
 ?>
--- a/htdocs/delete_form.php
+++ b/htdocs/delete_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.20.4.5 2005/12/11 08:21:03 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.20.4.6 2006/04/29 04:05:14 wurley Exp $
 /**
 * delete_form.php
@ -31,118 +31,123 @@ include './header.php';
 echo '<body>';
 printf('<h3 class="title">'._('Delete %s').'</h3>',htmlspecialchars(get_rdn($dn)));
 printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',
-	_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars(($dn)));
+	_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars($dn));
 echo "\n";
 echo '<center>';
 if ($has_children) {
 	echo '<center>';
 	printf('<b>%s</b><br /><br />',_('Permanently delete all children also?'));
 	flush();
 	# get the total number of child objects (whole sub-tree)
 	$s = $ldapserver->search(null,dn_escape($dn),'objectClass=*',array('dn'));
 	$sub_tree_count = count($s);
 ?>
-<table class="delete_confirm">
+	echo '<table class="delete_confirm">';
-<tr>
+	echo '<tr>';
-	<td>
+	echo '<td><p>';
-	<p>
+	printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count);
-	<?php printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count); ?>
+	printf('<small>(<a href="search.php?search=true&amp;server_id=%s&amp;filter=%s&amp;base_dn=%s&amp;form=advanced&amp;scope=sub">%s</a>)</small>',
-	<small>(<a href="search.php?search=true&amp;server_id=<?php echo $ldapserver->server_id; ?>&amp;filter=<?php echo rawurlencode('objectClass=*'); ?>&amp;base_dn=<?php echo rawurlencode($dn); ?>&amp;form=advanced&amp;scope=sub"><?php echo _('view entries'); ?></a>)</small>
+		$ldapserver->server_id,rawurlencode('objectClass=*'),rawurlencode($dn),_('view entries'));
-	<br />
+	echo '<br /><br />';
 	<br />
-	<?php printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1)); ?><br />
+	printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1));
-	<br />
+	echo '<br /><br />';
 	<small><?php echo _('Note: this is potentially very dangerous and you do this at your own risk. This operation cannot be undone. Take into consideration aliases, referrals, and other things that may cause problems.'); ?></small>
-	<br />
+	printf('<small>%s</small>',
-	<br />
+		_('Note: this is potentially very dangerous and you do this at your own risk. This operation cannot be undone. Take into consideration aliases, referrals, and other things that may cause problems.'));
-	<table width="100%">
+	echo '<br /><br />';
-	<tr>
+	echo "\n";
 		<td>
 		<center>
 			<form action="rdelete.php" method="post">
 			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
 			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
 			<input type="submit" class="scary" value="<?php printf(_('Delete all %s objects'),$sub_tree_count); ?>" />
 			</form>
 		</center>
 		</td>
-		<td>
+	echo '<table width="100%">';
-		<center>
+	echo '<tr>';
-			<form action="template_engine.php" method="get">
+	echo '<td><center>';
-			<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+	echo '<form action="rdelete.php" method="post">';
-			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
-			<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-			</form>
+	printf('<input type="submit" class="scary" value="%s" />',sprintf(_('Delete all %s objects'),$sub_tree_count));
-		</center>
+	echo '</form>';
-		</td>
+	echo '</center></td>';
 	</tr>
 	</table>
 	</td>
 </tr>
 </table>
-<?php flush(); ?>
+	echo '<td><center>';
-<br />
+	echo '<form action="template_engine.php" method="get">';
-<br />
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
-<?php echo _('List of entries to be deleted:'); ?><br />
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
 	printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));
 	echo '</form>';
 	echo '</center></td>';
 	echo '</tr>';
 	echo '</table>';
 	echo "\n";
-<select size="<?php echo min(10,$sub_tree_count);?>" multiple disabled style="background:white; color:black;width:500px" >
+	echo '</td>';
-	<?php $i=0;
+	echo '</tr>';
 	echo '</table>';
 	echo "\n";
 	flush();
 	echo '<br /><br />';
 	echo _('List of entries to be deleted:');
 	echo '<br />';
 	printf('<select size="%s" multiple disabled style="background:white; color:black;width:500px" >',min(10,$sub_tree_count));
 	$i=0;
 	foreach ($s as $dn => $junk) {
-		$i++; ?>
+		$i++;
 		printf('<option>%s. %s</option>',$i,htmlspecialchars(dn_unescape($dn)));
 	}
 	echo '</select>';
 	echo "\n";
-	<option><?php echo $i; ?>. <?php echo htmlspecialchars((dn_unescape($dn))); ?></option>
+} else {
-	<?php } ?>
+	echo '<table class="delete_confirm">';
-</select>
+	echo '<tr>';
 </center>
-<br />
+	echo '<td nowrap>';
 	echo _('Are you sure you want to permanently delete this object?');
 	echo '<br /><br />';
-<?php } else { ?>
+	printf('<acronym title="%s">%s</acronym>: <b>%s</b>',_('Distinguished Name'),_('DN'),pretty_print_dn($dn));
 	echo '<br />';
 	printf('%s: <b>%s</b>',_('Server'),htmlspecialchars($ldapserver->name));
 	echo '<br /><br />';
 	echo "\n";
-<center>
+	echo '<table width="100%">';
-<table class="delete_confirm">
+	echo '<tr>';
 <tr>
 	<td>
 	<?php echo _('Are you sure you want to permanently delete this object?'); ?><br />
 	<br />
 	<nobr><acronym title="<?php echo _('Distinguished Name'); ?>"><?php echo _('DN'); ?></acronym>:  <b><?php echo pretty_print_dn($dn); ?></b></nobr><br />
 	<nobr><?php echo _('Server'); ?>: <b><?php echo htmlspecialchars($ldapserver->name); ?></b></nobr><br />
 	<br />
-	<table width="100%">
+	echo '<td><center>';
-	<tr>
+	echo '<form action="delete.php" method="post">';
-		<td>
+	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
-			<center>
+	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-			<form action="delete.php" method="post">
+	printf('<input type="submit" name="submit" value="%s" class="scary" />',_('Delete'));
-			<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
+	echo '</form>';
 			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
 			<input type="submit" name="submit" value="<?php echo _('Delete'); ?>" class="scary" />
 			</form>
 			</center>
 		</td>
-		<td>
+	echo '</center></td>';
 			<center>
 			<form action="template_engine.php" method="get">
 			<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
 			<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
 			<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />
 			</form>
 			</center>
 		</td>
 	</tr>
 	</table>
 	</td>
 </tr>
 </table>
 </center>
-<?php } ?>
+	echo '<td><center>';
 	echo '<form action="template_engine.php" method="get">';
 	printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
 	printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));
 	echo '</form>';
-</body>
+	echo '</center></td>';
-</html>
+	echo '</tr>';
 	echo '</table>';
 	echo "\n";
 	echo '</td>';
 	echo '</tr>';
 	echo '</table>';
 	echo "\n";
 }
 echo '</center>';
 echo '<br />';
 echo '</body>';
 echo '</html>';
 ?>
--- a/htdocs/header.php
+++ b/htdocs/header.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/header.php,v 1.21.2.3 2005/12/11 04:00:23 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/header.php,v 1.21.2.4 2006/04/29 03:14:45 wurley Exp $
 /**
 * @package phpLDAPadmin
@ -7,7 +7,6 @@
 /* We want to get $language into scope in case we were included
   from within a function */
 global $config;
 $language = isset($config) ? $language = $config->GetValue('appearance','language') : 'auto';
 # text/xml won't work with MSIE, but is very useful for debugging xhtml code.
@ -17,7 +16,7 @@ $language = isset($config) ? $language = $config->GetValue('appearance','languag
 # XML version and encoding for well-behaved browsers
 echo '<?xml version="1.0" encoding="utf-8"?>'."\n";
-echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"';
+echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"'."\n";
 echo '"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'."\n";
 printf('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="%s" lang="%s" dir="ltr">',$language,$language);
--- a/htdocs/rename_form.php
+++ b/htdocs/rename_form.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename_form.php,v 1.8.4.2 2005/12/08 11:55:06 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename_form.php,v 1.8.4.3 2006/04/29 03:29:19 wurley Exp $
 /**
 * Displays a form for renaming an LDAP entry.
@ -33,7 +33,7 @@ printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>
 echo '<br /><center><form action="rename.php" method="post" class="edit_dn" />';
 printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-printf('<input type="hidden" name="dn" value="%s" />',$dn);
+printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 printf('<input type="text" name="new_rdn" size="30" value="%s" />',htmlspecialchars($rdn));
 printf('<input class="update_dn" type="submit" value="%s" />',_('Rename'));
 echo '</form></center>';
--- a/htdocs/search.php
+++ b/htdocs/search.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/search.php,v 1.72.2.11 2005/12/31 03:13:48 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/search.php,v 1.72.2.12 2006/04/29 05:45:34 wurley Exp $
 /**
 * Perform LDAP searches and draw the advanced/simple search forms
@ -233,8 +233,8 @@ if (isset($_GET['search'])) {
        <nobr>
        <small>
        <?php
-			printf('[ <a href="export_form.php?server_id=%s&amp;scope=%s&amp;dn=%s&amp;filter=%s&amp;attributes=%s"><img src="images/save.png" /> %s</a> ]',
+			printf('[ <a href="export_form.php?server_id=%s&amp;scope=%s&amp;dn=%s&amp;filter=%s&amp;attributes=%s"><img src="images/save.png" alt="Save" /> %s</a> ]',
-				$ldapserver->server_id,$scope,urlencode($base_dn),urlencode($filter),
+				$ldapserver->server_id,htmlspecialchars($scope),urlencode($base_dn),urlencode($filter),
 				urlencode(join(', ',$search_result_attributes)),_('export results'));
 			printf('[ <img src="images/rename.png" /> %s:',_('Format'));
--- a/htdocs/template_engine.php
+++ b/htdocs/template_engine.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.26.2.34 2006/03/13 23:13:43 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.26.2.37 2006/05/05 12:50:34 wurley Exp $
 /**
 * Template render engine.
@ -87,7 +87,7 @@ if (isset($template['empty_attrs'])) {
 		$new_dn = sprintf('%s=%s,%s',$template['rdn'],$_REQUEST['form'][$template['rdn']],$_REQUEST['container']);
 		echo '<form action="create.php" method="post">';
-		printf('<input type="hidden" name="new_dn" value="%s" />',$new_dn);
+		printf('<input type="hidden" name="new_dn" value="%s" />',htmlspecialchars($new_dn));
 	} else {
 		echo '<form action="template_engine.php" method="post" id="template_form" name="template_form" enctype="multipart/form-data">';
@ -188,7 +188,7 @@ if (isset($template['empty_attrs'])) {
 	}
 	printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-	printf('<input type="hidden" name="template" value="%s" />',$_REQUEST['template']);
+	printf('<input type="hidden" name="template" value="%s" />',htmlspecialchars($_REQUEST['template']));
 	printf('<input type="hidden" name="object_classes" value="%s" />',rawurlencode(serialize(array_values($template['objectclass']))));
 	printf('<input type="hidden" name="page" value="%s" />',$page+1);
@ -217,12 +217,12 @@ if (isset($template['empty_attrs'])) {
 			echo '<td class="heading">Container <acronym title="Distinguished Name">DN</acronym>:</td>';
 			printf('<td><input type="text" name="container" size="40" value="%s" disabled />',
 				htmlspecialchars($_REQUEST['container']));
-			printf('<input type="hidden" name="container" value="%s" /></td></tr>',$_REQUEST['container']);
+			printf('<input type="hidden" name="container" value="%s" /></td></tr>',htmlspecialchars($_REQUEST['container']));
 			echo '<tr class="spacer"><td colspan="3"></td></tr>';
 		}
 	} else {
-		printf('<td><input type="hidden" name="container" value="%s" /></td></tr>',$_REQUEST['container']);
+		printf('<td><input type="hidden" name="container" value="%s" /></td></tr>',htmlspecialchars($_REQUEST['container']));
 	}
 	$count = 0;
@ -319,7 +319,7 @@ if (isset($template['empty_attrs'])) {
 			# Display the icon if one is required.
 			if (isset($detail['icon']) && trim($detail['icon']))
-				printf('<td><img src="%s" /></td>',$detail['icon']);
+				printf('<td><img src="%s" alt="Icon" /></td>',$detail['icon']);
 			else
 				printf('<td>&nbsp;</td>');
@ -489,7 +489,7 @@ if (isset($template['empty_attrs'])) {
 	# If there is no count, display the summary
 	if (! $count) {
-			printf('<tr><td><img src="%s" /></td><td><span class="x-small">%s :</span></td><td><b>%s</b></td></tr>',
+			printf('<tr><td><img src="%s" alt="Create" /></td><td><span class="x-small">%s :</span></td><td><b>%s</b></td></tr>',
 				$template['icon'],_('Create Object'),htmlspecialchars($new_dn));
 			echo '<tr class="spacer"><td colspan="3"></td></tr>';
@ -800,15 +800,15 @@ foreach ($template['attrs'] as $attr => $vals) {
 		if (count($vals) > 1) {
 			for ($i=1; $i<=count($vals); $i++)
-				printf('<a href="%s&amp;value_num=%s"><img src="images/save.png" /> %s(%s)</a><br />',
+				printf('<a href="%s&amp;value_num=%s"><img src="images/save.png" alt="Save" /> %s(%s)</a><br />',
 					$href,$i,_('download value'),$i);
 		} else {
-			printf('<a href="%s"><img src="images/save.png" /> %s</a><br />',$href,_('download value'));
+			printf('<a href="%s"><img src="images/save.png" alt="Save" /> %s</a><br />',$href,_('download value'));
 		}
 		if (! $ldapserver->isReadOnly() && ! $ldapserver->isAttrReadOnly($attr))
-			printf('<a href="javascript:deleteAttribute(\'%s\');" style="color:red;"><img src="images/trash.png" /> %s</a>',
+			printf('<a href="javascript:deleteAttribute(\'%s\');" style="color:red;"><img src="images/trash.png" alt="Trash" /> %s</a>',
 				$attr,_('delete attribute'));
 		echo '</small>';
@ -850,10 +850,11 @@ foreach ($template['attrs'] as $attr => $vals) {
 				if (trim($val) == '')
 					printf('<span style="color:red">[%s]</span><br />',_('empty'));
-				elseif (! strcasecmp($attr,'userPassword') && $config->GetValue('appearance','obfuscate_password_display'))
+				elseif (! strcasecmp($attr,'userPassword') && $config->GetValue('appearance','obfuscate_password_display')) {
 					$user_password = $val;
 					echo preg_replace('/./','*',$val).'<br />';
-				elseif (in_array(strtolower($attr),$shadow_format_attrs)) {
+				} elseif (in_array(strtolower($attr),$shadow_format_attrs)) {
 					$shadow_date = shadow_date($attrs,$attr);
 					echo htmlspecialchars($val).'&nbsp;';
 					echo '<small>';
@ -870,18 +871,9 @@ foreach ($template['attrs'] as $attr => $vals) {
 				} else
 					echo htmlspecialchars($val).'<br />';
 			}
 //@todo: redundant?
 		} else {
 			if (! strcasecmp($attr,'userPassword') && obfuscate_password_display())
 				echo preg_replace('/./','*',$vals).'<br />';
 			else
 				echo $vals.'<br />';
 		}
-		if (! strcasecmp($attr,'userPassword'))
+		if (! strcasecmp($attr,'userPassword') && isset($user_password))
 			printf('<small><a href="javascript:passwordComparePopup(\'%s\')">%s</a></small>',base64_encode($user_password),_('Check password...'));
 		if (preg_match("/^${attr}=/",$rdn))
@ -917,8 +909,8 @@ foreach ($template['attrs'] as $attr => $vals) {
 				echo htmlspecialchars($user_password);
 			echo '<br />';
-			printf('<input style="width: 260px" type="%s" name="new_values[userpassword][]" value="" />',
+			printf('<input style="width: 260px" type="%s" name="new_values[userpassword][]" value="%s" />',
-				(obfuscate_password_display($enc_type) ? 'password' : 'text'));
+				(obfuscate_password_display($enc_type) ? 'password' : 'text'),htmlspecialchars($user_password));
 			echo enc_type_select_list($enc_type);
@ -1012,7 +1004,7 @@ foreach ($template['attrs'] as $attr => $vals) {
 		# Is this value is a structural objectClass, make it read-only
 		if (! strcasecmp($attr,'objectClass')) {
-			printf('<a title="%s" href="schema.php?server_id=%s&amp;view=objectClasses&amp;viewvalue=%s"><img src="images/info.png" /></a>&nbsp;',
+			printf('<a title="%s" href="schema.php?server_id=%s&amp;view=objectClasses&amp;viewvalue=%s"><img src="images/info.png" alt="Info" /></a>&nbsp;',
 				_('View the schema description for this objectClass'),$ldapserver->server_id,htmlspecialchars($val));
 			$schema_object = $ldapserver->getSchemaObjectClass($val);
@ -1038,10 +1030,10 @@ foreach ($template['attrs'] as $attr => $vals) {
 			}
 		elseif (is_mail_string($val))
-			printf('<a href="mailto:%s"><img style="vertical-align: center" src="images/mail.png" /></a>&nbsp;',htmlspecialchars($val));
+			printf('<a href="mailto:%s"><img style="vertical-align: center" src="images/mail.png" alt="Mail" /></a>&nbsp;',htmlspecialchars($val));
 		elseif (is_url_string($val))
-			printf('<a href="%s" target="new"><img style="vertical-align: center" src="images/dc.png" /></a>&nbsp;',htmlspecialchars($val));
+			printf('<a href="%s" target="new"><img style="vertical-align: center" src="images/dc.png" alt="URL" /></a>&nbsp;',htmlspecialchars($val));
 		if ($ldapserver->isMultiLineAttr($attr,$val))
 			printf('<textarea class="val" rows="3" cols="50" name="%s" id="%s">%s</textarea>',$input_name,$input_id,htmlspecialchars($val));
@ -1135,7 +1127,7 @@ else
 <!-- This form is submitted by JavaScript when the user clicks "Delete attribute" on a binary attribute -->
 <form name="delete_attribute_form" action="delete_attr.php" method="post">
 	<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
-	<input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+	<input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
 	<input type="hidden" name="attr" value="FILLED IN BY JAVASCRIPT" />
 </form>
--- a/htdocs/update_confirm.php
+++ b/htdocs/update_confirm.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.43.2.8 2006/01/12 22:04:51 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.43.2.11 2006/05/13 12:43:47 wurley Exp $
 /**
 * Takes the results of clicking "Save" in template_engine.php and determines which
@ -76,16 +76,21 @@ foreach ($old_values as $attr => $old_val) {
 }
 # Check user password with new encoding.
-if (isset($new_values['userpassword']) && is_array($new_values['userpassword']))
+if (isset($new_values['userpassword']) && is_array($new_values['userpassword'])) {
 	foreach ($new_values['userpassword'] as $key => $userpassword) {
 		if ($userpassword) {
-			$new_val[$key] = password_hash($userpassword,$_POST['enc_type'][$key]);
+			if ($old_values['userpassword'][$key] == $new_values['userpassword'][$key] && 
 				get_enc_type($old_values['userpassword'][$key]) == $_POST['enc_type'][$key])
 				continue;
-			if ($new_val[$key] != $old_values['userpassword'][$key])
+			$new_values['userpassword'][$key] = password_hash($userpassword,$_POST['enc_type'][$key]);
 				$update_array['userpassword'][$key] = $new_val[$key];
 		}
 	}
 	if ($old_values['userpassword'] != $new_values['userpassword'])
 		$update_array['userpassword'] = $new_values['userpassword'];
 }
 # strip empty vals from update_array and ensure consecutive indices for each attribute
 foreach ($update_array as $attr => $val) {
 	if (is_array($val)) {
--- a/lib/common.php
+++ b/lib/common.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/common.php,v 1.76.2.6 2005/12/30 02:32:41 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/common.php,v 1.76.2.7 2006/04/29 06:31:27 wurley Exp $
 /**
 * Contains code to be executed at the top of each phpLDAPadmin page.
@ -53,9 +53,6 @@ ob_end_clean();
 # We are now ready for error reporting.
 # Turn on all notices and warnings. This helps us write cleaner code (we hope at least)
 if (phpversion() >= '5') {
 	# Work-around to get PLA to work in PHP5
 	ini_set('zend.ze1_compatibility_mode',1);
 	# E_DEBUG is PHP5 specific and prevents warnings about using 'var' to declare class members
 	error_reporting(E_DEBUG);
 } else
--- a/lib/createlm.php
+++ b/lib/createlm.php
@ -1,6 +1,6 @@
 <?php
 /*
-$Id: createlm.php,v 1.2 2005/10/23 01:05:41 wurley Exp $
+$Id: createlm.php,v 1.2.2.1 2006/04/29 07:31:08 wurley Exp $
  This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
  Copyright (C) 2004 Roland Gruber
@ -133,6 +133,14 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 		array( 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8),
 		array( 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11)));
 	/**
 	* Fixes too large numbers
 	*/
 	function x($i) {
 		if ($i < 0) return 4294967296 - $i;
 		else return $i;
 	}
 	/**
 	* @param integer count
 	* @param array $data
@ -335,7 +343,11 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 	# Support functions
 	# Ported from SAMBA/source/lib/md4.c:F,G and H respectfully
 	function F($X, $Y, $Z) {
-		return ($X&$Y) | ((~$X)&$Z);
+		$ret = (($X&$Y) | ((~((int)$X))&$Z));
 		if ($this->x($ret) > 4294967296) {
 			$ret = (2*4294967296) - $this->x($ret);
 		}
 		return $ret;
 	}
 	function G($X, $Y, $Z) {
@ -468,6 +480,9 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 		$sum[1] &= 0xffff;
 		$sum[0] &= 0xffff;
 		$ret = ($sum[0]<<16) | $sum[1];
 		if ($this->x($ret) > 4294967296) {
 			$ret = (2*4294967296) - $this->x($ret);
 		}
 		return $ret;
 	}
@ -493,7 +508,14 @@ var $sbox = array(array(array(14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5
 	# Renamed to prevent clash with SAMBA/source/libsmb/smbdes.c:lshift
 	function md4lshift($x, $s) {
 		$x &= 0xFFFFFFFF;
-		return ((($x<<$s)&0xFFFFFFFF) | $this->unsigned_shift_r($x, (32-$s)));
+		if ($this->x($x) > 4294967296) {
 			$x = (2*4294967296) - $this->x($x);
 		}
 		$ret = ((($x<<$s)&0xFFFFFFFF) | $this->unsigned_shift_r($x, (32-$s)));
 		if ($this->x($ret) > 4294967296) {
 			$ret = (2*4294967296) - $this->x($ret);
 		}
 		return $ret;
 	}
 	/**
--- a/lib/functions.php
+++ b/lib/functions.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.283.2.33 2006/03/13 23:13:43 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.283.2.36 2006/05/07 05:25:56 wurley Exp $
 /**
 * A collection of functions used throughout phpLDAPadmin.
@ -86,7 +86,7 @@ function pretty_print_dn( $dn ) {
 		debug_log('pretty_print_dn(): Entered with (%s)',1,$dn);
 	if (! is_dn_string($dn))
-		pla_error(sprintf(_('DN %s is not an LDAP distinguished name.'),$dn));
+		pla_error(sprintf(_('DN "%s" is not an LDAP distinguished name.'),htmlspecialchars($dn)));
 	$dn = pla_explode_dn( $dn );
 	foreach( $dn as $i => $element ) {
@ -1015,7 +1015,7 @@ function pla_error( $msg, $ldap_err_msg=null, $ldap_err_no=-1, $fatal=true ) {
 	?>
 	<center>
-	<table class="error"><tr><td class="img"><img src="images/warning.png" /></td>
+	<table class="error"><tr><td class="img"><img src="images/warning.png" alt="Warning" /></td>
 	<td><center><h2><?php echo _('Error');?></h2></center>
 	<?php echo $msg; ?>
 	<br />
@ -1121,7 +1121,7 @@ function pla_error_handler( $errno, $errstr, $file, $lineno ) {
 	$errstr = preg_replace("/\s+/"," ",$errstr);
 	if( $errno == E_NOTICE ) {
-		echo sprintf(_('<center><table class=\'notice\'><tr><td colspan=\'2\'><center><img src=\'images/warning.png\' height=\'12\' width=\'13\' />
+		echo sprintf(_('<center><table class=\'notice\'><tr><td colspan=\'2\'><center><img src=\'images/warning.png\' height=\'12\' width=\'13\' alt="Warning" />
             <b>You found a non-fatal phpLDAPadmin bug!</b></td></tr><tr><td>Error:</td><td><b>%s</b> (<b>%s</b>)</td></tr><tr><td>File:</td>
             <td><b>%s</b> line <b>%s</b>, caller <b>%s</b></td></tr><tr><td>Versions:</td><td>PLA: <b>%s</b>, PHP: <b>%s</b>, SAPI: <b>%s</b>
             </td></tr><tr><td>Web server:</td><td><b>%s</b></td></tr>
@ -1265,7 +1265,7 @@ function draw_jpeg_photos($ldapserver,$dn,$attr_name='jpegPhoto',$draw_delete_bu
 			$img_height = $height;
 		}
-		printf('<img %s%s%s src="view_jpeg_photo.php?file=%s" /><br />',
+		printf('<img %s%s%s src="view_jpeg_photo.php?file=%s" alt="Photo" /><br />',
 			($fixed_width ? '' : 'width="'.$img_width.'" '),
 			($fixed_height ? '' : 'height="'.$img_height.'"'),
 			($img_html_attrs ? $img_html_attrs : ''),basename($jpeg_filename));
@ -1640,7 +1640,7 @@ function draw_chooser_link( $form_element, $include_choose_text=true, $rdn="none
 	$title = _('Click to popup a dialog to select an entry (DN) graphically');
-	printf('<a href="%s" title="%s"><img class="chooser" src="images/find.png" /></a>',$href,$title);
+	printf('<a href="%s" title="%s"><img class="chooser" src="images/find.png" alt="Find" /></a>',$href,$title);
 	if ($include_choose_text)
 		printf('<span class="x-small"><a href="%s" title="%s">%s</a></span>',$href,$title,_('browse'));
 }
@ -1662,6 +1662,8 @@ function draw_chooser_link( $form_element, $include_choose_text=true, $rdn="none
 * </code>
 */
 function pla_explode_dn($dn,$with_attributes=0) {
 	if (DEBUG_ENABLED)
 		debug_log('pla_explode_dn(): Entered with (%s,%s)',1,$dn,$with_attributes);
 	$dn = addcslashes(dn_escape($dn),'<>');
 	# split the dn
@ -1686,6 +1688,8 @@ function pla_explode_dn($dn,$with_attributes=0) {
 * Parse a DN and escape any special characters
 */
 function dn_escape($dn) {
 	$olddn = $dn;
 	# Check if the RDN has a comma and escape it.
 	while (preg_match('/([^\\\\]),(\s*[^=]*\s*),/',$dn))
 		$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*),/','$1\\\\2C$2,',$dn);
@ -1693,7 +1697,7 @@ function dn_escape($dn) {
 	$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*)([^,])$/','$1\\\\2C$2$3',$dn);
 	if (DEBUG_ENABLED)
-		debug_log('dn_escape(): Entered with (%s), Returning (%s)',1,$dn,$dn);
+		debug_log('dn_escape(): Entered with (%s), Returning (%s)',1,$olddn,$dn);
 	return $dn;
 }
@ -2800,7 +2804,7 @@ function draw_date_selector_link( $attr ) {
 	$href = "javascript:dateSelector('$attr');";
 	$title = _('Click to popup a dialog to select a date graphically');
-	printf('<a href="%s" title="%s"><img class="chooser" src="images/calendar.png" id="f_trigger_%s" style="cursor: pointer;" /></a>',$href,$title,$attr);
+	printf('<a href="%s" title="%s"><img class="chooser" src="images/calendar.png" id="f_trigger_%s" style="cursor: pointer;" alt="Calendar" /></a>',$href,$title,$attr);
 }
 function no_expire_header() {
--- a/lib/server_functions.php
+++ b/lib/server_functions.php
@ -1,5 +1,5 @@
 <?php
-/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.34.2.28 2006/02/25 14:08:54 wurley Exp $ */
+/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.34.2.29 2006/05/07 05:25:56 wurley Exp $ */
 /**
 * Classes and functions for LDAP server configuration and capability
@ -2250,7 +2250,7 @@ class LDAPserver {
 	 */
 	function getLoggedInPass() {
 		if (DEBUG_ENABLED)
-			debug_log('%s:getLoggedInPass(): Entered with ()',17,get_class($this));
+			debug_log('%s::getLoggedInPass(): Entered with ()',17,get_class($this));
 		if (! $this->auth_type)
 			return false;
@ -2303,6 +2303,9 @@ class LDAPserver {
 		# Set default return
 		$return = false;
 		if (DEBUG_ENABLED)
 			debug_log('%s::getLoggedInDN(): auth_type is [%s]',66,get_class($this),$this->auth_type);
 		if ($this->auth_type) {
 			switch ($this->auth_type) {
 				case 'cookie':
@ -2335,7 +2338,7 @@ class LDAPserver {
 		}
 		if (DEBUG_ENABLED)
-			debug_log('%s:getLoggedInDN(): Entered with (), Returning (%s)',17,get_class($this),$return);
+			debug_log('%s::getLoggedInDN(): Entered with (), Returning (%s)',17,get_class($this),$return);
 		return $return;
 	}
--- a/lib/template_functions.php
+++ b/lib/template_functions.php
@ -1,5 +1,5 @@
 <?php
-/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/template_functions.php,v 1.29.2.18 2006/02/25 12:14:17 wurley Exp $ */
+/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/template_functions.php,v 1.29.2.19 2006/04/27 12:33:17 wurley Exp $ */
 /**
 * Classes and functions for the template engine.ation and capability
@ -464,7 +464,7 @@ class Templates {
 			U:    Make the result upper case.
 			*/
 			case 'autoFill' :
-				list($attr,$string) = split(',',$arg);
+				list($attr,$string) = preg_split('(([^,]+),(.*))',$arg,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
 				preg_match_all('/%(\w+)(\|[0-9]*-[0-9]*)?(\/[klTU]+)?%/U',$string,$matchall);
 				//print"<PRE>";print_r($matchall); //0 = highlevel match, 1 = attr, 2 = subst, 3 = mod
--- a/lib/tree_functions.php
+++ b/lib/tree_functions.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/tree_functions.php,v 1.20.2.19 2006/01/02 13:30:34 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/tree_functions.php,v 1.20.2.21 2006/05/07 05:25:56 wurley Exp $
 /**
 * @package phpLDAPadmin
@ -89,7 +89,9 @@ function draw_server_tree() {
 					$logged_in_dn_array = explode(',',$logged_in_branch);
 				}
-				$logged_in_dn_array[] = $ldapserver->getDNBase($logged_in_dn);
+				$bases = $ldapserver->getDNBase($logged_in_dn);
 				if (is_array($bases) && count($bases))
 					$logged_in_dn_array[] = $bases;
 				$rdn = $logged_in_dn;
@ -190,9 +192,6 @@ function draw_server_tree() {
 					$icon = isset($tree['browser'][$base_dn]['icon']) ? $tree['browser'][$base_dn]['icon'] : get_icon($ldapserver,$base_dn);
 					# Shall we draw the "mass-delete" checkbox?
 					if ($ldapserver->isMassDeleteEnabled())
 						printf('<td><input type="checkbox" name="mass_delete[%s]" /></td>',htmlspecialchars($base_dn));
 					if ($config->GetValue('appearance','tree_plm')) {
 						$tree_plm .= sprintf(".|%s|%s|%s|%s|%s|%s\n",
@ -200,6 +199,11 @@ function draw_server_tree() {
 					} else {
 						echo '<tr>';
 						# Shall we draw the "mass-delete" checkbox?
 						if ($ldapserver->isMassDeleteEnabled())
 							printf('<td><input type="checkbox" name="mass_delete[%s]" /></td>',htmlspecialchars($base_dn));
 						printf('<td class="expander"><a href="%s"><img src="%s" alt="%s" /></a></td>',$expand_href,$expand_img,$expand_alt);
 						printf('<td class="icon"><a href="%s" target="right_frame"><img src="images/%s" alt="img" /></a></td>',$edit_href,$icon);
 						printf('<td class="rdn" colspan="98"><nobr><a href="%s" target="right_frame">%s</a>',$edit_href,pretty_print_dn($base_dn));
--- a/templates/template_header.php
+++ b/templates/template_header.php
@ -1,5 +1,5 @@
 <?php
-// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/template_header.php,v 1.6.4.5 2005/12/09 14:32:37 wurley Exp $
+// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/template_header.php,v 1.6.4.6 2006/04/29 05:46:34 wurley Exp $
 /**
 * Header page for engine.
@ -27,8 +27,8 @@ $addattr_href = sprintf('add_attr_form.php?%s',$url_base);
 echo '<body>';
 if ($dn) {
-	$actionlayout = '<td class="icon"><img src="images/%s" /></td><td><a href="%s" title="%s">%s</a></td>';
+	$actionlayout = '<td class="icon"><img src="images/%s" alt="%s" /></td><td><a href="%s" title="%s">%s</a></td>';
-	$hintlayout = '<td class="icon"><img src="images/light.png" /></td><td colspan="3"><span class="hint">%s</span></td>';
+	$hintlayout = '<td class="icon"><img src="images/light.png" alt="Hint" /></td><td colspan="3"><span class="hint">%s</span></td>';
 	printf('<h3 class="title">%s</h3>',htmlspecialchars($rdn));
 	printf('<h3 class="subtitle">%s: <b>%s</b> &nbsp;&nbsp;&nbsp; %s: <b>%s</b></h3>',
@ -37,24 +37,24 @@ if ($dn) {
 	echo "\n";
 	echo '<table class="edit_dn_menu"><tr>';
-	printf($actionlayout,'refresh.png',$refresh_href,_('Refresh this entry'),_('Refresh'));
+	printf($actionlayout,'refresh.png','Refresh',$refresh_href,_('Refresh this entry'),_('Refresh'));
-	printf($actionlayout,'save.png',$export_href_base,_('Save a dump of this object'),_('Export'));
+	printf($actionlayout,'save.png','Save',$export_href_base,_('Save a dump of this object'),_('Export'));
 	echo '</tr><tr>';
-	printf($actionlayout,'cut.png',$copy_href,_('Copy this object to another location, a new DN, or another server'),_('Copy or move this entry'));
+	printf($actionlayout,'cut.png','Cut',$copy_href,_('Copy this object to another location, a new DN, or another server'),_('Copy or move this entry'));
 	if ($show_internal_attrs)
-		printf($actionlayout,'tools-no.png',$refresh_href,'',_('Hide internal attributes'));
+		printf($actionlayout,'tools-no.png','Hide',$refresh_href,'',_('Hide internal attributes'));
 	else
-		printf($actionlayout,'tools.png',$intattr_href,'',_('Show internal attributes'));
+		printf($actionlayout,'tools.png','Show',$intattr_href,'',_('Show internal attributes'));
 	echo '</tr>';
 	if (! $ldapserver->isReadOnly()) {
 		echo '<tr>';
-		printf($actionlayout,'trash.png',$delete_href,_('You will be prompted to confirm this decision'),_('Delete this entry'));
+		printf($actionlayout,'trash.png','Trash',$delete_href,_('You will be prompted to confirm this decision'),_('Delete this entry'));
-		printf($actionlayout,'rename.png',$rename_href,'',_('Rename'));
+		printf($actionlayout,'rename.png','Rename',$rename_href,'',_('Rename'));
 		echo '</tr>';
 		if ($config->GetValue('appearance','show_hints')) {
@ -64,12 +64,12 @@ if ($dn) {
 		}
 		echo '<tr>';
-		printf($actionlayout,'compare.png',$compare_href,'',_('Compare with another entry'));
+		printf($actionlayout,'compare.png','Compare',$compare_href,'',_('Compare with another entry'));
 		echo '</tr>';
 		echo '<tr>';
-		printf($actionlayout,'star.png',$create_href,'',_('Create a child entry'));
+		printf($actionlayout,'star.png','Create',$create_href,'',_('Create a child entry'));
-		printf($actionlayout,'add.png',$addattr_href,'',_('Add new attribute'));
+		printf($actionlayout,'add.png','Add',$addattr_href,'',_('Add new attribute'));
 		echo '</tr>';
 	}
@ -84,8 +84,8 @@ if ($dn) {
 			$ldapserver->server_id,rawurlencode('objectClass=*'),$encoded_dn);
 		echo '<tr>';
-		printf($actionlayout,'children.png',$child_href,'',($children_count == 1) ? _('View 1 child') : sprintf(_('View %s children'),$children_count));
+		printf($actionlayout,'children.png','Children',$child_href,'',($children_count == 1) ? _('View 1 child') : sprintf(_('View %s children'),$children_count));
-		printf($actionlayout,'save.png',$export_href_sub,_('Save a dump of this object and all of its children'),_('Export subtree'));
+		printf($actionlayout,'save.png','Save',$export_href_sub,_('Save a dump of this object and all of its children'),_('Export subtree'));
 		echo '</tr>';
 	}
@ -116,7 +116,7 @@ if ($dn) {
 	if (! $ldapserver->isReadOnly()) {
 		echo '<form action="update_confirm.php" method="post" name="edit_form">';
 		printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);
-		printf('<input type="hidden" name="dn" value="%s" />',$dn);
+		printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));
 	}
 	echo '<br />'."\n\n";