# (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
# (c) 2004 Martin Schulze. Licensed under the GPL. <joey@debian.org>
# (c) 2006 Ryan Murray. Licensed under the GPL. <rmurray@debian.org>
+# Copyright (c) 2008, 2011, 2013, 2015 Peter Palfrader
use lib '.';
use strict vars;
my $query = new CGI;
my $id = $query->param('id');
my $authtoken = $query->param('authtoken');
-my $password = &Util::CheckAuthToken($authtoken);
-my $dosearch = $query->param('dosearch');
-my $searchdn = $query->param('searchdn');
+my $dosearch = uri_escape($query->param('dosearch'));
+my $searchdn = uri_escape($query->param('searchdn'));
+
my $ldap = undef;
+my $password = undef;
+
+if ($authtoken || $id) {
+ $password = Util::TouchAuthToken($authtoken, $id);
+} else {
+ $password = '';
+ $id = '';
+ $authtoken = '';
+}
my $proto = ($ENV{HTTPS} ? "https" : "http");
# go through %searchdata and pull out all the search criteria the user
# specified...
- my $filter = "(objectclass=inetOrgPerson)";
+ my $filter = "(objectclass=inetOrgPerson)(!(accountStatus=*))";
foreach (keys(%searchdata)) {
if ($query->param($searchdata{$_}{formname})) {
if ($query->param($searchdata{$_}{fuzzy})) {
# If this is ourselves, present a link to do mods
if ($auth && ($id eq $data->{uid}->[0])) { #TODO: extract this string into a url for translation...
- $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=".uri_escape($id)."&authtoken=".uri_escape($authtoken)."&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
+ $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id;authtoken=$authtoken\">Edit my settings</a>\n";
}
$outsub{searchresults} .= "<br><br><br>\n";