X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=search.cgi;h=42ad3d6f5cf72febffc1d81a3fb0b519b60904f6;hb=31819fde1085b66926394feb018301c594395310;hp=dcab35b22325036ee9ecd7c444a3e4f80cbd2b7b;hpb=80ed561a914ae1af6948747933e260c4623df222;p=mirror%2Fuserdir-ldap-cgi.git

diff --git a/search.cgi b/search.cgi
index dcab35b..42ad3d6 100755
--- a/search.cgi
+++ b/search.cgi
@@ -11,17 +11,17 @@ use strict vars;
 use CGI;
 use Util;
 use URI::Escape;
-use Net::LDAP qw(:all);
+use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
 
 # Global settings...
 my %config = &Util::ReadConfigFile;
 
 my $query = new CGI;
-my $id = $query->param('id');
-my $authtoken = $query->param('authtoken');
+my $id = uri_escape($query->param('id'));
+my $authtoken = uri_escape($query->param('authtoken'));
 my $password = &Util::CheckAuthToken($authtoken);
-my $dosearch = $query->param('dosearch');
-my $searchdn = $query->param('searchdn');
+my $dosearch = uri_escape($query->param('dosearch'));
+my $searchdn = uri_escape($query->param('searchdn'));
 my $ldap = undef;
 
 my $proto = ($ENV{HTTPS} ? "https" : "http");
@@ -30,7 +30,7 @@ sub DieHandler {
   $ldap->unbind if (defined($ldap));
 }
 
-$SIG{__DIE__} = \&DieHandler;
+#$SIG{__DIE__} = \&DieHandler;
 
 if (!$dosearch) {
   # No action yet, send back the search form...
@@ -191,7 +191,7 @@ if (!$dosearch) {
     $vacation = $data->{onvacation}->[0] if ($authtoken && $id);
 
     # OK, now generate output... (i.e. put the output into the buffer )
-    $outsub{searchresults} .= '<table border=2 cellpadding=2 cellspacing=0 bgcolor="#DDDDDD" width="80%">';
+    $outsub{searchresults} .= '<table class="debform" border=2 cellpadding=2 cellspacing=0 bgcolor="#DDDDDD" width="80%">';
     $outsub{searchresults} .= '<tr><th bgcolor="#44CCCC" colspan=2><font size=+1>'."$name</font> ";
     $outsub{searchresults} .= "($ufdn)</th></tr>\n";
     
@@ -236,7 +236,7 @@ if (!$dosearch) {
     
     # If this is ourselves, present a link to do mods
     if ($auth && ($id eq $data->{uid}->[0])) { #TODO: extract this string into a url for translation...
-      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id&authtoken=$authtoken&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
+      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=".uri_escape($id)."&authtoken=".uri_escape($authtoken)."&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
     }
     
     $outsub{searchresults} .= "<br><br><br>\n";