don't link outside db.d.o when using https

[mirror/userdir-ldap-cgi.git] / search.cgi

diff --git a/search.cgi b/search.cgi
index 96d8135..dcab35b 100755 (executable)
--- a/search.cgi
+++ b/search.cgi
@@ -84,6 +84,7 @@ if (!$dosearch) {
 
   # Now, we are ready to connect to the LDAP server.
   $ldap = Net::LDAP->new($config{ldaphost}) || &Util::HTMLError($!);
+  &Util::UpgradeConnection($ldap) unless $config{usessl} eq 'False';
   my $auth = 0;
   my $mesg;
 
@@ -116,11 +117,18 @@ if (!$dosearch) {
   # Format the output....
   foreach $dn (sort {$entries->{$a}->{sn}->[0] <=> $entries->{$b}->{sn}->[0]} keys(%$entries)) {
     my $ok = 0;
-    $data = $entries->{$dn};
-
     # These are local variables.. i have enough global vars as it is... <sigh>
     my ($ufdn, $login, $name, $icquin, $jabberjid, $email, $fingerprint,
        $address, $latlong, $vacation, $created, $modified, $lastseen, $gender) = undef;
+
+    # Last seen information (Echelon)
+    $lastseen = &Util::FormatLastSeen($entries->{$dn}->{"activity-pgp"}->[0],
+                                      $entries->{$dn}->{"activity-from"}->[0]);
+
+    $data = $entries->{$dn};
+    for my $key (keys %{$data}) {
+      @{$data->{$key}} = map { CGI::escapeHTML($_); } @{$data->{$key}};
+    }
     
     $ufdn = $dn; # Net::LDAP does not have a dn2ufn function, but this is close enough :)
     
@@ -175,10 +183,6 @@ if (!$dosearch) {
     $modified = &Util::FormatTimestamp($data->{modifytimestamp}->[0]);
     $created =  &Util::FormatTimestamp($data->{createtimestamp}->[0]);
 
-    # Last seen information (Echelon)
-    $lastseen = &Util::FormatLastSeen($data->{"activity-pgp"}->[0],
-                                      $data->{"activity-from"}->[0]);
-
     # Link in the debian login id 
     $login = $data->{uid}->[0];
     $login = "$login";
@@ -222,7 +226,7 @@ if (!$dosearch) {
       $outsub{searchresults} .= FormatEntry($dataspecref->{latlong}, $latlong);
       $outsub{searchresults} .= FormatEntry($dataspecref->{phone}, $data->{telephonenumber}->[0] || "- unlisted -");
       $outsub{searchresults} .= FormatEntry($dataspecref->{fax}, $data->{fascimiletelephonenumber}->[0] || "- unlisted -");
-      $outsub{searchresults} .= FormatEntry($dataspecref->{VoIP}, $data->{VoIP}->[0] || "- unlisted -");
+      $outsub{searchresults} .= FormatEntry($dataspecref->{VoIP}, $data->{voip}->[0] || "- unlisted -");
       $outsub{searchresults} .= FormatEntry($dataspecref->{lastseen}, $lastseen);
 #     $outsub{searchresults} .= FormatEntry($dataspecref->{created}, $created);
 #     $outsub{searchresults} .= FormatEntry($dataspecref->{modified}, $modified);