X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap-cgi.git;a=blobdiff_plain;f=search.cgi;h=f170025dd1e59003e2e4d80482d5d237c2d310c3;hp=37695386b8bbde31bc82e6e303219247c776d582;hb=036702ecd044b501dce1b05dfbf19a17921120da;hpb=49c05461dc2851df308933e0e2976feb16dec0f3

diff --git a/search.cgi b/search.cgi
index 3769538..f170025 100755
--- a/search.cgi
+++ b/search.cgi
@@ -4,6 +4,7 @@
 # (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
 # (c) 2004 Martin Schulze. Licensed under the GPL. <joey@debian.org>
 # (c) 2006 Ryan Murray. Licensed under the GPL. <rmurray@debian.org>
+# Copyright (c) 2008, 2011, 2013, 2015 Peter Palfrader
 
 use lib '.';
 use strict vars;
@@ -17,12 +18,21 @@ use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
 my %config = &Util::ReadConfigFile;
 
 my $query = new CGI;
-my $id = uri_escape($query->param('id'));
+my $id = $query->param('id');
 my $authtoken = $query->param('authtoken');
-my $password = &Util::CheckAuthToken($authtoken);
 my $dosearch = uri_escape($query->param('dosearch'));
 my $searchdn = uri_escape($query->param('searchdn'));
+
 my $ldap = undef;
+my $password = undef;
+
+if ($authtoken || $id) {
+  $password = Util::TouchAuthToken($authtoken, $id);
+} else {
+  $password = '';
+  $id = '';
+  $authtoken = '';
+}
 
 my $proto = ($ENV{HTTPS} ? "https" : "http");
 
@@ -236,7 +246,7 @@ if (!$dosearch) {
     
     # If this is ourselves, present a link to do mods
     if ($auth && ($id eq $data->{uid}->[0])) { #TODO: extract this string into a url for translation...
-      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id&authtoken=$authtoken&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
+      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id;authtoken=$authtoken\">Edit my settings</a>\n";
     }
     
     $outsub{searchresults} .= "<br><br><br>\n";