diff --git a/lam/graphics/select.jpg b/lam/graphics/select.jpg
deleted file mode 100644
index 01bb007b..00000000
Binary files a/lam/graphics/select.jpg and /dev/null differ
diff --git a/lam/graphics/select.png b/lam/graphics/select.png
new file mode 100644
index 00000000..9bd9d2ef
Binary files /dev/null and b/lam/graphics/select.png differ
diff --git a/lam/templates/lists/listgroups.php b/lam/templates/lists/listgroups.php
index d966ff95..70342b49 100644
--- a/lam/templates/lists/listgroups.php
+++ b/lam/templates/lists/listgroups.php
@@ -104,7 +104,7 @@ else $grp_suffix = $_SESSION["config"]->get_GroupSuffix(); // default suffix
// generate search filter for sort links
$searchfilter = "";
for ($k = 0; $k < sizeof($desc_array); $k++) {
- if ($_POST["filter" . strtolower($attr_array[$k])]) {
+ if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])])) {
$searchfilter = $searchfilter . "&filter" . strtolower($attr_array[$k]) . "=".
$_POST["filter" . strtolower($attr_array[$k])];
}
@@ -115,7 +115,7 @@ if (! $_GET['norefresh']) {
// Groups have the attribute "posixGroup"
$filter = "(&(objectClass=posixGroup)";
for ($k = 0; $k < sizeof($desc_array); $k++) {
- if ($_POST["filter" . strtolower($attr_array[$k])])
+ if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])]))
$filter = $filter . "(" . strtolower($attr_array[$k]) . "=" .
$_POST["filter" . strtolower($attr_array[$k])] . ")";
else
@@ -241,7 +241,7 @@ if (sizeof($grp_info) > 0) {
// display select all link
$colspan = sizeof($attr_array) + 1;
echo "
\n";
- echo " | \n";
+ echo " | \n";
echo " " .
"" . _("Select all") . " | \n";
diff --git a/lam/templates/lists/listhosts.php b/lam/templates/lists/listhosts.php
index b4e75eda..94d8c94f 100644
--- a/lam/templates/lists/listhosts.php
+++ b/lam/templates/lists/listhosts.php
@@ -104,7 +104,7 @@ else $hst_suffix = $_SESSION["config"]->get_HostSuffix(); // default suffix
// generate search filter for sort links
$searchfilter = "";
for ($k = 0; $k < sizeof($desc_array); $k++) {
- if ($_POST["filter" . strtolower($attr_array[$k])]) {
+ if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])])) {
$searchfilter = $searchfilter . "&filter" . strtolower($attr_array[$k]) . "=".
$_POST["filter" . strtolower($attr_array[$k])];
}
@@ -121,7 +121,7 @@ if (! $_GET['norefresh']) {
$filter = "(&(objectClass=sambaAccount) (uid=*$)";
}
for ($k = 0; $k < sizeof($desc_array); $k++) {
- if ($_POST["filter" . strtolower($attr_array[$k])])
+ if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])]))
$filter = $filter . "(" . strtolower($attr_array[$k]) . "=" .
$_POST["filter" . strtolower($attr_array[$k])] . ")";
else
@@ -230,7 +230,7 @@ if (sizeof($hst_info) > 0) {
// display select all link
$colspan = sizeof($attr_array) + 1;
echo "
\n";
- echo " | \n";
+ echo " | \n";
echo " " .
"" . _("Select all") . " | \n";
diff --git a/lam/templates/lists/listusers.php b/lam/templates/lists/listusers.php
index 37a6308f..d798c5ce 100644
--- a/lam/templates/lists/listusers.php
+++ b/lam/templates/lists/listusers.php
@@ -154,7 +154,7 @@ else $usr_suffix = $_SESSION["config"]->get_UserSuffix(); // default suffix
// generate search filter for sort links
$searchfilter = "";
for ($k = 0; $k < sizeof($desc_array); $k++) {
- if ($_POST["filter" . strtolower($attr_array[$k])]) {
+ if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])])) {
$searchfilter = $searchfilter . "&filter" .
strtolower($attr_array[$k]) . "=".
$_POST["filter" . strtolower($attr_array[$k])];
@@ -165,7 +165,7 @@ for ($k = 0; $k < sizeof($desc_array); $k++) {
// Unix/Samba3 users have the attribute "posixAccount" and do not end with "$"
$filter = "(&(objectClass=posixAccount) (!(uid=*$))";
for ($k = 0; $k < sizeof($desc_array); $k++) {
- if ($_POST["filter" . strtolower($attr_array[$k])])
+ if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])]))
$filter = $filter . "(" . strtolower($attr_array[$k]) . "=" .
$_POST["filter" . strtolower($attr_array[$k])] . ")";
else
@@ -299,7 +299,7 @@ if ($user_count != 0) {
// display select all link
$colspan = sizeof($attr_array) + 1;
echo "
\n";
- echo " | \n";
+ echo " | \n";
echo " " .
"" . _("Select all") . " | \n";
@@ -350,7 +350,7 @@ echo ("\n");
echo ("\n");
if ($user_count != 0) {
echo ("\n");
- echo (" ");
+ echo ("
\n");
echo ("\n");
echo ("\n");
}