diff --git a/lam/graphics/select.jpg b/lam/graphics/select.jpg
deleted file mode 100644
index 01bb007b..00000000
Binary files a/lam/graphics/select.jpg and /dev/null differ
diff --git a/lam/graphics/select.png b/lam/graphics/select.png
new file mode 100644
index 00000000..9bd9d2ef
Binary files /dev/null and b/lam/graphics/select.png differ
diff --git a/lam/templates/lists/listgroups.php b/lam/templates/lists/listgroups.php
index d966ff95..70342b49 100644
--- a/lam/templates/lists/listgroups.php
+++ b/lam/templates/lists/listgroups.php
@@ -104,7 +104,7 @@ else $grp_suffix = $_SESSION["config"]->get_GroupSuffix();  // default suffix
 // generate search filter for sort links
 $searchfilter = "";
 for ($k = 0; $k < sizeof($desc_array); $k++) {
-	if ($_POST["filter" . strtolower($attr_array[$k])]) {
+	if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])])) {
 		$searchfilter = $searchfilter . "&amp;filter" . strtolower($attr_array[$k]) . "=".
 			$_POST["filter" . strtolower($attr_array[$k])];
 	}
@@ -115,7 +115,7 @@ if (! $_GET['norefresh']) {
 	// Groups have the attribute "posixGroup"
 	$filter = "(&(objectClass=posixGroup)";
 	for ($k = 0; $k < sizeof($desc_array); $k++) {
-	if ($_POST["filter" . strtolower($attr_array[$k])])
+	if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])]))
 		$filter = $filter . "(" . strtolower($attr_array[$k]) . "=" .
 		$_POST["filter" . strtolower($attr_array[$k])] . ")";
 	else
@@ -241,7 +241,7 @@ if (sizeof($grp_info) > 0) {
 	// display select all link
 	$colspan = sizeof($attr_array) + 1;
 	echo "<tr class=\"grouplist\">\n";
-	echo "<td align=\"center\"><img src=\"../../graphics/select.jpg\" alt=\"select all\"></td>\n";
+	echo "<td align=\"center\"><img src=\"../../graphics/select.png\" alt=\"select all\"></td>\n";
 	echo "<td colspan=$colspan>&nbsp;<a href=\"listgroups.php?norefresh=y&amp;page=" . $page . "&amp;sort=" . $sort .
 		$searchfilter . "&amp;selectall=yes\">" .
 		"<font color=\"black\"><b>" . _("Select all") . "</b></font></a></td>\n";
diff --git a/lam/templates/lists/listhosts.php b/lam/templates/lists/listhosts.php
index b4e75eda..94d8c94f 100644
--- a/lam/templates/lists/listhosts.php
+++ b/lam/templates/lists/listhosts.php
@@ -104,7 +104,7 @@ else $hst_suffix = $_SESSION["config"]->get_HostSuffix();  // default suffix
 // generate search filter for sort links
 $searchfilter = "";
 for ($k = 0; $k < sizeof($desc_array); $k++) {
-	if ($_POST["filter" . strtolower($attr_array[$k])]) {
+	if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])])) {
 		$searchfilter = $searchfilter . "&amp;filter" . strtolower($attr_array[$k]) . "=".
 			$_POST["filter" . strtolower($attr_array[$k])];
 	}
@@ -121,7 +121,7 @@ if (! $_GET['norefresh']) {
 		$filter = "(&(objectClass=sambaAccount) (uid=*$)";
 	}
 	for ($k = 0; $k < sizeof($desc_array); $k++) {
-	if ($_POST["filter" . strtolower($attr_array[$k])])
+	if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])]))
 		$filter = $filter . "(" . strtolower($attr_array[$k]) . "=" .
 		$_POST["filter" . strtolower($attr_array[$k])] . ")";
 	else
@@ -230,7 +230,7 @@ if (sizeof($hst_info) > 0) {
 	// display select all link
 	$colspan = sizeof($attr_array) + 1;
 	echo "<tr class=\"hostlist\">\n";
-	echo "<td align=\"center\"><img src=\"../../graphics/select.jpg\" alt=\"select all\"></td>\n";
+	echo "<td align=\"center\"><img src=\"../../graphics/select.png\" alt=\"select all\"></td>\n";
 	echo "<td colspan=$colspan>&nbsp;<a href=\"listhosts.php?norefresh=y&amp;page=" . $page . "&amp;sort=" . $sort .
 		$searchfilter . "&amp;selectall=yes\">" .
 		"<font color=\"black\"><b>" . _("Select all") . "</b></font></a></td>\n";
diff --git a/lam/templates/lists/listusers.php b/lam/templates/lists/listusers.php
index 37a6308f..d798c5ce 100644
--- a/lam/templates/lists/listusers.php
+++ b/lam/templates/lists/listusers.php
@@ -154,7 +154,7 @@ else $usr_suffix = $_SESSION["config"]->get_UserSuffix();  // default suffix
 // generate search filter for sort links
 $searchfilter = "";
 for ($k = 0; $k < sizeof($desc_array); $k++) {
-	if ($_POST["filter" . strtolower($attr_array[$k])]) {
+	if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])])) {
 		$searchfilter = $searchfilter . "&filter" .
 		  strtolower($attr_array[$k]) . "=".
 		  $_POST["filter" . strtolower($attr_array[$k])];
@@ -165,7 +165,7 @@ for ($k = 0; $k < sizeof($desc_array); $k++) {
 // Unix/Samba3 users have the attribute "posixAccount" and do not end with "$"
 $filter = "(&(objectClass=posixAccount) (!(uid=*$))";
 for ($k = 0; $k < sizeof($desc_array); $k++) {
-  if ($_POST["filter" . strtolower($attr_array[$k])])
+  if (eregi("^([0-9a-z_\\*\\+\\-])+$", $_POST["filter" . strtolower($attr_array[$k])]))
     $filter = $filter . "(" . strtolower($attr_array[$k]) . "=" .
       $_POST["filter" . strtolower($attr_array[$k])] . ")";
   else
@@ -299,7 +299,7 @@ if ($user_count != 0) {
 	// display select all link
 	$colspan = sizeof($attr_array) + 1;
 	echo "<tr class=\"userlist\">\n";
-	echo "<td align=\"center\"><img src=\"../../graphics/select.jpg\" alt=\"select all\"></td>\n";
+	echo "<td align=\"center\"><img src=\"../../graphics/select.png\" alt=\"select all\"></td>\n";
 	echo "<td colspan=$colspan>&nbsp;<a href=\"listusers.php?norefresh=1&amp;page=" . $page . "&amp;sortattrib=" . $sortattrib .
 		$searchfilter . "&amp;trans_primary=" . $trans_primary . "&amp;selectall=yes\">" .
 		"<font color=\"black\"><b>" . _("Select all") . "</b></font></a></td>\n";
@@ -350,7 +350,7 @@ echo ("<p align=\"left\">\n");
 echo ("<input type=\"submit\" name=\"new_user\" value=\"" . _("New user") . "\">\n");
 if ($user_count != 0) {
 	echo ("<input type=\"submit\" name=\"del_user\" value=\"" . _("Delete user(s)") . "\">\n");
-	echo ("&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;");
+	echo ("<br><br>\n");
 	echo ("<input type=\"submit\" name=\"pdf_user\" value=\"" . _("Create PDF for selected user(s)") . "\">\n");
 	echo ("<input type=\"submit\" name=\"pdf_all\" value=\"" . _("Create PDF for all users") . "\">\n");
 }