From ccc449b3fc5903ba5048e9fa0c0c312025737a43 Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Feb 27 2008 03:36:54 +0000
Subject: 1) There were several places where DSGW would output and eval arbitrary javascript code passed in a CGI parameter.  These have been replaced with resource strings.  In all cases the values were output escaped, but still, we shouldn't be passing around bits of javascript code to execute.

2) ICU provides a function which can parse the HTTP_ACCEPT_LANGUAGE string and return the most appropriate locale, so we should use that for date calculation.
3) Found a couple of places where uninitialized values could be used, and fixed them.
4) Used PR_smprintf to simplify some strlen+malloc+strcpy+strcat code.
5) dsgw_get_cgi_var will check for NULL input
6) Do not pass in the ldap host and port in form parameters.  Always just use the values from the config file.
7) Added many new tests and valgrind suppressions (almost all from ICU)

---

diff --git a/cgiutil.c b/cgiutil.c
index 31ae62d..2652f4a 100644
--- a/cgiutil.c
+++ b/cgiutil.c
@@ -202,7 +202,14 @@ dsgw_form_unescape(char *str)
 char *
 dsgw_get_cgi_var(char *varname, int required)
 {
-    char *ans = get_cgi_var(varname, NULL, NULL);
+    char **vars = get_input_ptr();
+    char *ans = NULL;
+
+    if (!vars) {
+	return ans;
+    }
+
+    ans = get_cgi_var(varname, NULL, NULL);
     if (!ans) { /* try all uppercase varname */
 	char *upvarname = dsgw_utf8StrToUpper(varname);
 	ans = get_cgi_var(upvarname, NULL, NULL);
diff --git a/config/list-Auth.html.in b/config/list-Auth.html.in
index 0e3fda8..cc74780 100644
--- a/config/list-Auth.html.in
+++ b/config/list-Auth.html.in
@@ -54,6 +54,9 @@
 <INPUT TYPE="hidden" NAME="authdesturl"
 <!-- DS_POSTEDVALUE "name=authdesturl" "within=VALUE=%22--value--%22" -->
 >
+<INPUT TYPE="hidden" NAME="authdestdn"
+<!-- DS_POSTEDVALUE "name=authdestdn" "within=VALUE=%22--value--%22" -->
+>
 <!-- PCONTEXT -->
 </FORM>
 
diff --git a/csearch.c b/csearch.c
index 329ac89..b784bde 100644
--- a/csearch.c
+++ b/csearch.c
@@ -285,13 +285,11 @@ emit_file (char* filename, struct ldap_searchobj* sop)
 		dsgw_emitf ("\n"
 			    "<INPUT TYPE=hidden NAME=mode VALUE=\"complex\">\n"
 			    "<INPUT TYPE=hidden NAME=base VALUE=\"%s\">\n"
-			    "<INPUT TYPE=hidden NAME=ldapserver VALUE=\"%s\">\n"
-			    "<INPUT TYPE=hidden NAME=ldapport VALUE=\"%d\">\n"
 			    "<INPUT TYPE=hidden NAME=type>\n"
 			    "<INPUT TYPE=hidden NAME=attr>\n"
 			    "<INPUT TYPE=hidden NAME=match>\n"
 			    "<INPUT TYPE=hidden NAME=context VALUE=\"%s\">\n",
-			    gc->gc_ldapsearchbase, gc->gc_ldapserver, gc->gc_ldapport, context);
+			    gc->gc_ldapsearchbase, context);
 
 	    } else if ( dsgw_directive_is( line, "DS_CSEARCH_TYPE_SELECT" )) {
 		dsgw_emitf ("<SELECT NAME=searchType "
diff --git a/dbtdsgw.h b/dbtdsgw.h
index bc20630..2632b74 100644
--- a/dbtdsgw.h
+++ b/dbtdsgw.h
@@ -474,10 +474,20 @@ BEGIN_STR(dsgw)
 		    "&context=%s&dn=\\' + dsmodify_dn + \\'&info=\\' + escape(dsmodify_info)\n"
     )
     ResDef( DBT_completionJavascriptCu, 418,
-            "var comp_js = 'var cu=\\\\\\\'edit?context=%s&dn=%s\\\\\\\'; this.document.location.href=cu;'\n"
+            "this.document.location.href='edit?context=%s&dn=%s';\n"
     )
     ResDef( DBT_unknownValueForCompletionJavascript, 419,
             "Invalid value '%s' for variable completion_javascript" )
+    ResDef( DBT_confirmValue1, 420,
+            "opener.document.location.href = opener.completion_url;" )
+    ResDef( DBT_confirmValue2, 421,
+            "opener.submitModify(opener.changetype);" )
+    ResDef( DBT_confirmValue3, 422,
+            "opener.location.href = opener.DNEditURL;" )
+    ResDef( DBT_confirmValue4, 423,
+            "opener.top.close();" )
+    ResDef( DBT_confirmValue5, 424,
+            "opener.confirmedForm.submit();" )
 
 END_STR(dsgw)
 
diff --git a/dnedit.c b/dnedit.c
index dccf4ea..f6c889c 100644
--- a/dnedit.c
+++ b/dnedit.c
@@ -333,7 +333,7 @@ int main(int argc, char *argv[] )
 	"	document.location = completion_url;\n"
 	"    } else {\n");
     dsgw_emit_confirm ("controlFrame",
-		       "opener.document.location.href = opener.completion_url;",
+		       "CONFIRMVALUE1",
 		       NULL /* no */,
 		       XP_GetClientStr(DBT_discardChangesWindow_), 1,
 		       XP_GetClientStr(DBT_discardChanges_));
diff --git a/doauth.c b/doauth.c
index a4a7b59..d529ac2 100644
--- a/doauth.c
+++ b/doauth.c
@@ -195,7 +195,10 @@ post_request()
 	    "<!-- Hide from non-JavaScript browsers\n" );
 
 	if ( authdesturl != NULL && strlen( authdesturl ) > 0 ) {
-	    dsgw_emitf( "var authdesturl=\"%s\";\n", authdesturl );
+	    char *authdestdn = dsgw_get_cgi_var( "authdestdn", DSGW_CGIVAR_OPTIONAL );
+	    dsgw_emitf( "var authdesturl='%s?context=%s&dn=%s';\n",
+			dsgw_getvp( DSGW_CGINUM_EDIT ), context,
+			authdestdn ? authdestdn : "" );
 	} else {
 	    dsgw_emitf( "var authdesturl=null;\n" );
 	}
diff --git a/dosearch.c b/dosearch.c
index a610851..e7679c9 100644
--- a/dosearch.c
+++ b/dosearch.c
@@ -44,6 +44,30 @@
 static void get_request(char *dn, char *ldapquery);
 static void post_request();
 
+static char *ignore_cgi_var_list[] = {
+    "context", "ldq", "dn",
+    "binddn", "password", "passwd",
+    "ldapsizelimit", "ldaptimelimit"
+};
+static size_t ignore_cgi_var_list_size = sizeof(ignore_cgi_var_list)/sizeof(ignore_cgi_var_list[0]);
+
+static int
+ignore_cgi_var(const char *varname)
+{
+    int ii;
+
+    if (!varname || !*varname) {
+	return 1;
+    }
+
+    for (ii = 0; ii < ignore_cgi_var_list_size; ++ii) {
+	if (!strcasecmp(varname, ignore_cgi_var_list[ii])) {
+	    return 1;
+	}
+    }
+
+    return 0;
+}
 
 int main( argc, argv, env )
     int		argc;
@@ -76,16 +100,15 @@ int main( argc, argv, env )
      * tack it onto the end of ldapquery.
      */
     while ( (varname = dsgw_next_cgi_var( &index, &val )) != NULL) {
-	if (!strcmp(varname, "context") || !strcmp(varname, "ldq") ||
-	    !strcmp(varname, "dn")) {
+	if (ignore_cgi_var(varname)) {
 	    continue;
 	}
 	if (ldapquery != NULL) {
-	    ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(varname) + 1));
+	    ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(varname) + 2));
+	    PL_strcat(ldapquery, "&");
 	    PL_strcat(ldapquery, varname);
 	    if (val && *val) {
-		ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(val) + 2));
-		PL_strcat(ldapquery, "=");
+		ldapquery = dsgw_ch_realloc(ldapquery, sizeof(char *) * (strlen(ldapquery) + strlen(val) + 1));
 		PL_strcat(ldapquery, val);
 	    }
 	}
@@ -204,6 +227,7 @@ post_request()
 	mode = DSGW_SRCHMODE_PATTERN_ID;
     } else {
 	dsgw_error( DSGW_ERR_SEARCHMODE, modestr, 0, 0, NULL );
+	mode = 0;
     }
 
     if ( mode != DSGW_SRCHMODE_PATTERN_ID
diff --git a/dsgw.h b/dsgw.h
index 6ec2df2..ffbb0ff 100644
--- a/dsgw.h
+++ b/dsgw.h
@@ -92,9 +92,15 @@
 #define UNICODE_ENCODING_UTF_8 "UTF-8"
 #define ISO_8859_1_ENCODING "ISO_8859-1"
 
+/* The context is really the application (dsgw, pb) we are running.
+   This is used to look for a file called /etc/dirsrv/dsgw/context.conf
+   e.g. dsgw.conf or pb.conf.  If no config file is found, the file
+   default.conf will be used.  If that is not available, an error
+   will occur.  You can create a new web app by using a different
+   context that uses different html files, templates, etc. and just
+   make sure the urls in that app use the new context.
+*/
 extern char            *context ;
-extern char            *langwich; /* The language chosen by libsi18n. */
-extern char            *countri; /* The language chosen by libsi18n. */
 
 /*
  * define DSGW_DEBUG to cause extensive debugging output to be written
@@ -794,6 +800,7 @@ char *dsgw_get_auth_cookie();
 void dsgw_emit_helpbutton( char *topic );
 void dsgw_emit_homebutton();
 void dsgw_emit_completion_javascript( const char *key_str, const char *dn );
+void dsgw_emit_confirm_script();
 
 char *dsgw_build_urlprefix();
 void dsgw_init_searchprefs( struct ldap_searchobj **solistp );
diff --git a/dsgwgetlang.c b/dsgwgetlang.c
index 5dfa494..c4cbecc 100644
--- a/dsgwgetlang.c
+++ b/dsgwgetlang.c
@@ -45,6 +45,12 @@
 #include "libadminutil/resource.h"
 #include "dsgwi18n.h"
 
+#include "unicode/utypes.h"
+#include "unicode/udat.h"
+#include "unicode/ucal.h"
+#include "unicode/unum.h"
+#include "unicode/ures.h"
+
 static char *database_name;
 static Resource *i18nResource;
 
@@ -336,7 +342,7 @@ XP_GetClientStr(int key)
     resstring = res_getstring(i18nResource, keybuf, lang,
                               NULL, 0, &rc);
     if (rc) {
-        dsgw_emitf("The message keyword id [%d] was not found\n", key);
+        fprintf(stderr, "The message keyword id [%d] was not found\n", key);
     }
     return resstring;
 }
@@ -351,3 +357,43 @@ XP_InitStringDatabase(const char *path, const char *dbname)
     SetLanguage(ADMIN_LANGUAGE, "");
     SetLanguage(DEFAULT_LANGUAGE, "");
 }
+
+/*
+  This function will return the appropriate locale to use
+  for ICU functions based on the HTTP_ACCEPT_LANGUAGE
+*/
+char *
+dsgw_get_locale_from_accept_language()
+{
+    UErrorCode err = U_ZERO_ERROR;
+    UEnumeration *available = ures_openAvailableLocales(NULL, &err);
+    UAcceptResult outResult;
+    char *returnlocale = NULL;
+    int32_t needlen = 0;
+
+    if (U_FAILURE(err)) {
+        fprintf(stderr, "Error: ures_openAvailableLocales(): %d:%s\n", err, u_errorName(err));
+        return NULL;
+    }
+
+    needlen = 20;
+    returnlocale = (char *)malloc(sizeof(char) * needlen);
+    needlen = uloc_acceptLanguageFromHTTP(returnlocale, needlen, &outResult, GetClientLanguage(),
+                                          available, &err);
+
+    if(err == U_BUFFER_OVERFLOW_ERROR) {
+        err = U_ZERO_ERROR;
+        returnlocale = (char *)realloc(returnlocale, sizeof(char) * (needlen + 1));
+        needlen = uloc_acceptLanguageFromHTTP(returnlocale, needlen, &outResult, GetClientLanguage(),
+                                              available, &err);
+    }
+
+    if (U_FAILURE(err)) {
+        free(returnlocale);
+        returnlocale = NULL;
+        fprintf(stderr, "Error: uloc_acceptLanguageFromHTTP(%s): %d:%s\n", GetClientLanguage(), err, u_errorName(err));
+        return NULL;
+    }
+
+    return returnlocale;
+}
diff --git a/dsgwi18n.h b/dsgwi18n.h
index 839668d..12027ea 100644
--- a/dsgwi18n.h
+++ b/dsgwi18n.h
@@ -143,6 +143,12 @@ XP_GetClientStr(int);
 PR_EXTERN( void )
 XP_InitStringDatabase(const char *path, const char *dbname);
 
+/* Return the most appropriate locale to use based on 
+   the HTTP_ACCEPT_LANGUAGE setting - return memory is
+   malloced and should be freed after use
+*/
+char *dsgw_get_locale_from_accept_language();
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/dsgwutil.c b/dsgwutil.c
index efaa836..2846761 100644
--- a/dsgwutil.c
+++ b/dsgwutil.c
@@ -64,14 +64,8 @@ char *dsgw_html_body_colors = "";	/* reset by dsgw_init() */
 
 /*Global context variable, telling the CGI's where to look for the config file*/
 char            *context = NULL;        /* Gotten from the QUERY_STRING */
-char            *langwich = NULL;       /* The language that libsi18n 
-					   picks from acceptlang*/
-char            *countri = NULL;       /* The country that libsi18n 
-					   picks from acceptlang*/
 
 
-static void figure_out_langwich(void);
-
 /*
  * dsgw_init -- initialize a dsgw CGI program:
  *	set "progname" global based on "progpath" (normally argv[0])
@@ -173,21 +167,6 @@ dsgw_init( int argc, char **argv, int methods_handled )
 	    s = &((*s)->dsgwsubst_next);
 	}
     }
-
-    /* Figure out the language that libsi18n is using */
-    figure_out_langwich();
-
-    /* Get the port and servername */
-    if (method == DSGW_METHOD_POST) {
-	 if (( s = dsgw_get_cgi_var( "ldapport", DSGW_CGIVAR_OPTIONAL )) != NULL ) {
-	      gc->gc_ldapport = atoi( s );
-	      free( s );
-	 }
-	 if (( s = dsgw_get_cgi_var( "ldapserver", DSGW_CGIVAR_OPTIONAL )) != NULL ) {
-	      gc->gc_ldapserver = s;
-	 }
-	 
-    }
     
     if (( s = getenv( "HTTPS" )) == NULL || strcasecmp( s, "on" ) == 0 ||
 	    ( s = getenv( "HTTPS_KEYSIZE" )) == NULL ) {
@@ -1137,53 +1116,6 @@ dsgw_time_plus_sec (time_t l, long r)
 }
 
 /*
- * Function: figure_out_langwich
- *
- * Returns: nothing
- *
- * Description: figures out the language/locale that libsi18n will
- *              use. This is so that non libsi18n functions can display
- *              stuff in the same language.
- *
- * Author: RJP
- *
- */
-static void
-figure_out_langwich(void)
-{
-  char *path   = NULL;
-  char *iter   = NULL;
-  char *p      = NULL;
-  char *before = NULL;
-
-  /* Get a path to the html directory */
-  path = dsgw_file2path( gc->gc_configdir, "dsgwfilter.conf");
-
-  before = path;
-
-  /* Find the lang subdirectory part */
-  for ( p = ldap_utf8strtok_r( path, DSGW_PATHSEP_STR, &iter );
-       p != NULL && *p != '\0' && strcmp(p, "dsgwfilter.conf") != 0;
-       p = ldap_utf8strtok_r( NULL, DSGW_PATHSEP_STR, &iter )){
-    before = p;
-  }
-  
-  /* If there is one, copy it. */
-  if (before != NULL && *before != '\0') {
-    langwich = dsgw_ch_strdup(before);
-  }
-  
-  iter = NULL;
-
-  /* split off any country specification */
-  ldap_utf8strtok_r( langwich, "-", &iter );
-  countri = iter;
-
-  free (path);
-
-}
-
-/*
  *      Accept-Language = "Accept-Language" ":"
  *                        1#( language-range [ ";" "q" "=" qvalue ] )
  *      language-range  = ( ( 1*8ALPHA *( "-" 1*8ALPHA ) ) | "*" )
diff --git a/emitauth.c b/emitauth.c
index fa40efb..1605ac7 100644
--- a/emitauth.c
+++ b/emitauth.c
@@ -137,6 +137,13 @@ emit_file (char* filename, char* authdesturl, char *user )
     auto char line[ BIG_LINE ];
     auto int argc;
     auto char **argv, *escaped_dn;
+    char *authdestdn = NULL;
+
+    if (authdesturl) {
+	if (!(authdestdn = dsgw_get_cgi_var( "authdestdn", DSGW_CGIVAR_OPTIONAL ))) {
+	    authdestdn = "";
+	}
+    }	
 
     if ( user != NULL ) {
 	escaped_dn = dsgw_strdup_escaped( user );
@@ -198,6 +205,8 @@ emit_file (char* filename, char* authdesturl, char *user )
 		if ( authdesturl != NULL ) {
 		    dsgw_emitf ("<INPUT TYPE=hidden NAME=authdesturl VALUE=\"%s\">\n",
 				authdesturl);
+		    dsgw_emitf ("<INPUT TYPE=hidden NAME=authdestdn VALUE=\"%s\">\n",
+				authdestdn);
 		}
 
 	    } else if ( dsgw_directive_is( line, "DS_AUTH_SEARCH_NAME" )) {
@@ -228,6 +237,8 @@ emit_file (char* filename, char* authdesturl, char *user )
 		if ( authdesturl != NULL ) {
 		    dsgw_emitf ("<INPUT TYPE=hidden NAME=authdesturl VALUE=\"%s\">\n",
 				authdesturl );
+		    dsgw_emitf ("<INPUT TYPE=hidden NAME=authdestdn VALUE=\"%s\">\n",
+				authdestdn );
 		}
 
 	    } else if ( dsgw_directive_is( line, "DS_AUTH_PASSWORD_SCRIPT" )) {
@@ -260,11 +271,15 @@ emit_file (char* filename, char* authdesturl, char *user )
 		if ( authdesturl != NULL ) {
 		    dsgw_emitf ("<INPUT type=hidden name=authdesturl value=\"%s\">\n",
 				authdesturl );
+		    dsgw_emitf ("<INPUT type=hidden name=authdestdn value=\"%s\">\n",
+				authdestdn );
 		}
 
 	    } else if ( dsgw_directive_is( line, "DS_AUTH_PASSWORD_NAME" )) {
 		auto char** xdn = ldap_explode_dn( user, 1 );
-		dsgw_emits( xdn[ 0 ] );
+		if (xdn && xdn[0]) {
+		    dsgw_emits( xdn[ 0 ] );
+		}
 		ldap_value_free( xdn );
 
 	    } else if ( dsgw_directive_is( line, "DS_AUTH_PASSWORD_BUTTONS" )) {
diff --git a/entrydisplay.c b/entrydisplay.c
index 8486adf..b049dc8 100644
--- a/entrydisplay.c
+++ b/entrydisplay.c
@@ -701,9 +701,6 @@ dsgw_display_done( dsgwtmplinfo *tip, char *dn )
 	    DSGW_CGIVAR_OPTIONAL );
     if ( jscomp != NULL ) {
 	dsgw_emit_completion_javascript(jscomp, dn ? dn : "");
-	dsgw_emits( "<SCRIPT LANGUAGE=\"JavaScript\">\n" );
-	dsgw_emitf( "eval('%s');\n", jscomp );
-	dsgw_emits( "</SCRIPT>\n" );
     }
 
     fflush( stdout );
@@ -769,7 +766,8 @@ output_prelude( dsgwtmplinfo *tip )
 	dsgw_quote_emits (QUOTATION_JAVASCRIPT, urlprefix);
 	dsgw_emits( ";\n"
 		"    } else {\n"
-		"\tdocument.editEntryForm.authdesturl.value = editURL;\n"
+		"\tdocument.editEntryForm.authdesturl.value = 'edit';\n"
+		"\tdocument.editEntryForm.authdestdn.value = encodeddn;\n"
 		"\ta = open(");
 	dsgw_quote_emits (QUOTATION_JAVASCRIPT, urlprefix);
 
@@ -816,7 +814,7 @@ output_prelude( dsgwtmplinfo *tip )
 	dsgw_emits( "var changetype = '';\n\n" );
 	dsgw_emits( "function confirmModify(ctype, prompt)\n{\n" );
 	dsgw_emits( "	changetype = ctype;\n" );
-	dsgw_emit_confirm (NULL, "opener.submitModify(opener.changetype);", NULL/*no*/,
+	dsgw_emit_confirm (NULL, "CONFIRMVALUE2", NULL/*no*/,
 			   NULL /* options */, 0, "prompt");
 	dsgw_emits( "}\n" );
 
@@ -847,7 +845,7 @@ output_prelude( dsgwtmplinfo *tip )
 	                               dsgw_getvp( DSGW_CGINUM_DNEDIT ), encodeddn, context );
 	    dsgw_emits( "    if( !changesMade() ) window.location.href = DNEditURL;\n"
 		        "    else {\n");
-	    dsgw_emit_confirm( NULL, "opener.location.href = opener.DNEditURL;", NULL/*no*/,
+	    dsgw_emit_confirm( NULL, "CONFIRMVALUE3", NULL/*no*/,
 			       XP_GetClientStr(DBT_continueWithoutSavingWindow_), 1,
 			       XP_GetClientStr(DBT_continueWithoutSaving_));
 	    dsgw_emits( "    }\n");
@@ -866,7 +864,7 @@ output_prelude( dsgwtmplinfo *tip )
 	dsgw_emits( "function closeIfOK()\n{\n"
 		    "    if ( !changesMade() ) top.close();\n"
 		    "    else {\n" );
-	dsgw_emit_confirm( NULL, "opener.top.close();", NULL/*no*/,
+	dsgw_emit_confirm( NULL, "CONFIRMVALUE4", NULL/*no*/,
 			   XP_GetClientStr(DBT_discardChangesWindow_), 1,
 			   XP_GetClientStr(DBT_discardChanges_));
 	dsgw_emits( "    }\n}\n" );
@@ -2015,14 +2013,8 @@ dn_display( struct dsgw_attrdispinfo *adip )
     }
 
     if (( adip->adi_opts & DSGW_ATTROPT_LINK2EDIT ) != 0 ) {
-	auto const char* vp = dsgw_getvp( DSGW_CGINUM_EDIT );
-	/* urlprefix = vp + "?&context=CONTEXT&dn=": */
-	auto const size_t vplen = strlen (vp);
-	urlprefix = dsgw_ch_malloc (vplen + 6 + strlen(context) + 9);
-	memcpy( urlprefix, vp, vplen );
-	strcat( urlprefix, "?&context=");
-	strcat( urlprefix, context);
-	strcat( urlprefix, "&dn=");
+	urlprefix = PR_smprintf("%s?context=%s&dn=",
+				dsgw_getvp( DSGW_CGINUM_EDIT ), context);
     } else {
 	urlprefix = dsgw_build_urlprefix();
     }
@@ -2131,7 +2123,7 @@ dn_display( struct dsgw_attrdispinfo *adip )
 	dsgw_emits( "</SCRIPT>\n" );
     }
 
-    free( urlprefix );
+    PR_smprintf_free( urlprefix );
 }
 
 
@@ -2587,6 +2579,7 @@ do_editbutton( char *dn, char *encodeddn, int argc, char **argv )
     }
 
     dsgw_emitf( "<INPUT TYPE=\"hidden\" NAME=\"authdesturl\">\n"
+	    "<INPUT TYPE=\"hidden\" NAME=\"authdestdn\">\n"
 	    "<INPUT TYPE=\"button\" VALUE=\"%s\" "
 	    "onClick=\"authOrEdit('%s')\">\n", buttonlabel, encodeddn );
 }
@@ -3127,11 +3120,7 @@ dsgw_time(time_t secs_since_1970)
   int32_t myStrlen = 0;
 
   /* Create a Date/Time Format using the locale */
-  if (countri) {
-	  locale = PR_smprintf("%s_%s", langwich, countri);
-  } else {
-	  locale = PR_smprintf("%s", langwich);
-  }
+  locale = dsgw_get_locale_from_accept_language();
 
   edatefmt = udat_open(
 	  UDAT_DEFAULT, /* default date style for locale */
@@ -3141,24 +3130,10 @@ dsgw_time(time_t secs_since_1970)
 	  NULL, 0, /* no pattern */
 	  &err);
 
-  PR_smprintf_free(locale);
+  free(locale);
   locale = NULL;
 
   if (!edatefmt || (err != U_ZERO_ERROR)) {
-	  if (edatefmt) {
-		  udat_close(edatefmt);
-	  }
-	  err = U_ZERO_ERROR;
-	  edatefmt = udat_open(
-		  UDAT_DEFAULT, /* default date style for locale */
-		  UDAT_DEFAULT, /* default time style for locale */
-		  gc->gc_DefaultLanguage, /* default language */
-		  NULL, 0, /* use default timezone */
-		  NULL, 0, /* no pattern */
-		  &err);
-  }
-
-  if (!edatefmt || (err != U_ZERO_ERROR)) {
     dsgw_error( DSGW_ERR_LDAPGENERAL, NULL, DSGW_ERROPT_EXIT, err, NULL );
     /*fprintf(stderr, "ERROR: NLS_NewDateTimeFormat(0): %d\n", err);*/
   }
diff --git a/htmlout.c b/htmlout.c
index 45bfa87..c8a2ae0 100644
--- a/htmlout.c
+++ b/htmlout.c
@@ -514,6 +514,47 @@ dsgw_emit_completion_javascript(
     return;
 }
 
+void
+dsgw_emit_confirm_script()
+{
+    char *yes_key_str = dsgw_get_cgi_var("YES", DSGW_CGIVAR_OPTIONAL);
+/*    char *no_key_str = dsgw_get_cgi_var("NO", DSGW_CGIVAR_OPTIONAL); unused apparently */
+    int yes_key, no_key;
+    char *yes = NULL, *no = NULL;
+
+    if (!yes_key_str) {
+	yes_key = 0;
+    } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE1")) {
+	yes_key = DBT_confirmValue1;
+    } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE2")) {
+	yes_key = DBT_confirmValue2;
+    } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE3")) {
+	yes_key = DBT_confirmValue3;
+    } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE4")) {
+	yes_key = DBT_confirmValue4;
+    } else if (!strcasecmp(yes_key_str, "CONFIRMVALUE5")) {
+	yes_key = DBT_confirmValue5;
+    }
+    no_key = 0; /* unused apparently */
+
+    yes = XP_GetClientStr(yes_key);
+
+    dsgw_emitf ("<SCRIPT LANGUAGE=JavaScript><!--\n"
+		"function OK() {\n");
+    if (yes) dsgw_emitf ("    %s\n", yes);
+    dsgw_emits ("    top.close();\n"
+		"}\n"
+		"\n"
+		"function Cancel() {\n");
+    if (no) dsgw_emitf ("    %s\n", no);
+    dsgw_emits ("    top.close();\n"
+		"}\n"
+		"// -->\n"
+		"</SCRIPT>\n");
+
+    return;
+}
+
 /*
   emacs settings
   Local Variables:
diff --git a/htmlparse.c b/htmlparse.c
index 873ae57..5653212 100644
--- a/htmlparse.c
+++ b/htmlparse.c
@@ -439,7 +439,7 @@ dsgw_submit(int verify, char **vars)
         dsgw_emits ("<SCRIPT language=JavaScript><!--\n"
 		    "function verify(form)\n{\n"
 		    "    window.confirmedForm = form;\n");
-	dsgw_emit_confirm (NULL, "opener.confirmedForm.submit();", NULL /* no */,
+	dsgw_emit_confirm (NULL, "CONFIRMVALUE5", NULL /* no */,
 			   XP_GetClientStr(DBT_doYouReallyWantToWindow_), 1,
 			   XP_GetClientStr(DBT_doYouReallyWantTo_), vars[0]);
         dsgw_emits ("}\n"
diff --git a/lang.c b/lang.c
index 11cf1fb..51051b2 100644
--- a/lang.c
+++ b/lang.c
@@ -95,23 +95,7 @@ doc_convert( FILE** fpp, char* stop_at_directive, int erropts )
 		dsgw_emit_button (argc, argv, "onClick=\"top.close()\"");
 
 	    } else if ( dsgw_directive_is( line, "DS_CONFIRM_SCRIPT" )) {
-		{
-		    auto char* yes = dsgw_get_cgi_var ("YES", DSGW_CGIVAR_OPTIONAL);
-		    auto char* no  = dsgw_get_cgi_var ("NO",  DSGW_CGIVAR_OPTIONAL);
-		    dsgw_emitf ("<SCRIPT LANGUAGE=JavaScript><!--\n"
-				"function OK() {\n");
-		    if (yes) dsgw_emitf ("    %s\n", yes);
-		    dsgw_emits ("    top.close();\n"
-				"}\n"
-				"\n"
-				"function Cancel() {\n");
-		    if (no) dsgw_emitf ("    %s\n", no);
-		    dsgw_emits ("    top.close();\n"
-				"}\n"
-				"// -->\n"
-				"</SCRIPT>\n");
-		}
-
+		dsgw_emit_confirm_script();
 	    } else if ( dsgw_directive_is( line, "DS_CONFIRM_BUTTON_OK" )) {
 		dsgw_emitf ("<INPUT TYPE=BUTTON VALUE=\"%s\" onClick=\"parent.OK()\">\n",
 			    XP_GetClientStr(DBT_ok_2));
diff --git a/ldaputil.c b/ldaputil.c
index e926f8b..f0cacbb 100644
--- a/ldaputil.c
+++ b/ldaputil.c
@@ -535,10 +535,9 @@ dsgw_pattern_search( LDAP *ld, char *listtmpl,
 void
 dsgw_ldapurl_search( LDAP *ld, char *ldapurl )
 {
-    int			rc, ec, saveport, did_init_ldap;
+    int			rc, ec, did_init_ldap;
     LDAPMessage		*msgp;
     LDAPURLDesc		*ludp;
-    char		*saveserver;
     unsigned long	no_options = 0;
     int                 one_attr = 0;
 
@@ -562,10 +561,6 @@ dsgw_ldapurl_search( LDAP *ld, char *ldapurl )
     }
 
     if ( ld == NULL ) {
-	saveserver = gc->gc_ldapserver;
-	gc->gc_ldapserver = ludp->lud_host;
-	saveport = gc->gc_ldapport;
-	gc->gc_ldapport = ludp->lud_port;
 	one_attr = ( ludp->lud_attrs != NULL && ludp->lud_attrs[ 0 ] != NULL && ludp->lud_attrs[ 1 ] == NULL );
 	(void)dsgw_init_ldap( &ld, NULL, 0, one_attr );
 	did_init_ldap = 1;
@@ -593,8 +588,6 @@ dsgw_ldapurl_search( LDAP *ld, char *ldapurl )
 
     if ( did_init_ldap ) {
 	ldap_unbind( ld );
-	gc->gc_ldapserver = saveserver;
-	gc->gc_ldapport = saveport;
     }
 }
 
diff --git a/newentry.c b/newentry.c
index 07f746c..c15d9e8 100644
--- a/newentry.c
+++ b/newentry.c
@@ -251,57 +251,29 @@ emit_file (char* filename, dsgwnewtype* entType)
 static char*
 compute_newurl()
 {
-    char *tmplname = "tmplname=";
-    size_t tmplnamelen = strlen(tmplname);
-    auto char* entryType = dsgw_get_cgi_var( "entrytype", DSGW_CGIVAR_REQUIRED );
-    auto char* entryName = dsgw_get_cgi_var( "entryname", DSGW_CGIVAR_REQUIRED );
-    auto char* rdnTag    = dsgw_get_cgi_var( "rdntag",    DSGW_CGIVAR_REQUIRED );
-    auto char* dnSuffix  = dsgw_get_cgi_var( "selectLocation", DSGW_CGIVAR_OPTIONAL );
-    auto size_t entryTypeLen = strlen (entryType);
-    auto size_t entryNameLen = strlen (entryName);
-    auto size_t rdnTagLen    = strlen (rdnTag);
-    auto size_t dnSuffixLen;
-    auto char* dn;
-    auto char* newurl = NULL;
+    char* entryType = dsgw_get_cgi_var( "entrytype", DSGW_CGIVAR_REQUIRED );
+    char* entryName = dsgw_get_cgi_var( "entryname", DSGW_CGIVAR_REQUIRED );
+    char* rdnTag    = dsgw_get_cgi_var( "rdntag",    DSGW_CGIVAR_REQUIRED );
+    char* dnSuffix  = dsgw_get_cgi_var( "selectLocation", DSGW_CGIVAR_OPTIONAL );
+    char* dn;
+    char* edn;
+    char* newurl = NULL;
+    int escapeName = (strchr (entryName, ',') || strchr (entryName, ';'));
 
     if (!dnSuffix || !*dnSuffix) {
 	dnSuffix = dsgw_get_cgi_var( "dnsuffix",  DSGW_CGIVAR_REQUIRED );
     }
-    dnSuffixLen = strlen (dnSuffix);
-    dn = dsgw_ch_malloc (rdnTagLen + 1 + entryNameLen + 2 + 1 + dnSuffixLen + 1);
-    memcpy (dn, rdnTag, rdnTagLen + 1);
-    strcat (dn, "=");
-    if ( strchr (entryName, ',') || strchr (entryName, ';') ) {
-	strcat (dn, "\"");
-	strcat (dn, entryName);
-	strcat (dn, "\"");
-    } else {
-	strcat (dn, entryName);
-    } 
-    strcat (dn, ",");
-    strcat (dn, dnSuffix);
-    {
-	auto char* edn = dsgw_strdup_escaped (dn);
-	auto const char* const prefix = DSGW_URLPREFIX_CGI_HTTP "edit?";
-	auto const char* const suffix = "&ADD=1";
-	auto const size_t ednLen = strlen (edn);
-	auto const size_t prefixLen = strlen (prefix);
-	auto const size_t suffixLen = strlen (suffix);
-	auto const size_t contextLen = strlen (context) + 9;
-
-	newurl = dsgw_ch_malloc (prefixLen + tmplnamelen + entryTypeLen + contextLen + suffixLen + 4 + ednLen + 1);
+    dn = PR_smprintf("%s=%s%s%s,%s",
+		     rdnTag, escapeName ? "\"" : "",
+		     entryName, escapeName ? "\"" : "",
+		     dnSuffix);
+    edn = dsgw_strdup_escaped (dn);
+    free(dn);
+		     
+    newurl = PR_smprintf(DSGW_URLPREFIX_CGI_HTTP "%s?tmplname=%s&context=%s&ADD=1&dn=%s",
+			 dsgw_getvp( DSGW_CGINUM_EDIT ), entryType, context, edn);
+    free(edn);
 
-	memcpy (newurl, prefix, prefixLen + 1);
-    strcat (newurl, tmplname);
-	strcat (newurl, entryType);
-	strcat (newurl, "&context=");
-	strcat (newurl, context);
-	strcat (newurl, suffix);
-	strcat (newurl, "&dn=");
-	strcat (newurl, edn);
-	free (edn);
-    }
-    free (dn);
     return newurl;
 }
 
@@ -357,7 +329,7 @@ get_request(char *docname, char *etype)
 static void
 post_request()
 {
-    auto char* newurl = compute_newurl();
+    char* newurl = compute_newurl();
     if (client_is_authenticated()) {
 	/* Direct the client to GET newurl */
 	dsgw_emits ("<HTML>" );
@@ -416,3 +388,11 @@ main( argc, argv, env )
     }
     exit( 0 );
 }
+
+/*
+  emacs settings
+  Local Variables:
+  indent-tabs-mode: t
+  tab-width: 8
+  End:
+*/
diff --git a/pbconfig/list-Auth.html.in b/pbconfig/list-Auth.html.in
index 91eee19..abc4a3d 100644
--- a/pbconfig/list-Auth.html.in
+++ b/pbconfig/list-Auth.html.in
@@ -37,7 +37,7 @@
  All rights reserved.
   --- END COPYRIGHT BLOCK ---  -->
 <!-- ---------------------------------------------------------------------------
- |  $Id: list-Auth.html.in,v 1.1 2008/01/14 22:31:23 nkinder Exp $
+ |  $Id: list-Auth.html.in,v 1.2 2008/02/27 03:36:50 rmeggins Exp $
  |
  | AUTHOR: 
  |
@@ -76,6 +76,9 @@
 <INPUT TYPE="hidden" NAME="authdesturl"
 <!-- DS_POSTEDVALUE "name=authdesturl" "within=VALUE=%22--value--%22" -->
 >
+<INPUT TYPE="hidden" NAME="authdestdn"
+<!-- DS_POSTEDVALUE "name=authdestdn" "within=VALUE=%22--value--%22" -->
+>
 <!-- PCONTEXT -->
 </FORM>
 
diff --git a/search.c b/search.c
index f60a33d..0a5fb54 100644
--- a/search.c
+++ b/search.c
@@ -150,10 +150,8 @@ get_request(char *docname)
 				     argc > 0 ? argv[0] : "");
 		    dsgw_emitf ("\n"
 				"<INPUT TYPE=hidden NAME=\"mode\" VALUE=\"smart\">\n"
-				"<INPUT TYPE=hidden NAME=\"base\" VALUE=\"%s\">\n"
-				"<INPUT TYPE=hidden NAME=\"ldapserver\" VALUE=\"%s\">\n"
-				"<INPUT TYPE=hidden NAME=\"ldapport\" VALUE=\"%d\">\n",
-				gc->gc_ldapsearchbase, gc->gc_ldapserver, gc->gc_ldapport );
+				"<INPUT TYPE=hidden NAME=\"base\" VALUE=\"%s\">\n",
+				gc->gc_ldapsearchbase );
 		} else if ( dsgw_directive_is( line, "DS_SEARCH_BASE" )) {
 #ifdef NOTFORNOW
 		/* ldap_dn2ufn currently gobbles up 'dc' so don't use */
@@ -201,3 +199,11 @@ struct ldap_searchobj *sop
     }
     dsgw_emits( "</SELECT>\n" );
 }
+
+/*
+  emacs settings
+  Local Variables:
+  indent-tabs-mode: t
+  tab-width: 8
+  End:
+*/
diff --git a/tests/dnedit/testget.4 b/tests/dnedit/testget.4
new file mode 100644
index 0000000..2f55093
--- /dev/null
+++ b/tests/dnedit/testget.4
@@ -0,0 +1 @@
+dn=uid=scarter,ou=people,dc=example,dc=com&template=template&attr=ou&desc=Description of OU attribute
\ No newline at end of file
diff --git a/tests/doauth/testpost.4 b/tests/doauth/testpost.4
index 72ce9b8..21415f7 100644
--- a/tests/doauth/testpost.4
+++ b/tests/doauth/testpost.4
@@ -1 +1 @@
-authdesturl=_authdesturl_param_
\ No newline at end of file
+authdesturl=http://badhost
\ No newline at end of file
diff --git a/tests/dosearch/testget.1 b/tests/dosearch/testget.1
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/dosearch/testget.1
diff --git a/tests/dosearch/testget.10 b/tests/dosearch/testget.10
new file mode 100644
index 0000000..e7bfd8e
--- /dev/null
+++ b/tests/dosearch/testget.10
@@ -0,0 +1 @@
+dn=cn=monitor&displaytemplate=person
\ No newline at end of file
diff --git a/tests/dosearch/testget.2 b/tests/dosearch/testget.2
new file mode 100644
index 0000000..2fcac5d
--- /dev/null
+++ b/tests/dosearch/testget.2
@@ -0,0 +1 @@
+ldq=foo?bar?baz?biff
\ No newline at end of file
diff --git a/tests/dosearch/testget.3 b/tests/dosearch/testget.3
new file mode 100644
index 0000000..4aea4ca
--- /dev/null
+++ b/tests/dosearch/testget.3
@@ -0,0 +1 @@
+ldq=objectclass
\ No newline at end of file
diff --git a/tests/dosearch/testget.4 b/tests/dosearch/testget.4
new file mode 100644
index 0000000..6962425
--- /dev/null
+++ b/tests/dosearch/testget.4
@@ -0,0 +1 @@
+dn=cn=config
\ No newline at end of file
diff --git a/tests/dosearch/testget.5 b/tests/dosearch/testget.5
new file mode 100644
index 0000000..f72a464
--- /dev/null
+++ b/tests/dosearch/testget.5
@@ -0,0 +1 @@
+dn=entrydoesnotexist
\ No newline at end of file
diff --git a/tests/dosearch/testget.6 b/tests/dosearch/testget.6
new file mode 100644
index 0000000..c332bad
--- /dev/null
+++ b/tests/dosearch/testget.6
@@ -0,0 +1 @@
+dn=cn=config&ldq=?sub?(objectclass=nsbackendinstance)
\ No newline at end of file
diff --git a/tests/dosearch/testget.7 b/tests/dosearch/testget.7
new file mode 100644
index 0000000..4e3080d
--- /dev/null
+++ b/tests/dosearch/testget.7
@@ -0,0 +1 @@
+dn=cn=config&ldq=?&sub=?(&objectclass=%3Dnsbackendinstance)
\ No newline at end of file
diff --git a/tests/dosearch/testget.8 b/tests/dosearch/testget.8
new file mode 100644
index 0000000..5b4ac4d
--- /dev/null
+++ b/tests/dosearch/testget.8
@@ -0,0 +1 @@
+dn=cn=config&ldq=objectclass,cn,modifyTimestamp
\ No newline at end of file
diff --git a/tests/dosearch/testget.9 b/tests/dosearch/testget.9
new file mode 100644
index 0000000..38a6134
--- /dev/null
+++ b/tests/dosearch/testget.9
@@ -0,0 +1 @@
+dn=cn=monitor&displaytemplate=doesnotexist
\ No newline at end of file
diff --git a/tests/dosearch/testpost.1 b/tests/dosearch/testpost.1
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/dosearch/testpost.1
diff --git a/tests/dosearch/testpost.2 b/tests/dosearch/testpost.2
new file mode 100644
index 0000000..8ee0831
--- /dev/null
+++ b/tests/dosearch/testpost.2
@@ -0,0 +1 @@
+mode=unknownmode&searchstring=searchstring&type=type&base=cn=config&listifone=true&editable=true&link2edit=true&dnlist_js=true
\ No newline at end of file
diff --git a/tests/dosearch/testpost.3 b/tests/dosearch/testpost.3
new file mode 100644
index 0000000..d9fbc10
--- /dev/null
+++ b/tests/dosearch/testpost.3
@@ -0,0 +1 @@
+mode=auth&searchstring=scarter&type=type&base=cn=config&listifone=true&editable=true&link2edit=true&dnlist_js=true
\ No newline at end of file
diff --git a/tests/dosearch/testpost.4 b/tests/dosearch/testpost.4
new file mode 100644
index 0000000..3c42689
--- /dev/null
+++ b/tests/dosearch/testpost.4
@@ -0,0 +1 @@
+mode=pattern&searchstring=scarter&type=person&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=objectclass&filterpattern=*
\ No newline at end of file
diff --git a/tests/dosearch/testpost.5 b/tests/dosearch/testpost.5
new file mode 100644
index 0000000..6a73218
--- /dev/null
+++ b/tests/dosearch/testpost.5
@@ -0,0 +1 @@
+mode=pattern&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=objectclass&filterpattern=*
\ No newline at end of file
diff --git a/tests/dosearch/testpost.6 b/tests/dosearch/testpost.6
new file mode 100644
index 0000000..c5cf6c8
--- /dev/null
+++ b/tests/dosearch/testpost.6
@@ -0,0 +1 @@
+mode=pattern&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=user id&filterpattern=uid=scarter&filterprefix=(|(&filtersuffix=)(objectclass=top))&searchdesc=This is the searchdesc field
\ No newline at end of file
diff --git a/tests/dosearch/testpost.7 b/tests/dosearch/testpost.7
new file mode 100644
index 0000000..dc9e2b9
--- /dev/null
+++ b/tests/dosearch/testpost.7
@@ -0,0 +1 @@
+mode=smart&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true
\ No newline at end of file
diff --git a/tests/dosearch/testpost.8 b/tests/dosearch/testpost.8
new file mode 100644
index 0000000..b6b4450
--- /dev/null
+++ b/tests/dosearch/testpost.8
@@ -0,0 +1 @@
+mode=complex&searchstring=scarter&type=People&base=dc=example,dc=com&listifone=true&editable=true&link2edit=true&dnlist_js=true&attr=user id&match=is&searchdesc=This is the searchdesc field
\ No newline at end of file
diff --git a/tests/edit/testget.13 b/tests/edit/testget.13
index f62d529..fcb3e2f 100644
--- a/tests/edit/testget.13
+++ b/tests/edit/testget.13
@@ -1 +1 @@
-info=&dn=uid=newuser,ou=people,dc=example,dc=com&dnattr=uid&dndesc=u i d&add=1&tmplname=person
\ No newline at end of file
+info=<SCRIPT language=JavaScript>You've just been p0wned!</SCRIPT>&dn=uid=newuser,ou=people,dc=example,dc=com&dnattr=uid&dndesc=u i d&add=1&tmplname=person
\ No newline at end of file
diff --git a/tests/lang/testget.13 b/tests/lang/testget.13
new file mode 100644
index 0000000..b57120b
--- /dev/null
+++ b/tests/lang/testget.13
@@ -0,0 +1 @@
+file=confirm.html&YES=CONFIRMVALUE1
\ No newline at end of file
diff --git a/tests/newentry/testget.1 b/tests/newentry/testget.1
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/newentry/testget.1
diff --git a/tests/newentry/testget.2 b/tests/newentry/testget.2
new file mode 100644
index 0000000..4051a46
--- /dev/null
+++ b/tests/newentry/testget.2
@@ -0,0 +1 @@
+file=/
\ No newline at end of file
diff --git a/tests/newentry/testget.3 b/tests/newentry/testget.3
new file mode 100644
index 0000000..48e747e
--- /dev/null
+++ b/tests/newentry/testget.3
@@ -0,0 +1 @@
+file=type
\ No newline at end of file
diff --git a/tests/newentry/testget.4 b/tests/newentry/testget.4
new file mode 100644
index 0000000..9876988
--- /dev/null
+++ b/tests/newentry/testget.4
@@ -0,0 +1 @@
+file=name
\ No newline at end of file
diff --git a/tests/newentry/testget.5 b/tests/newentry/testget.5
new file mode 100644
index 0000000..f7d21c6
--- /dev/null
+++ b/tests/newentry/testget.5
@@ -0,0 +1 @@
+file=name&etype=orgperson
\ No newline at end of file
diff --git a/tests/newentry/testpost.1 b/tests/newentry/testpost.1
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/newentry/testpost.1
diff --git a/tests/newentry/testpost.2 b/tests/newentry/testpost.2
new file mode 100644
index 0000000..843d5a7
--- /dev/null
+++ b/tests/newentry/testpost.2
@@ -0,0 +1 @@
+entrytype=People&entryname=newentry&rdntag=uid&selectLocation=dc=example,dc=com&dnsuffix=suffix
\ No newline at end of file
diff --git a/tests/search/testget.1 b/tests/search/testget.1
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/search/testget.1
diff --git a/tests/search/testget.2 b/tests/search/testget.2
new file mode 100644
index 0000000..c1306cd
--- /dev/null
+++ b/tests/search/testget.2
@@ -0,0 +1 @@
+file=string
\ No newline at end of file
diff --git a/tests/setup.sh b/tests/setup.sh
index 168e456..91c1144 100755
--- a/tests/setup.sh
+++ b/tests/setup.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 testdir="$1"
-sroot=/NotBackedUp/$USER/11srv
+sroot=/home/$USER/11srv
 port=1100
 secport=1101
 rootdn="cn=directory manager"
@@ -32,7 +32,7 @@ EOF
 fi
 
 if [ "$needdata" ] ; then
-$sroot/lib/dirsrv/slapd-localhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $sroot/share/dirsrv/data/Example.ldif
+$sroot/lib/dirsrv/slapd-vmhost/ldif2db.pl -D "$rootdn" -w "$rootpw" -n userRoot -i $sroot/share/dirsrv/data/Example.ldif
 sleep 10
 fi
 
@@ -81,8 +81,6 @@ dir=`pwd`
 #export ADMSERV_CONF_DIR
 #ADMSERV_LOG_DIR=$dir/testtmp
 #export ADMSERV_LOG_DIR
-HTTP_ACCEPT_LANGUAGE=en
-export HTTP_ACCEPT_LANGUAGE
 SERVER_URL=http://localhost
 export SERVER_URL
 
@@ -98,17 +96,19 @@ EOF
 #VGPREFIX="valgrind --tool=memcheck --leak-check=yes --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
 # These are CGI programs - they assume they will run for a very short period of time - they use exit() instead of free() :P
 VGPREFIX="valgrind --tool=memcheck --leak-check=no --suppressions=$HOME/valgrind.supp --num-callers=40 --suppressions=$testdir/valgrind.supp "
-#GDB="gdb -x .gdbinit "
+GDB="gdb -x .gdbinit "
 DEBUGCMD=VALGRIND
 #DEBUGCMD="$GDB"
 
-PROGS="dnedit"
+PROGS="lang"
 
 # use scripts for orgchart perl scripts
 SCRIPTS=""
 #ClientLanguage=en_US ; export ClientLanguage
 HTTP_ACCEPT_LANGUAGE=en_US ; export HTTP_ACCEPT_LANGUAGE
 
+#HTTP_COOKIE='nsdsgwauth=rndstr:cn=directory manager' ; export HTTP_COOKIE
+
 runATest() {
     prog="$1"
     shift
@@ -146,6 +146,7 @@ runATest() {
         if [ -f /tmp/$prog.debug.$basetest ] ; then
             echo "break main" > .gdbinit
         else
+            echo no match /tmp/$prog.debug.$basetest
             rm -f .gdbinit
         fi
 	if [ $type = "POST" ] ; then
@@ -192,9 +193,9 @@ runGetTestsForProg() {
 	ctxnum=1
 	for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
 	    if [ -s "$test" ] ; then
-		runATest "$prog" GET "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
+		runATest "$prog" GET "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
 	    else
-		runATest "$prog" GET "$test" .$ctxnum "context=$ctx&binddn=$rootdn&passwd=$rootpw"
+		runATest "$prog" GET "$test" .$ctxnum "context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
 	    fi
 	    ctxnum=`expr $ctxnum + 1`
 	done
@@ -211,7 +212,7 @@ runPostTestsForProg() {
 	runATest "$prog" POST "$test"
 	ctxnum=1
 	for ctx in "" "/" "." "../../../" "somebogusvalue" "pb" "dsgw" ; do
-	    runATest "$prog" POST "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw"
+	    runATest "$prog" POST "$test" .$ctxnum "&context=$ctx&binddn=$rootdn&passwd=$rootpw&password=$rootpw"
 	    ctxnum=`expr $ctxnum + 1`
 	done
     done
diff --git a/tests/valgrind.supp b/tests/valgrind.supp
index a9e7833..a91a126 100644
--- a/tests/valgrind.supp
+++ b/tests/valgrind.supp
@@ -4,7 +4,13 @@
    fun:__strcpy_chk
    fun:entryOpen
    fun:ures_open_3_6
-   fun:res_getstring
+}
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:__strcpy_chk
+   obj:/usr/lib64/libicuuc.so.36.0
+   fun:ures_open_3_6
 }
 {
    Problem with ICU
@@ -14,7 +20,6 @@
    fun:findFirstExisting
    fun:entryOpen
    fun:ures_open_3_6
-   fun:res_getstring
 }
 {
    Problem with ICU
@@ -23,7 +28,6 @@
    fun:init_entry
    fun:entryOpen
    fun:ures_open_3_6
-   fun:res_getstring
 }
 {
    Problem with ICU
@@ -31,7 +35,6 @@
    fun:dsgw_vxprintf
    fun:dsgw_emitfv
    fun:dsgw_emitf
-   fun:dsgw_html_begin
 }
 {
    Problem with sasl
@@ -40,3 +43,60 @@
    fun:_sasl_load_plugins
    fun:sasl_client_init
 }
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:__strcpy_chk
+   fun:entryOpen
+   fun:ures_open_3_6
+   fun:ucol_open_internal_3_6
+   fun:ucol_open_3_6
+}
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:u_strlen_3_6
+   fun:dsgw_strkeygen
+   fun:dsgw_keygen
+}
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:__strcpy_chk
+   fun:init_entry
+   fun:findFirstExisting
+   fun:entryOpen
+   fun:ures_openDirect_3_6
+}
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:__strcpy_chk
+   obj:/usr/lib64/libicuuc.so.36.0
+   obj:/usr/lib64/libicuuc.so.36.0
+   obj:/usr/lib64/libicuuc.so.36.0
+   fun:ures_openDirect_3_6
+}
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:__strcpy_chk
+   fun:ures_getFunctionalEquivalent_3_6
+}
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:__strcpy_chk
+   obj:/usr/lib64/libicuuc.so.36.0
+   obj:/usr/lib64/libicuuc.so.36.0
+   obj:/usr/lib64/libicuuc.so.36.0
+   fun:ures_open_3_6
+}
+{
+   Problem with ICU
+   Memcheck:Cond
+   fun:__strcpy_chk
+   obj:/usr/lib64/libicuuc.so.36.0
+   obj:/usr/lib64/libicuuc.so.36.0
+   fun:ures_open_3_6
+}