Index: html/includes/authentication/ldap.inc.php
===================================================================
--- html/includes/authentication/ldap.inc.php	(revision 5300)
+++ html/includes/authentication/ldap.inc.php	(working copy)
@@ -154,8 +154,8 @@
     // Find all defined groups $username is in
     $userdn = ($config['auth_ldap_groupmembertype'] == 'fulldn' ? ldap_dn_from_username($username) : $username);
     $filter = "(&(|(cn=" . join(")(cn=", array_keys($config['auth_ldap_groups'])) . "))(" . $config['auth_ldap_groupmemberattr'] . "=" . $userdn . "))";
-    if ($debug) { echo("LDAP[Filter][$filter]\n"); }
-    $search = ldap_search($ds, $config['auth_ldap_groupbase'], $filter);
+    print_debug("LDAP[Filter][$filter]\n");
+    $search = ldap_search($ds, $config['auth_ldap_groupbase'], addslashes($filter));
     $entries = ldap_get_entries($ds, $search);
 
     // Loop the list and find the highest level
@@ -168,7 +168,7 @@
       }
     }
 
-    if ($debug) { echo("LDAP[Userlevel][$userlevel]\n"); }
+    print_debug("LDAP[Userlevel][$userlevel]\n");
 
     $cache['ldap']['level'][$username] = $userlevel;
   }
@@ -189,14 +189,14 @@
 
   $filter = "(" . str_ireplace($config['auth_ldap_suffix'], '', $userdn) . ")";
   print_debug("LDAP[Filter][$filter][" . trim($config['auth_ldap_suffix'], ', ') . "]");
-  $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
+  $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), stripslashes($filter));
   $entries = ldap_get_entries($ds, $search);
 
   if ($entries['count'])
   {
     $userid = ldap_auth_user_id($entries[0]);
-    print_debug("LDAP[UserID][$userid]");
   }
+  print_debug("LDAP[UserID][$userid]");
 
   return $userid;
 }
@@ -343,7 +343,7 @@
   {
     ldap_init();
     $filter = "(" . $config['auth_ldap_attr']['uid'] . '=' . $username . ")";
-    if ($debug) { echo("LDAP[Filter][$filter][" . trim($config['auth_ldap_suffix'], ', ') . "]\n"); }
+    print_debug("LDAP[Filter][$filter][" . trim($config['auth_ldap_suffix'], ', ') . "]\n");
     $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
     $entries = ldap_get_entries($ds, $search);