From a4adff0c1860941a80dd7772ae8b1c01800d8823 Mon Sep 17 00:00:00 2001
From: "nils@teampass.net" <nils@teampass.net>
Date: Wed, 15 Jun 2016 20:49:26 +0200
Subject: [PATCH 1/2] 2.1.26

Fix: Impossible to proceed with 'password lost' process
Fix: OTV item not reachable
Missing Estonian files
---
 changelog.md                              |   2 +
 includes/language/datatables.estonian.txt |  17 +++
 includes/language/estonian_admin_help.php | 162 ++++++++++++++++++++++
 includes/language/estonian_kb.php         |   6 +
 index.php                                 |   7 +-
 load.php                                  |   3 +-
 otv.php                                   |   4 +-
 sources/core.php                          |  20 +--
 sources/main.queries.php                  |  11 +-
 9 files changed, 205 insertions(+), 27 deletions(-)
 create mode 100644 includes/language/datatables.estonian.txt
 create mode 100644 includes/language/estonian_admin_help.php
 create mode 100644 includes/language/estonian_kb.php

diff --git a/changelog.md b/changelog.md
index 89dfdaae5..1298ff2d1 100644
--- a/changelog.md
+++ b/changelog.md
@@ -43,6 +43,8 @@ Last changes
  FIX: Display inconsistancies in User log results
  Fix: Inconsistency in Delete & Restore process
  Fix: Errors in CSV import process
+ Fix: Impossible to proceed with 'password lost' process
+ Fix: OTV item not reachable
 
 2.1.25
  #1169 sending Google Authenticator code through index page
diff --git a/includes/language/datatables.estonian.txt b/includes/language/datatables.estonian.txt
new file mode 100644
index 000000000..cf3a1b5d5
--- /dev/null
+++ b/includes/language/datatables.estonian.txt
@@ -0,0 +1,17 @@
+{
+	"sProcessing":   "Processing...",
+	"sLengthMenu":   "Show _MENU_ entries",
+	"sZeroRecords":  "No matching records found",
+	"sInfo":         "Showing _START_ to _END_ of _TOTAL_ entries",
+	"sInfoEmpty":    "Showing 0 to 0 of 0 entries",
+	"sInfoFiltered": "(filtered from _MAX_ total entries)",
+	"sInfoPostFix":  "",
+	"sSearch":       "Search:",
+	"sUrl":          "",
+	"oPaginate": {
+		"sFirst":    "First",
+		"sPrevious": "Previous",
+		"sNext":     "Next",
+		"sLast":     "Last"
+	}
+}
\ No newline at end of file
diff --git a/includes/language/estonian_admin_help.php b/includes/language/estonian_admin_help.php
new file mode 100644
index 000000000..3f025eb99
--- /dev/null
+++ b/includes/language/estonian_admin_help.php
@@ -0,0 +1,162 @@
+<?php
+$LANG['help_on_folders'] = "<div class='ui-state-highlight ui-corner-all' style='padding:5px;font-weight:bold;'>
+This page is used in order to create and manage FOLDERS.<br />
+A folder is needed to organize your items. It is similare to windows file directories.<br />
+<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>Lowest level of folder is called ROOT.<br />
+<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>All folders and subfolders create the tree structure.<br />
+<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>Each folder is associated to a depth level in the tree structure.
+</div>
+<div id='accordion'>
+    <h3><a href='#'>Add a new FOLDER</a></h3>
+    <div>
+        Just click on icon <img src='includes/images/folder--plus.png' alt='' />. A dedicated dialogbox will appear in which you will have to enter:<br />
+        - the folder's label or title<br />
+        - its parent's folder (each folder is the subfolder of an other one)<br />
+        - a complexity level (complexity level is used for password complexity. When creating a new item, associated password cannot be less complexe than the level required)<br />
+        - a renewal period expressed in months (is needed in order to force password renewal after a specific period).
+    </div>
+    <h3><a href='#'>Edit an existing folder</a></h3>
+    <div>
+        In order to change the label, the complexity, the parent folder or the renewal period, you just have to click in the cell.<br />
+        This will make the cell editable. Change the value and click on icon <img src='includes/images/disk_black.png' alt='' /> to save, or on icon <img src='includes/images/cross.png' alt='' /> to cancel.<br />
+        <p style='text-align:center;'>
+        <img src='includes/images/help/folders_1.png' alt='' />
+        </p>
+        <div style='margin:10px Opx 0px 20px;'>
+            Notice that if you change the parent folder, then all subfolders of the changed folder will be moved.
+        </div>
+    </div>
+    <h3><a href='#'>Delete a Folder</a></h3>
+    <div>
+        You can decide to give to delete a folder. To do so, just click on icon <img src='includes/images/folder--minus.png' alt='' />.<br />
+        This will delete all items inside the folder as all subfolders ... be carefull!!!!
+        <p style='text-align:center;'>
+        <img src='includes/images/help/folders_2.png' alt='' />
+        </p>
+    </div>
+    <h3><a href='#'>Special tweaks</a></h3>
+    <div>
+        Two tweaks exist on folder.<br />
+        The 1st allows item creation without respecting the required complexity level for the password.<br />
+        The 2d allows item modification without respecting the required complexity level for the password.<br />
+        You can also combine both of them.<br />
+        You can also use them temporarly.
+        <p style='text-align:center;'>
+        <img src='includes/images/help/folders_3.png' alt='' />
+        </p>
+    </div>
+</div>";
+$LANG['help_on_roles'] = "<div class='ui-state-highlight ui-corner-all' style='padding:5px;font-weight:bold;'>
+This page is used in order to create and manage ROLES.<br />
+A role is associated to a set of allowed and forbidden folders.<br />
+Once several roles are defined, you can associate USERS to them.
+</div>
+<div id='accordion'>
+    <h3><a href='#'>Add a new ROLE</a></h3>
+    <div>
+        Just click on icon <img src='includes/images/users--plus.png' alt='' />. A dedicated dialogbox will appear in which you will have to enter a title for this new ROLE.
+    </div>
+
+    <h3><a href='#'>Allow or Forbid a folder</a></h3>
+    <div>
+        You can use the matrix 'Roles vs Folders' to define the access rights. If a cell is red, then the role can't access to the folder, and if the cell is gree, then the role can access to the folder.<br />
+        In order to change the access, just click on the cell you want.<br/>
+        <p style='text-align:center;'>
+            <span style='text-align:center;'><img src='includes/images/help/roles_1.png' alt='' /></span>
+        </p>
+        In previous screen capture, you can see that folder 'Cleaner' is allowed to role 'Dev' but not for role 'Commercial'.
+    </div>
+
+    <h3><a href='#'>Refresh manually the matrix</a></h3>
+    <div>
+        Just click on icon <img src='includes/images/arrow_refresh.png' alt='' />.
+    </div>
+
+    <h3><a href='#'>Edit a role</a></h3>
+    <div>
+        You can change the title of a role with no impact on the parameters already done.<br />
+        Select the role you want to change, and click on icon <img src='includes/images/ui-tab--pencil.png' alt='' />.<br />
+        This will popup a dialogbox in which you will be asked to enter a new title.
+    </div>
+
+    <h3><a href='#'>Delete a role</a></h3>
+    <div>
+        You can decide to delete an existing role.<br />
+        Select the role you want to delete, and click on icon <img src='includes/images/ui-tab--minus.png' alt='' />.<br />
+        This will popup a dialogbox in which you will be asked to confirm the deletion.
+    </div>
+</div>";
+$LANG['help_on_users'] = "<div class='ui-state-highlight ui-corner-all' style='padding:5px;font-weight:bold;'>
+This page is used in order to create and manage USERS.<br />
+A user account is needed for each physical person that will have to use TeamPass.<br />
+<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>1st step is to set what ROLES the user has.<br />
+<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>2d step is to customize specific folders access or not.
+</div>
+<div id='accordion'>
+    <h3><a href='#'>Add a new USER</a></h3>
+    <div>
+        Just click on icon <img src='includes/images/user--plus.png' alt='' />. A dedicated dialogbox will appear in which you will have to enter:<br />
+        - the user's login<br />
+        - a password (can be generated and will be changed by user at 1st connection)<br />
+        - a valid email<br />
+        - if the user will be an Admin (full access to all functionnalities)<br />
+        - if the user will be a Manager (full rights on Items)<br />
+        - if the user could have Personal Folders
+    </div>
+    <h3><a href='#'>Add a ROLE to a USER</a></h3>
+    <div>
+        You can associate a USER to as many ROLES you want. For that, just click on icon <img src='includes/images/cog_edit.png' alt='' />.<br />
+        A specific dialogbox will appear in which you will have to tick or not the wanted roles.<br /><br />
+        When a ROLE is added to a USER, then the USER will access to the allowed folders of that ROLE and will have no access to the forbidden ones.<br /><br />
+        Now you can be more precise in the rights given to a USER by using the fields 'Allowed folders' and 'Forbidden folders'. Indeed, you can allowed or not some others folders even them specified in the ROLE.
+        <div style='margin:2px Opx 0px 20px;'>
+            For example:
+            <p style='margin-left:20px;margin-top: 2px;'>
+            - USER1 is associated to ROLE1 and ROLE2. <br />
+            - ROLE1 is set to allow access to folder F1 and F2. <br />
+            - F1 has 4 subfolders S1, S2, S3 and S4.<br />
+            - This means that USER1 has access to F1, F2, S1, S2, S3 and S4.<br />
+            - Now you can customize USER1 by forbidding the access to S4 using this page.
+            </p>
+        </div>
+    </div>
+    <h3><a href='#'>Is Administrator (GOD)</a></h3>
+    <div>
+        You can decide to give the GOD right to a user. To do so, just tick the box.<br />
+        GOD is allowed to anything in TeamPass with absolutely no restriction ... so be carefull!!!!
+        <p style='text-align:center;'>
+        <img src='includes/images/help/users_1.png' alt='' />
+        </p>
+    </div>
+    <h3><a href='#'>Is Manager</a></h3>
+    <div>
+        You can decide to give the MANAGER right to a user. To do so, just tick the box.<br />
+        A Manager can modify and delete items and folders, even them that he has not created.<br />
+        A manager has only access to the folders he/she is allowed to. So you can create several managers for dedicated departements.
+        <p style='text-align:center;'>
+        <img src='includes/images/help/users_2.png' alt='' />
+        </p>
+    </div>
+    <h3><a href='#'>Delete a USER</a></h3>
+    <div>
+        You can decide to give to delete a user. To do so, just click on icon <img src='includes/images/user--minus.png' alt='' />.
+        <p style='text-align:center;'>
+        <img src='includes/images/help/users_3.png' alt='' />
+        </p>
+    </div>
+    <h3><a href='#'>Change the User's password</a></h3>
+    <div>
+        You can decide to give to change the password of a user. To do so, just click on icon <img src='includes/images/lock__pencil.png' alt='' />.<br />
+        At 1st connection, the user will have to change it.
+        <p style='text-align:center;'>
+        <img src='includes/images/help/users_4.png' alt='' />
+        </p>
+    </div>
+    <h3><a href='#'>Change the User's email</a></h3>
+    <div>
+        You can decide to give to change the password of a user. To do so, just click on icon <img src='includes/images/mail--pencil.png' alt='' />.<br />
+        <p style='text-align:center;'>
+        <img src='includes/images/help/users_5.png' alt='' />
+        </p>
+    </div>
+</div>";
diff --git a/includes/language/estonian_kb.php b/includes/language/estonian_kb.php
new file mode 100644
index 000000000..2f809cc65
--- /dev/null
+++ b/includes/language/estonian_kb.php
@@ -0,0 +1,6 @@
+<?php
+$LANG['category'] = "Category";
+$LANG['kb'] = "Knowledge Base";
+$LANG['kb_anyone_can_modify'] = "Anyone can modify it";
+$LANG['kb_form'] = "Manage entries in KB";
+$LANG['new_kb'] = "Add a new KB";
diff --git a/index.php b/index.php
index 68ba9d1e2..d3ef44f2e 100644
--- a/index.php
+++ b/index.php
@@ -125,9 +125,9 @@
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <title>Teampass</title>
 <script type="text/javascript">
-            if (window.location.href.indexOf("page=") == -1 && window.location.href.indexOf("otv=") == -1) {
+            if (window.location.href.indexOf("page=") == -1 && (window.location.href.indexOf("otv=") == -1 || window.location.href.indexOf("action=") == -1)) {
                 if (window.location.href.indexOf("session_over=true") == -1) {
-                    location.replace("<?php echo $_SESSION['settings']['cpassman_url'];?>/index.php?page=items");
+                    //location.replace("<?php echo $_SESSION['settings']['cpassman_url'];?>/index.php?page=items");
                 } else {
                     location.replace("<?php echo $_SESSION['settings']['cpassman_url'];?>/logout.php");
                 }
@@ -305,9 +305,6 @@
         <input type="hidden" name="action_on_going" id="action_on_going" value="" />
         <input type="hidden" id="duo_sig_response" value="'.@$_POST['sig_response'].'">';
 
-echo '
-    ';
-
 echo '
     <div id="', (isset($_GET['page']) && $_GET['page'] == "items" && isset($_SESSION['user_id'])) ? "main_simple" : "main", '">';
 // MESSAGE BOX
diff --git a/load.php b/load.php
index 90641a9bd..f1ac77497 100644
--- a/load.php
+++ b/load.php
@@ -318,7 +318,7 @@ function GenerateNewPassword(key, login)
             \'"key":"\'+sanitizeString(key)+\'"}\';
         //send query
         $.post("sources/main.queries.php", {
-                type :    "generate_new_password",
+                type : "generate_new_password",
                 data : prepareExchangedData(data, "encode", "'.$_SESSION["key"].'")
             },
             function(data) {
@@ -987,7 +987,6 @@ function LoadCPMInfo()
                type    : "cpm_status"
             },
             function(data) {
-                console.log(">> "+data[0].output);
                 if (data[0].error == "connection") {
                     $("#CPM_infos").html("Server connection is impossible ... check your Internet/firewall configuration");
                 } else if (data[0].error == "conf_block") {
diff --git a/otv.php b/otv.php
index c63dd0636..b7f598a09 100644
--- a/otv.php
+++ b/otv.php
@@ -51,7 +51,7 @@
         $data['timestamp'] == $_GET['stamp']
     ) {
         // otv is too old
-        if ($data['timestamp'] < ( time() - ($_SESSION['settings']['otv_expiration_period'] * 86400) ) {
+        if ($data['timestamp'] < ( time() - ($_SESSION['settings']['otv_expiration_period'] * 86400))) {
             $html = "Link is too old!";
         } else {
             $dataItem = DB::queryfirstrow(
@@ -87,7 +87,7 @@
                 "</div>";
 
             // delete entry
-            DB::delete(prefix_table("otv"), "id = %i", intval($_GET['otv_id']));
+            DB::delete(prefix_table("otv"), "id = %i", $data['id']);
 
             // display
             echo $html;
diff --git a/sources/core.php b/sources/core.php
index 09b9cda03..8c244c5be 100644
--- a/sources/core.php
+++ b/sources/core.php
@@ -1,11 +1,11 @@
 <?php
 /**
- * @file		  core.php
+ * @file          core.php
  * @author        Nils Laumaillé
  * @version       2.1.26
  * @copyright     (c) 2009-2015 Nils Laumaillé
  * @licensing     GNU AFFERO GPL 3.0
- * @link    	  http://www.teampass.net
+ * @link          http://www.teampass.net
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -39,8 +39,8 @@ function redirect($url)
     isset($_SESSION['settings']['enable_sts']) &&
     $_SESSION['settings']['enable_sts'] == 1
 ) {
-	$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
-	redirect($url);
+    $url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+    redirect($url);
 }
 
 /* LOAD CPASSMAN SETTINGS */
@@ -118,8 +118,8 @@ function redirect($url)
 
 /* CHECK IF LOGOUT IS ASKED OR IF SESSION IS EXPIRED */
 if (
-        (isset($_GET['session']) && $_GET['session'] == "expired")
-        || (isset($_POST['session']) && $_POST['session'] == "expired")
+    (isset($_GET['session']) && $_GET['session'] == "expired")
+    || (isset($_POST['session']) && $_POST['session'] == "expired")
 ) {
     // REDIRECTION PAGE ERREUR
     echo '
@@ -135,7 +135,7 @@ function redirect($url)
 /* CHECK IF SESSION EXISTS AND IF SESSION IS VALID */
 if (!empty($_SESSION['fin_session'])) {
     $dataSession = DB::queryFirstRow(
-		"SELECT key_tempo FROM ".prefix_table("users")." WHERE id=%i",
+        "SELECT key_tempo FROM ".prefix_table("users")." WHERE id=%i",
         $_SESSION['user_id']
     );
 } else {
@@ -285,8 +285,8 @@ function redirect($url)
 if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
     // query on user
     $data = DB::queryfirstrow(
-		"SELECT admin, gestionnaire, can_manage_all_users, groupes_visibles, groupes_interdits, fonction_id FROM ".prefix_table("users")." WHERE id=%i",
-		$_SESSION['user_id']
+        "SELECT admin, gestionnaire, can_manage_all_users, groupes_visibles, groupes_interdits, fonction_id FROM ".prefix_table("users")." WHERE id=%i",
+        $_SESSION['user_id']
     );
 
     //Check if user has been deleted or unlogged
@@ -308,7 +308,7 @@ function redirect($url)
         // update user's rights
         $_SESSION['user_admin'] = $data['admin'];
         $_SESSION['user_manager'] = $data['gestionnaire'];
-		$_SESSION['user_can_manage_all_users'] = $data['can_manage_all_users'];
+        $_SESSION['user_can_manage_all_users'] = $data['can_manage_all_users'];
         $_SESSION['groupes_visibles'] = array();
         $_SESSION['groupes_interdits'] = array();
         if (!empty($data['groupes_visibles'])) {
diff --git a/sources/main.queries.php b/sources/main.queries.php
index 12a6667d8..1d4979f0a 100644
--- a/sources/main.queries.php
+++ b/sources/main.queries.php
@@ -18,14 +18,14 @@
 require_once 'sessions.php';
 session_start();
 if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
-	$_SESSION['error']['code'] = "1004"; //Hacking attempt
+    $_SESSION['error']['code'] = "1004"; //Hacking attempt
     include $_SESSION['settings']['cpassman_dir'].'/error.php';
     exit();
 }
 
 /* do checks */
 require_once $_SESSION['settings']['cpassman_dir'].'/sources/checks.php';
-if (isset($_POST['type']) && $_POST['type'] == "send_pw_by_email") {
+if (isset($_POST['type']) && ($_POST['type'] == "send_pw_by_email" || $_POST['type'] == "generate_new_password")) {
     // continue
 } elseif (isset($_SESSION['user_id']) && !checkUser($_SESSION['user_id'], $_SESSION['key'], "home")) {
     $_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page
@@ -44,7 +44,6 @@
     exit();
 }
 
-global $k;
 include $_SESSION['settings']['cpassman_dir'].'/includes/settings.php';
 header("Content-type: text/html; charset=utf-8");
 header("Cache-Control: no-cache, must-revalidate");
@@ -330,12 +329,8 @@
      * Used in order to send the password to the user by email
      */
     case "send_pw_by_email":
-        // load passwordLib library
-        $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
-        $pwdlib->register();
-        $pwdlib = new PasswordLib\PasswordLib();
         // generate key
-        $key = $pwdlib->getRandomToken(50);
+        $key =  GenerateCryptKey(50);
 
         // Get account and pw associated to email
         DB::query(

From e96d838bdd2142e329dcd345e08c4710daeaa954 Mon Sep 17 00:00:00 2001
From: "nils@teampass.net" <nils@teampass.net>
Date: Wed, 15 Jun 2016 20:59:55 +0200
Subject: [PATCH 2/2] 2.1.26

Fix for #1332, #1325, #1301, #1269
---
 Dockerfile                  | 2 +-
 api/functions.php           | 6 +++---
 changelog.md                | 4 ++++
 install/install.queries.php | 1 +
 readme.md                   | 2 +-
 5 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 516a77540..315e894ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM ubuntu:14.04
 MAINTAINER arthur@caranta.com
-RUN apt-get update && apt-get install -y git apache2 php5 libapache2-mod-php5  php5-mcrypt php5-mysqlnd php5-ldap
+RUN apt-get update && apt-get install -y git apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysqlnd php5-ldap php5-gd
 ENV APACHE_RUN_USER www-data
 ENV APACHE_RUN_GROUP www-data
 ENV APACHE_LOG_DIR /var/log/apache2
diff --git a/api/functions.php b/api/functions.php
index ed3c39d25..c531e640b 100644
--- a/api/functions.php
+++ b/api/functions.php
@@ -515,12 +515,12 @@ function rest_get () {
             /*
              * Case where a new user has to be added
              *
-             * Expected call format: .../api/index.php/add/user/<LOGIN>;<NAME>;<LASTNAME>;<PASSWORD>;<EMAIL>;<ADMINISTRATEDBY>;<READ_ONLY>;<ROLE1|ROLE2|...>;<IS_ADMIN>;<ISMANAGER>;<PERSONAL_FOLDER>?apikey=<VALID API KEY>
+             * Expected call format: .../api/index.php/add/user/<LOGIN>;<NAME>;<LASTNAME>;<PASSWORD>;<EMAIL>;<ADMINISTRATEDBY>;<READ_ONLY>;<ROLE1,ROLE2,...>;<IS_ADMIN>;<ISMANAGER>;<PERSONAL_FOLDER>?apikey=<VALID API KEY>
              * with:
              * for READ_ONLY, IS_ADMIN, IS_MANAGER, PERSONAL_FOLDER, accepted value is 1 for TRUE and 0 for FALSE
              * for ADMINISTRATEDBY and ROLE1, accepted value is the real label (not the IDs)
              *
-             * Example: /api/index.php/add/user/U4;Nils;Laumaille;test;nils@laumaille.fr;Users;0;Managers|Users;0;1;1?apikey=sae6iekahxiseL3viShoo0chahc1ievei8aequi
+             * Example: /api/index.php/add/user/U4;Nils;Laumaille;test;nils@laumaille.fr;Users;0;Managers,Users;0;1;1?apikey=sae6iekahxiseL3viShoo0chahc1ievei8aequi
              *
              */
             elseif($GLOBALS['request'][1] == "user") {
@@ -573,7 +573,7 @@ function rest_get () {
 
                         // prepare roles list
                         $rolesList = "";
-                        foreach (explode('|', $roles) as $role) {//echo $role."-";
+                        foreach (explode(',', $roles) as $role) {//echo $role."-";
                             $tmp = DB::queryFirstRow(
                                 "SELECT `id` FROM ".prefix_table("roles_title")." WHERE title = %s",
                                 $role
diff --git a/changelog.md b/changelog.md
index 1298ff2d1..2a5cea5bd 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,13 +1,17 @@
 Last changes
 2.1.26
+ #1332 API not allowing roles separation of pipe '|'
+ #1325 updated Dockerfile
  #1310 Addes Estonian language
  #1308 Teampass hangs when a folder is create with option "New sub-folder inherits rights from parent folder" enabled
+ #1301 add ldap_search_base record for db init
  #1300 After 3 bad login attempts, user needs to wait 10s before new try
  #1299 Export to pdf or csv shows htmlencoded
  #1298 Backup-filename on 2.1.26 contains /
  #1284 fix for can_manage_all_users update during upgrade
  #1279 SyntaxError: Unexpected token î in JSON at position 0
  #1276 MySQL 5.7 query error
+ #1269 Typo error
  #1263 Error at line 75 in suggestion page
  #1251 Improving CSRFP configuration
  #1240 Security fixes on some missed queries and on non-protected text fields
diff --git a/install/install.queries.php b/install/install.queries.php
index 84cd2daa0..bb3367504 100644
--- a/install/install.queries.php
+++ b/install/install.queries.php
@@ -313,6 +313,7 @@ function chmod_r($dir, $dirPermissions, $filePermissions) {
                             array('admin','ldap_ssl','0'),
                             array('admin','ldap_tls','0'),
                             array('admin','ldap_elusers','0'),
+                            array('admin','ldap_search_base','0'),
                             array('admin','richtext','0'),
                             array('admin','allow_print','0'),
                             array('admin','roles_allowed_to_print','0'),
diff --git a/readme.md b/readme.md
index 9abfa9873..896530bf2 100644
--- a/readme.md
+++ b/readme.md
@@ -51,7 +51,7 @@ Two ways to provide Docker install
 In both cases, the Teampass will be persistent IF you keep the data volume intact between runs and the database content (of course)
 
 #### Docker Compose
-* using the provided docker compose file, that you will edit to match your setup (ports/volumes/mysql passwords etc), then build the Taempass image :
+* using the provided docker compose file, that you will edit to match your setup (ports/volumes/mysql passwords etc), then build the Teampass image :
 ```docker-compose build```
 * and run the compose app
 ```docker-compose up -d```