From ca6339c480aeaa41dc82d677204abfaf77152f24 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Fri, 22 Jun 2012 09:25:41 +0200
Subject: [PATCH 01/20] 4.0.3

---
 lib/util.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/util.php b/lib/util.php
index 5cd66ca12e..deda084027 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -83,7 +83,7 @@ class OC_Util {
 	 * @return array
 	 */
 	public static function getVersion(){
-		return array(4,00,2);
+		return array(4,00,3);
 	}
 
 	/**
@@ -91,7 +91,7 @@ class OC_Util {
 	 * @return string
 	 */
 	public static function getVersionString(){
-		return '4.0.2';
+		return '4.0.3';
 	}
 
         /**

From e5d458c0683acb409083a0e3f1baa4698ececda6 Mon Sep 17 00:00:00 2001
From: Brice Maron <brice@bmaron.net>
Date: Fri, 22 Jun 2012 10:46:49 +0200
Subject: [PATCH 02/20] Correct File cache error with postgresql

---
 lib/filecache.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/filecache.php b/lib/filecache.php
index da9baa020a..b61068e795 100644
--- a/lib/filecache.php
+++ b/lib/filecache.php
@@ -129,6 +129,9 @@ class OC_FileCache{
 		$queryParts=array();
 		foreach(array('size','mtime','ctime','mimetype','encrypted','versioned','writable') as $attribute){
 			if(isset($data[$attribute])){
+				//Convert to int it args are false
+                        	if($data[$attribute] === false) $arguments[] = 0;
+				else $arguments[] = $data[$attribute];
 				$arguments[]=$data[$attribute];
 				$queryParts[]=$attribute.'=?';
 			}

From 65c14e21ce0ff355366c126debcf88480959a0da Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 22 Jun 2012 11:30:40 +0200
Subject: [PATCH 03/20] date don't change correctly in the view list (bug #973)
 fixed

---
 apps/calendar/js/calendar.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/calendar/js/calendar.js b/apps/calendar/js/calendar.js
index bc012a68c4..b05a33360a 100644
--- a/apps/calendar/js/calendar.js
+++ b/apps/calendar/js/calendar.js
@@ -661,10 +661,12 @@ function ListView(element, calendar) {
 		if (delta) {
 			if (delta < 0){
 				addDays(t.start, -7);
+				addDays(t.end, -7);
 				if (!opt('weekends')) {
 					skipWeekend(t.start, delta < 0 ? -1 : 1);
 				}
 			}else{
+				addDays(t.start, 7);
 				addDays(t.end, 7);
 				if (!opt('weekends')) {
 					skipWeekend(t.end, delta < 0 ? -1 : 1);

From 0d9534eb4b7bb0c1f62e32397fc1f7166934a32e Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 22 Jun 2012 12:42:07 +0200
Subject: [PATCH 04/20] LDAP: cheaper userExists() implementation

---
 apps/user_ldap/user_ldap.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 9281aebe81..48e7d429fc 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -124,7 +124,19 @@ class OC_USER_LDAP extends OC_User_Backend {
 	 * @return boolean
 	 */
 	public function userExists($uid){
-		return in_array($uid, $this->getUsers());
+		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
+		$dn = OC_LDAP::username2dn($uid);
+		if(!$dn) {
+			return false;
+		}
+
+		//if user really still exists, we will be able to read his cn
+		$cn = OC_LDAP::readAttribute($dn, 'cn');
+		if(!$cn || empty($cn)) {
+			return false;
+		}
+
+		return true;
 	}
 
 }

From e5171da30057253570274f385eb97e411e961f12 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 22 Jun 2012 12:49:56 +0200
Subject: [PATCH 05/20] remove unnecessary closing PHP tag

---
 apps/user_ldap/user_ldap.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 48e7d429fc..85b3d88973 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -139,6 +139,4 @@ class OC_USER_LDAP extends OC_User_Backend {
 		return true;
 	}
 
-}
-
-?>
+}
\ No newline at end of file

From b6c862b32f3e97df37e2bf06aed715334031daba Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 22 Jun 2012 13:58:15 +0200
Subject: [PATCH 06/20] use sanitizeHTML() function

Conflicts:

	apps/gallery/lib/tiles.php
---
 apps/gallery/lib/tiles.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index dcdf6aa1bf..53ea97ff05 100644
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -141,7 +141,7 @@ class TileStack extends TileBase {
 	}
 
 	public function get() {
-		$r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>';
+		$r = '<div class="title gallery_div">'. \OCP\Util::sanitizeHTML($this->stack_name).'</div>';
 		for ($i = 0; $i < count($this->tiles_array); $i++) {
 			$top = rand(-5, 5);
 			$left = rand(-5, 5);

From e943f6c0c8826315a613105b0313ce977298ebac Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 22 Jun 2012 16:53:45 +0200
Subject: [PATCH 07/20] log messages are looking nicer if they are not escaped.
 (xss prevention happens on another place)

---
 settings/js/log.js           | 2 +-
 settings/templates/admin.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/settings/js/log.js b/settings/js/log.js
index 6063c7d9a9..fe2e92f7a8 100644
--- a/settings/js/log.js
+++ b/settings/js/log.js
@@ -39,7 +39,7 @@ OC.Log={
 			row.append(appTd);
 			
 			var messageTd=$('<td/>');
-			messageTd.text(entry.message);
+			messageTd.html(entry.message);
 			row.append(messageTd);
 			
 			var timeTd=$('<td/>');
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 9f839cf749..f8c515369e 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -42,7 +42,7 @@ if(!$_['htaccessworking']) {
 				<?php echo $entry->app;?>
 			</td>
 			<td>
-				<?php echo htmlentities($entry->message);?>
+				<?php echo $entry->message;?>
 			</td>
 			<td>
 				<?php echo OC_Util::formatDate($entry->time);?>

From 60f558cdbb9f41410f2ba639325a6750032f536d Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Fri, 22 Jun 2012 17:16:34 +0200
Subject: [PATCH 08/20] Fix initialization of OC_Filesystem setup from DAV

---
 lib/connector/sabre/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/connector/sabre/auth.php b/lib/connector/sabre/auth.php
index 1c7a84f0f2..ee68039162 100644
--- a/lib/connector/sabre/auth.php
+++ b/lib/connector/sabre/auth.php
@@ -33,7 +33,7 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic {
 	protected function validateUserPass($username, $password){
 		OC_Util::setUpFS();//login hooks may need early access to the filesystem
 		if(OC_User::login($username,$password)){
-			OC_Util::setUpFS();
+			OC_Util::setUpFS($username);
 			return true;
 		}
 		else{

From b591c830088cbde14d7cad3c205ddf929f07e33c Mon Sep 17 00:00:00 2001
From: Tom Needham <needham.thomas@gmail.com>
Date: Fri, 22 Jun 2012 15:00:54 +0000
Subject: [PATCH 09/20] Text Editor: fix editor positioning

---
 apps/files_texteditor/css/style.css | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/apps/files_texteditor/css/style.css b/apps/files_texteditor/css/style.css
index d91a91d18d..82c57b88bb 100644
--- a/apps/files_texteditor/css/style.css
+++ b/apps/files_texteditor/css/style.css
@@ -1,16 +1,8 @@
 #editor{
 	position: fixed;
 	display: block;
-	top: 6.5em;
-	left: 12.5em;
-}
-#editorwrapper{
-	position: absolute;
-	height: 0;
-	width: 0;
-	top: 41px;
-	left: 160px;
-	display: none;
+	top: 6.8em;
+	left: 13.5em;
 }
 #editor_save{
 	margin-left: 7px;

From a8868fa007bbf6ed52cf7044bdd1b891084fbab9 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Sat, 23 Jun 2012 16:20:31 +0200
Subject: [PATCH 10/20] work with non existing apps directory. thanks toAntonio
 for the hint

---
 lib/installer.php | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/lib/installer.php b/lib/installer.php
index 4069f2ab7c..c5ca0883d7 100644
--- a/lib/installer.php
+++ b/lib/installer.php
@@ -287,22 +287,23 @@ class OC_Installer{
 	 * This function installs all apps found in the 'apps' directory that should be enabled by default;
 	 */
 	public static function installShippedApps(){
-		$dir = opendir( OC::$APPSROOT."/apps" );
-		while( false !== ( $filename = readdir( $dir ))){
-			if( substr( $filename, 0, 1 ) != '.' and is_dir(OC::$APPSROOT."/apps/$filename") ){
-				if( file_exists( OC::$APPSROOT."/apps/$filename/appinfo/app.php" )){
-					if(!OC_Installer::isInstalled($filename)){
-						$info=OC_App::getAppInfo($filename);
-						$enabled = isset($info['default_enable']);
-						if( $enabled ){
-							OC_Installer::installShippedApp($filename);
-							OC_Appconfig::setValue($filename,'enabled','yes');
+		if($dir = opendir( OC::$APPSROOT."/apps" )){
+			while( false !== ( $filename = readdir( $dir ))){
+				if( substr( $filename, 0, 1 ) != '.' and is_dir(OC::$APPSROOT."/apps/$filename") ){
+					if( file_exists( OC::$APPSROOT."/apps/$filename/appinfo/app.php" )){
+						if(!OC_Installer::isInstalled($filename)){
+							$info=OC_App::getAppInfo($filename);
+							$enabled = isset($info['default_enable']);
+							if( $enabled ){
+								OC_Installer::installShippedApp($filename);
+								OC_Appconfig::setValue($filename,'enabled','yes');
+							}
 						}
 					}
 				}
 			}
+			closedir( $dir );
 		}
-		closedir( $dir );
 	}
 
 	/**

From 1c0e72cd5ac80c4ef80bd22cf3f0a3892807db4c Mon Sep 17 00:00:00 2001
From: Tom Needham <needham.thomas@gmail.com>
Date: Sat, 23 Jun 2012 14:42:37 +0000
Subject: [PATCH 11/20] Text editor: Waste less space for line numbers

---
 apps/files_texteditor/css/style.css | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/apps/files_texteditor/css/style.css b/apps/files_texteditor/css/style.css
index 82c57b88bb..14a1c4a9bb 100644
--- a/apps/files_texteditor/css/style.css
+++ b/apps/files_texteditor/css/style.css
@@ -2,13 +2,10 @@
 	position: fixed;
 	display: block;
 	top: 6.8em;
-	left: 13.5em;
+	left: 12.5em;
+	z-index: 20;
 }
 #editor_save{
 	margin-left: 7px;
 	float: left;
 }
-#saving_icon{
-	margin-top: 3px;
-	float: left;
-}

From f1e4c845ce9ee215d18a059fd53a13e91fbf9d8c Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 23 Jun 2012 23:32:44 +0200
Subject: [PATCH 12/20] fix duplicates showing up in the filecache

---
 lib/filecache.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/filecache.php b/lib/filecache.php
index b61068e795..68f1aa8fe6 100644
--- a/lib/filecache.php
+++ b/lib/filecache.php
@@ -86,7 +86,7 @@ class OC_FileCache{
 		}
 		$path=$root.$path;
 		$parent=self::getParentId($path);
-		$id=self::getId($path,'');
+		$id=self::getFileId($path);
 		if(isset(OC_FileCache::$savedData[$path])){
 			$data=array_merge(OC_FileCache::$savedData[$path],$data);
 			unset(OC_FileCache::$savedData[$path]);
@@ -130,9 +130,11 @@ class OC_FileCache{
 		foreach(array('size','mtime','ctime','mimetype','encrypted','versioned','writable') as $attribute){
 			if(isset($data[$attribute])){
 				//Convert to int it args are false
-                        	if($data[$attribute] === false) $arguments[] = 0;
-				else $arguments[] = $data[$attribute];
-				$arguments[]=$data[$attribute];
+				if($data[$attribute] === false){
+					$arguments[] = 0;
+				}else{
+					$arguments[] = $data[$attribute];
+				}
 				$queryParts[]=$attribute.'=?';
 			}
 		}

From 44e36ecf49090b988bf865825c11f70794eba023 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind@owncloud.com>
Date: Sat, 23 Jun 2012 23:42:54 +0200
Subject: [PATCH 13/20] fix 'files' entries showing up in Files before the
 users files are scanned properly

---
 lib/filecache.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/filecache.php b/lib/filecache.php
index 68f1aa8fe6..a0ad2be4f7 100644
--- a/lib/filecache.php
+++ b/lib/filecache.php
@@ -267,7 +267,7 @@ class OC_FileCache{
 		}
 		$path=$root.$path;
 		$parent=self::getFileId($path);
-		if($path==-1){
+		if($parent==-1){
 			return array();
 		}
     $query=OC_DB::prepare('SELECT name,ctime,mtime,mimetype,size,encrypted,versioned,writable FROM *PREFIX*fscache WHERE parent=? AND (mimetype LIKE ? OR mimetype = ?)');

From a12557ca4d5f236c40ad3e08193d7fd481b5894b Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sun, 24 Jun 2012 09:41:37 +0200
Subject: [PATCH 14/20] another fix for oc-1044

---
 apps/calendar/ajax/event/edit.form.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/calendar/ajax/event/edit.form.php b/apps/calendar/ajax/event/edit.form.php
index 0193987889..e5cf573c71 100644
--- a/apps/calendar/ajax/event/edit.form.php
+++ b/apps/calendar/ajax/event/edit.form.php
@@ -28,7 +28,7 @@ $dtstart = $vevent->DTSTART;
 $dtend = OC_Calendar_Object::getDTEndFromVEvent($vevent);
 switch($dtstart->getDateType()) {
 	case Sabre_VObject_Property_DateTime::UTC:
-		$timeOffset = OC_Calendar_App::$tz*60;
+		$timeOffset = $_SESSION['timezone']*60;
 		$newDT      = $dtstart->getDateTime(); 
 		$newDT->add(new DateInterval("PT" . $timeOffset . "M"));
 		$dtstart->setDateTime($newDT); 

From ac358ed1b3a1ecfa25bdaa4be5ca236020457e10 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Sun, 24 Jun 2012 11:38:54 +0200
Subject: [PATCH 15/20] 4.0.3a Two important fixes after 4.0.3

---
 lib/util.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/util.php b/lib/util.php
index deda084027..d5d0d771a8 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -91,7 +91,7 @@ class OC_Util {
 	 * @return string
 	 */
 	public static function getVersionString(){
-		return '4.0.3';
+		return '4.0.3a';
 	}
 
         /**

From 5b908209de49dad257e016567821a8a5bd018f94 Mon Sep 17 00:00:00 2001
From: Brice Maron <brice@bmaron.net>
Date: Sun, 24 Jun 2012 15:11:58 +0000
Subject: [PATCH 16/20] Correct seq name in media songs fix oc-589

---
 apps/media/lib_collection.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/media/lib_collection.php b/apps/media/lib_collection.php
index a32a50534e..bf82e65e62 100644
--- a/apps/media/lib_collection.php
+++ b/apps/media/lib_collection.php
@@ -277,7 +277,7 @@ class OC_MEDIA_COLLECTION{
 				$query=self::$queries['addsong'];
 			}
 			$query->execute(array($name,$artist,$album,$path,$uid,$length,$track,$size));
-			$songId=OCP\DB::insertid('*PREFIX*media_songs');
+			$songId=OCP\DB::insertid('*PREFIX*media_songs_song');
 // 			self::setLastUpdated();
 			return self::getSongId($name,$artist,$album);
 		}

From 6da926f1c395526dddecda660b8b6972e04ba85e Mon Sep 17 00:00:00 2001
From: Brice Maron <brice@bmaron.net>
Date: Sun, 24 Jun 2012 15:58:51 +0000
Subject: [PATCH 17/20] Resolve scanning issue case comparison of songs

---
 apps/media/lib_collection.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/media/lib_collection.php b/apps/media/lib_collection.php
index bf82e65e62..598c08d32e 100644
--- a/apps/media/lib_collection.php
+++ b/apps/media/lib_collection.php
@@ -104,7 +104,7 @@ class OC_MEDIA_COLLECTION{
 			return self::$albumIdCache[$artistId][$albumId][$name];
 		}else{
 			$uid=$_SESSION['user_id'];
-			$query=OCP\DB::prepare("SELECT song_id FROM *PREFIX*media_songs WHERE song_user=? AND song_name LIKE ? AND song_artist=? AND song_album=?");
+			$query=OCP\DB::prepare("SELECT song_id FROM *PREFIX*media_songs WHERE song_user=? AND lower(song_name) LIKE ? AND song_artist=? AND song_album=?");
 			$songs=$query->execute(array($uid,$name,$artistId,$albumId))->fetchAll();
 			if(is_array($songs) and isset($songs[0])){
 				self::$albumIdCache[$artistId][$albumId][$name]=$songs[0]['song_id'];

From 0083dbb3ce569960e564b0d9e48a7db7736e6599 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 25 Jun 2012 10:11:06 +0200
Subject: [PATCH 18/20] Only delete existing thumbnails (bug #1100)

---
 apps/gallery/lib/managers.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/gallery/lib/managers.php b/apps/gallery/lib/managers.php
index 9a2dbd3bae..da09c565cb 100644
--- a/apps/gallery/lib/managers.php
+++ b/apps/gallery/lib/managers.php
@@ -88,7 +88,10 @@ class ThumbnailsManager {
 	}
 	
 	public function delete($path) {
-		unlink(\OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser()."/gallery".$path);
+		$thumbnail = \OCP\Config::getSystemValue('datadirectory').'/'.\OC_User::getUser()."/gallery".$path;
+		if (file_exists($thumbnail)) {
+			unlink($thumbnail);
+		}
 	}
 	
 	private function __construct() {}

From 85ac75b4f4bbe9f55ac5e959a76027cb1be3a68e Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 25 Jun 2012 12:38:11 +0200
Subject: [PATCH 19/20] xss vulnerability fixed

---
 apps/gallery/templates/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php
index 1fdbea5957..e30052fafa 100644
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
@@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
 </style>
 <script type="text/javascript">
 
-var root = "<?php echo htmlentities($root); ?>";
+var root = "<?php echo $root; ?>";
 
 function explode(element) {
 	$('div', element).each(function(index, elem) {
@@ -64,7 +64,7 @@ $(document).ready(function() {
 		for ($i = 0; $i < count($paths); $i++) {
 			$path .= urlencode($paths[$i]).'/';
 			$classess = 'crumb'.($i == count($paths)-1?' last':'');
-			echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.$paths[$i].'</a></div>';
+			echo '<div class="'.$classess.'" style="background-image:url(\''.\OCP\image_path('core','breadcrumb.png').'\')"><a href="'.\OCP\Util::linkTo('gallery', 'index.php').'&root='.$path.'">'.\OCP\Util::sanitizeHTML($paths[$i]).'</a></div>';
 		}
 	}
 		

From 594e19bddc42ffcaa248cb55bb3e9a33d7d602c8 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Mon, 25 Jun 2012 13:16:35 +0200
Subject: [PATCH 20/20] LDAP: always sanitize DN and DN-containing attributes

---
 apps/user_ldap/lib_ldap.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index f4f75500c0..ffe6b3d2e9 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -449,7 +449,7 @@ class OC_LDAP {
 		if(isset($result[$attr]) && $result[$attr]['count'] > 0){
 			$values = array();
 			for($i=0;$i<$result[$attr]['count'];$i++) {
-				$values[] = $result[$attr][$i];
+				$values[] = self::resemblesDN($attr) ? self::sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
 			}
 			return $values;
 		}
@@ -521,7 +521,7 @@ class OC_LDAP {
 						$key = strtolower($key);
 						if(isset($item[$key])) {
 							if($key != 'dn'){
-								$selection[$i][$key] = $item[$key][0];
+								$selection[$i][$key] = self::resemblesDN($key) ? self::sanitizeDN($item[$key][0]) : $item[$key][0];
 							} else {
 								$selection[$i][$key] = self::sanitizeDN($item[$key]);
 							}
@@ -534,7 +534,7 @@ class OC_LDAP {
 					$key = strtolower($attr[0]);
 
 					if(isset($item[$key])) {
-						if($key == 'dn') {
+						if(self::resemblesDN($key)) {
 							$selection[] = self::sanitizeDN($item[$key]);
 						} else {
 							$selection[] = $item[$key];
@@ -549,6 +549,15 @@ class OC_LDAP {
 		return $findings;
 	}
 
+	static private function resemblesDN($attr) {
+		$resemblingAttributes = array(
+			'dn',
+			'uniquemember',
+			'member'
+		);
+		return in_array($attr, $resemblingAttributes);
+	}
+
 	static private function sanitizeDN($dn) {
 		//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
 		$dn = preg_replace('/([^\\\]),(\s+)/','\1,',$dn);