diff --git a/advanced_custom_data.php b/advanced_custom_data.php
index da0ce52..7eb8005 100644
--- a/advanced_custom_data.php
+++ b/advanced_custom_data.php
@@ -1,17 +1,19 @@
 <?php
+
 /**
-* Provides custom data fields.
-*
-* @package plugins
-* @author Philip Ullrich
-*/
-$plugin_is_filter = 9|CLASS_PLUGIN;
+ * Provides custom data fields.
+ *
+ * @package plugins
+ * @author Philip Ullrich
+ */
+$plugin_is_filter = 9 | CLASS_PLUGIN;
 $plugin_description = gettext("Provides advanced custom data functionality.");
 $plugin_author = "Philip Ullrich";
 $plugin_version = '0.3.5';
 
 $option_interface = 'advanced_custom_data';
 
+//Only an administrator should be able to alter the database
 zp_register_filter('admin_utilities_buttons', 'advanced_custom_data::overviewbutton');
 zp_register_filter('save_album_custom_data', 'custom_data_save_album');
 zp_register_filter('edit_album_custom_data', 'custom_data_edit_album');
@@ -19,76 +21,79 @@
 zp_register_filter('edit_image_custom_data', 'custom_data_edit_image');
 zp_register_filter('admin_head', 'custom_admin_head');
 
-
 /**
-* Returns a processed custom data item
-* called when an image is saved on the backend
-*
-* @param string $discard always empty
-* @param int $i prefix for the image being saved
-* @return string
-*/
+ * Returns a processed custom data item
+ * called when an image is saved on the backend
+ *
+ * @param string $discard always empty
+ * @param int $i prefix for the image being saved
+ * @return string
+ */
 function custom_data_save_image($discard, $i) {
-	$result = $_POST[$i.'-custom_data'];
-	if(is_array($result)) {
+	//Note that sanitize will properly operate on an array, so the following could be simplified to
+	//return serialize(sanitize($_POST[$i . '-custom_data']);
+	$result = $_POST[$i . '-custom_data'];
+	if (is_array($result)) {
 		foreach ($result as &$row) {
-			$row = sanitize($row,1);
+			$row = sanitize($row, 1);
 		}
 	}
 	return serialize($result);
 }
 
 /**
-* Returns table row(s) for the edit of an image custom data field
-*
-* @param string $discard always empty
-* @param int $currentimage prefix for the image being edited
-* @param object $image the image object
-* @return string
-*/
+ * Returns table row(s) for the edit of an image custom data field
+ *
+ * @param string $discard always empty
+ * @param int $currentimage prefix for the image being edited
+ * @param object $image the image object
+ * @return string
+ */
 function custom_data_edit_image($discard, $image, $currentimage) {
+	//$answer seems undefined
+	//I suggest you test with the install set as a "debug"install to fully report any errors encountered
 	$answer;
 	$current = unserialize($image->getCustomData("all"));
 	$acds = advanced_custom_data::getAllAcds("images");
 
 	$checked = 'checked="checked"';
-	
-	
+
+
 	$answer = "\n<tr id='acd_admin_table'>
-		\n<td id='acd_admin_table_left' align='left' valign='top'>".gettext('Custom Settings:')."</td>
+		\n<td id='acd_admin_table_left' align='left' valign='top'>" . gettext('Custom Settings:') . "</td>
 		\n<td id='acd_admin_table_right'>";
-		
-	foreach($acds as $id=>$row) {
+
+	foreach ($acds as $id => $row) {
 		$title = trim(strtolower($row['acd_title']));
 		$answer.= "<div class='acd_admin_table-field'>";
-	
-		$answer.= "\n<p class='acd_title'><strong>".$row['acd_title']."</strong></p>";
-				
-		switch($row['acd_type']) {
-			
+
+		$answer.= "\n<p class='acd_title'><strong>" . $row['acd_title'] . "</strong></p>";
+
+		switch ($row['acd_type']) {
+
 			case "checkbox" :
 				$val = (is_array($current) && isset($current[$id])) ? $current[$id] : false;
-				$answer .= "\n<input type='checkbox' name='".$currentimage."-custom_data[".$id."]'"
-				.(!$val?:$checked)." value='1' />";
+				$answer .= "\n<input type='checkbox' name='" . $currentimage . "-custom_data[" . $id . "]'"
+								. (!$val? : $checked) . " value='1' />";
 				break;
-				
+
 			case "input" :
 				$val = (is_array($current) && isset($current[$id])) ? $current[$id] : false;
 				$size = $row['acd_opt_input_length'] ? $row['acd_opt_input_length'] : 32;
-				$answer.= "\n<input type='text' name='".$currentimage."-custom_data[".$id."]' size='".min($size,64)."' maxlength='".$size."' value='".$val."'/>";
+				$answer.= "\n<input type='text' name='" . $currentimage . "-custom_data[" . $id . "]' size='" . min($size, 64) . "' maxlength='" . $size . "' value='" . $val . "'/>";
 				break;
-				
+
 			case "textarea" :
 				$val = (is_array($current) && isset($current[$id])) ? $current[$id] : false;
 				$rows = $row['acd_opt_textarea_rows'] ? $row['acd_opt_textarea_rows'] : 32;
 				$cols = $row['acd_opt_textarea_cols'] ? $row['acd_opt_textarea_cols'] : 5;
-				$answer.= "\n<textarea name='".$currentimage."-custom_data[".$id."]' cols='".$cols
-				."' cols ='".$cols."'>".$val."</textarea>";
+				$answer.= "\n<textarea name='" . $currentimage . "-custom_data[" . $id . "]' cols='" . $cols
+								. "' cols ='" . $cols . "'>" . $val . "</textarea>";
 				break;
 		}
-		
-		if($row['acd_desc']) { 
-			$answer.= "\n<p class='acd_desc'>".$row['acd_desc']."</p>"; 
+
+		if ($row['acd_desc']) {
+			$answer.= "\n<p class='acd_desc'>" . $row['acd_desc'] . "</p>";
 		}
 		$answer.= "\n</div>";
 	}
@@ -97,74 +102,73 @@ function custom_data_edit_image($discard, $image, $currentimage) {
 }
 
 /**
-* Returns a processed album custom data item
-* called when an album is saved on the backend
-*
-* @param string $discard always empty
-* @param int $prefix the prefix for the album being saved
-* @return string
-*/
+ * Returns a processed album custom data item
+ * called when an album is saved on the backend
+ *
+ * @param string $discard always empty
+ * @param int $prefix the prefix for the album being saved
+ * @return string
+ */
 function custom_data_save_album($discard, $prefix) {
-	$result = $_POST[$prefix.'x_album_custom_data'];
-	if(is_array($result)) {
+	$result = $_POST[$prefix . 'x_album_custom_data'];
+	if (is_array($result)) {
 		foreach ($result as &$row) {
-			$row=sanitize($row,1);
+			$row = sanitize($row, 1);
 		}
 	}
-return serialize($result);
+	return serialize($result);
 }
 
-
 /**
-* Returns table row(s) for the edit of an album custom data field
-*
-* @param string $discard always empty
-* @param int $prefix prefix of the album being edited
-* @param object $album the album object
-* @return string
-*/
+ * Returns table row(s) for the edit of an album custom data field
+ *
+ * @param string $discard always empty
+ * @param int $prefix prefix of the album being edited
+ * @param object $album the album object
+ * @return string
+ */
 function custom_data_edit_album($discard, $album, $prefix) {
 	$answer;
 	$acds = advanced_custom_data::getAllAcds("albums");
-	$current = unserialize($album->getCustomData("all"));	
+	$current = unserialize($album->getCustomData("all"));
 	$checked = 'checked="checked"';
-	
-	
+
+
 	$answer = "\n<tr id='acd_admin_table'>
-		\n<td id='acd_admin_table_left' align='left' valign='top'>".gettext('Custom Settings:')."</td>
+		\n<td id='acd_admin_table_left' align='left' valign='top'>" . gettext('Custom Settings:') . "</td>
 		\n<td id='acd_admin_table_right'>";
-		
-	foreach($acds as $id=>$row) {
+
+	foreach ($acds as $id => $row) {
 		$title = trim(strtolower($row['acd_title']));
 		$answer.= "<div class='acd_admin_table-field'>";
-		
-		$answer.= "\n<p class='acd_title'><strong>".$row['acd_title']."</strong></p>";
 
-		switch($row['acd_type']) {
-			
+		$answer.= "\n<p class='acd_title'><strong>" . $row['acd_title'] . "</strong></p>";
+
+		switch ($row['acd_type']) {
+
 			case "checkbox" :
 				$val = (is_array($current) && isset($current[$id])) ? $current[$id] : false;
-				$answer .= "\n<input type='checkbox' name='".$prefix."x_album_custom_data[".$id."]'"
-				.(!$val?:$checked)." value='1' />";
+				$answer .= "\n<input type='checkbox' name='" . $prefix . "x_album_custom_data[" . $id . "]'"
+								. (!$val? : $checked) . " value='1' />";
 				break;
-				
+
 			case "input" :
 				$val = (is_array($current) && isset($current[$id])) ? $current[$id] : false;
 				$size = $row['acd_opt_input_length'] ? $row['acd_opt_input_length'] : 32;
-				$answer.= "\n<input type='text' name='".$prefix."x_album_custom_data[".$id."]' size='".min($size,64)."' maxlength='".$size."' value='".$val."'/>";
+				$answer.= "\n<input type='text' name='" . $prefix . "x_album_custom_data[" . $id . "]' size='" . min($size, 64) . "' maxlength='" . $size . "' value='" . $val . "'/>";
 				break;
-				
+
 			case "textarea" :
 				$val = (is_array($current) && isset($current[$id])) ? $current[$id] : false;
 				$rows = $row['acd_opt_textarea_rows'] ? $row['acd_opt_textarea_rows'] : 32;
 				$cols = $row['acd_opt_textarea_cols'] ? $row['acd_opt_textarea_cols'] : 5;
-				$answer.= "\n<textarea name='".$prefix."x_album_custom_data[".$id."]' cols='".$cols
-				."' cols ='".$cols."'>".$val."</textarea>";
+				$answer.= "\n<textarea name='" . $prefix . "x_album_custom_data[" . $id . "]' cols='" . $cols
+								. "' cols ='" . $cols . "'>" . $val . "</textarea>";
 				break;
 		}
-		
-		if($row['acd_desc']) { 
-			$answer.= "\n<p class='acd_desc'>".$row['acd_desc']."</p>"; 
+
+		if ($row['acd_desc']) {
+			$answer.= "\n<p class='acd_desc'>" . $row['acd_desc'] . "</p>";
 		}
 		$answer.= "\n</div>";
 	}
@@ -173,31 +177,33 @@ function custom_data_edit_album($discard, $album, $prefix) {
 }
 
 function custom_admin_head($discard) {
-	echo '<link rel="stylesheet" href="'.WEBPATH.'/plugins/advanced_custom_data/acd_admin.css" type="text/css" />';
+	echo '<link rel="stylesheet" href="' . WEBPATH . '/plugins/advanced_custom_data/acd_admin.css" type="text/css" />';
 }
 
 function getAcd($type, $field = FALSE) {
 
 	$allAcds = advanced_custom_data::getAllAcds();
 
-	if($type == "album") {
+	if ($type == "album") {
 		global $_zp_current_album;
 		$curAcd = unserialize($_zp_current_album->getCustomData("all"));
 	} elseif ($type == "image") {
 		global $_zp_current_image;
 		$curAcd = unserialize($_zp_current_image->getCustomData("all"));
-	} else return false;
-	
-	if (!is_array($curAcd)) return NULL;
-	
+	} else
+		return false;
+
+	if (!is_array($curAcd))
+		return NULL;
+
 	$answer = array();
 
-	foreach($curAcd as $id=>$value) {
-		if(isset($allAcds[$id])) {
+	foreach ($curAcd as $id => $value) {
+		if (isset($allAcds[$id])) {
 			$answer[$allAcds[$id]['aux']] = $value;
 		}
 	}
-	
+
 	if ($field && isset($answer[$field])) {
 		return $answer[$field];
 	} else if ($field) {
@@ -206,10 +212,11 @@ function getAcd($type, $field = FALSE) {
 	return $answer;
 }
 
-
 // OPTION INTERFACE CLASS
 class advanced_custom_data {
+
 	var $ratingstate;
+
 	/**
 	 * class instantiation function
 	 *
@@ -218,62 +225,64 @@ function advanced_custom_data() {
 		setOptionDefault('show_button', 1);
 	}
 
-
 	/**
 	 * Reports the supported options
 	 *
 	 * @return array
 	 */
 	function getOptionsSupported() {
-		return array(gettext('new_field') => array('key' => 'show_button', 'type' => OPTION_TYPE_CHECKBOX_ARRAY,
-								'checkboxes' => array(gettext("Show Button") => "1"),
-								'order' =>1,
-								'desc' => gettext('Whether to show the button')),
-					);
+		return array(gettext('new_field') => array('key'				 => 'show_button', 'type'			 => OPTION_TYPE_CHECKBOX_ARRAY,
+										'checkboxes' => array(gettext("Show Button") => "1"),
+										'order'			 => 1,
+										'desc'			 => gettext('Whether to show the button')),
+		);
 	}
 
 	function handleOption($option, $currentValue) {
+
 	}
 
 	static function overviewbutton($buttons) {
+		if (zp_loggedin(ADMIN_RIGHTS)) {
 
-		$buttons[] = array(
-							'category'=>gettext('Advanced Custom Data'),
-							'enable'=>'true',
-							'button_text'=>gettext('Create ACD entries'),
-							'formname'=>'advanced_custom_data_button',
-							'action'=>WEBPATH.'/plugins/advanced_custom_data/acd_create.php?page=overview&tab=create_fields',
-							'icon'=>'images/arrow_up.png',
-							'alt'=>'',
-							'hidden'=>'<input type="hidden" name="tab" value="create_fields" />',
-							'rights'=>ADMIN_RIGHTS,
-							'title'=>'Create new custom data fields'
-							);
-		$buttons[] = array(
-							'category'=>gettext('Advanced Custom Data'),
-							'enable'=>'true',
-							'button_text'=>gettext('Edit exisiting ACD entries'),
-							'formname'=>'advanced_custom_data_button',
-							'action'=>WEBPATH.'/plugins/advanced_custom_data/acd_edit.php?page=overview&tab=manage_fields',
-							'icon'=>'images/arrow_up.png',
-							'alt'=>'',
-							'hidden'=>'<input type="hidden" name="tab" value="manage_fields" />',
-							'rights'=>ADMIN_RIGHTS,
-							'title'=>'Manage your custom data fields'
-							);
+			$buttons[] = array(
+							'category'		 => gettext('Advanced Custom Data'),
+							'enable'			 => 'true',
+							'button_text'	 => gettext('Create ACD entries'),
+							'formname'		 => 'advanced_custom_data_button',
+							'action'			 => WEBPATH . '/plugins/advanced_custom_data/acd_create.php?page=overview&tab=create_fields',
+							'icon'				 => 'images/arrow_up.png',
+							'alt'					 => '',
+							'hidden'			 => '<input type="hidden" name="tab" value="create_fields" />',
+							'rights'			 => ADMIN_RIGHTS,
+							'title'				 => 'Create new custom data fields'
+			);
+			$buttons[] = array(
+							'category'		 => gettext('Advanced Custom Data'),
+							'enable'			 => 'true',
+							'button_text'	 => gettext('Edit exisiting ACD entries'),
+							'formname'		 => 'advanced_custom_data_button',
+							'action'			 => WEBPATH . '/plugins/advanced_custom_data/acd_edit.php?page=overview&tab=manage_fields',
+							'icon'				 => 'images/arrow_up.png',
+							'alt'					 => '',
+							'hidden'			 => '<input type="hidden" name="tab" value="manage_fields" />',
+							'rights'			 => ADMIN_RIGHTS,
+							'title'				 => 'Manage your custom data fields'
+			);
+		}
 		return $buttons;
 	}
-	
+
 	static function getAllAcds($category = FALSE) {
 		$acd = array();
 		$count = 0;
-		$result = query('SELECT * FROM'.prefix('plugin_storage').' WHERE `type`="advanced_custom_data" ');
+		$result = query('SELECT * FROM' . prefix('plugin_storage') . ' WHERE `type`="advanced_custom_data" ');
 		while ($row = db_fetch_assoc($result)) {
 			$id = $row['id'];
 			$data = unserialize($row['data']);
 			if (!$category || ($data['acd_category'] == $category) || ($data['acd_category'] == 'both')) {
 				$acd[$id]['aux'] = $row['aux'];
-				foreach($data as $key=>$value) {
+				foreach ($data as $key => $value) {
 					$acd[$id][$key] = $value;
 					$acd[$id][$key] = $value;
 				}
@@ -283,4 +292,5 @@ static function getAllAcds($category = FALSE) {
 	}
 
 }
+
 ?>
diff --git a/advanced_custom_data/acd_create.php b/advanced_custom_data/acd_create.php
index d2d403c..79454c0 100644
--- a/advanced_custom_data/acd_create.php
+++ b/advanced_custom_data/acd_create.php
@@ -1,57 +1,56 @@
 <?php
 /**
-* Template for advanced custom data management
-* @package plugins
-*/
+ * Template for advanced custom data management
+ * @package plugins
+ */
 // force UTF-8 Ø
 define('OFFSET_PATH', 3);
-require_once("../../zp-core/admin-globals.php");
+require_once(dirname(dirname(dirname(__FILE__))) . "/zp-core/admin-globals.php");
 require_once('functions.php');
-require_once(SERVERPATH.'/'.ZENFOLDER.'/template-functions.php');
 
+//$localrights seems not defined. Anyway, the parameter should probably be ADMIN_RIGHTS
+admin_securityChecks(ADMIN_RIGHTS, $return = currentRelativeURL());
 
-admin_securityChecks($localrights, $return = currentRelativeURL());
-
-$msg ="";
+$msg = "";
 
 $zenphoto_tabs['overview']['subtabs'] = array(
-	gettext('Create new ACD entry') => '../plugins/advanced_custom_data/acd_create.php?page=overview&amp;tab=create_fields',
-	gettext('Manage exisiting ACD entries') => '../plugins/advanced_custom_data/acd_edit.php?page=overview&amp;tab=manage_fields');
+				gettext('Create new ACD entry')					 => '../plugins/advanced_custom_data/acd_create.php?page=overview&amp;tab=create_fields',
+				gettext('Manage exisiting ACD entries')	 => '../plugins/advanced_custom_data/acd_edit.php?page=overview&amp;tab=manage_fields');
 
 if (isset($_GET['update'])) {
 	XSRFdefender('advanced_custom_data');
 	$acd_type = $_POST['acd_type'];
-	
+
 	if ($acd_type) {
 		$msg = saveAcds();
 	}
 }
-printAdminHeader('overview',gettext('Advanced Custom Data'));
+printAdminHeader('overview', gettext('Advanced Custom Data'));
 ?>
 <script type="text/javascript">
 	//<!-- <![CDATA[
-	
+
 	(function($) {
-		function showoption(name,set,target) {
-			if(set[name]) {
+		function showoption(name, set, target) {
+			if (set[name]) {
 				set[name].appendTo(target).show();
 				return true;
 			} else {
 				return false;
 			}
 		}
-		
+
 		$(document).ready(function() {
 			var tsel = $("#acd_typesel"),
-				table = $("#acd_admin_newfield-table"),
-			 	options = $(".acd_options"),
-				optarr = new Object;
+							table = $("#acd_admin_newfield-table"),
+							options = $(".acd_options"),
+							optarr = new Object;
 
 			options.hide().each(function(i) {
 				$this = $(this);
 				var str = $this.attr('id');
 				var spl = str.split("_");
-				str = spl[spl.length-1];
+				str = spl[spl.length - 1];
 				optarr[str] = $this;
 				$this.remove();
 			});
@@ -59,120 +58,121 @@ function showoption(name,set,target) {
 			tsel.change(function() {
 				var sel = tsel.find("option:selected").attr("value");
 				options.remove();
-				showoption(sel,optarr,table);
+				showoption(sel, optarr, table);
 			});
 		});
 	})(jQuery);
-	
+
 	// ]]> -->
 </script>
 </head>
 <body>
-<?php
-printLogoAndLinks();
-echo "\n" . '<div id="main">';
-printTabs();
-echo "\n" . '<div id="content">';
-?>
-<?php printSubtabs(); ?>
-<div class="tabbox">
+	<?php
+	printLogoAndLinks();
+	echo "\n" . '<div id="main">';
+	printTabs();
+	echo "\n" . '<div id="content">';
+	?>
+	<?php printSubtabs(); ?>
+	<div class="tabbox">
 
 
-<?php
-zp_apply_filter('admin_note','acf', '');
-$clear = gettext('Advanced custom data');
-echo "\n<h2>".$clear."</h2>";
-if($msg) {
-	echo "\n<p class='errorbox fade-message'>".$msg."</p>";
-} elseif ($msg === FALSE) {
-	echo "\n<p class='messagebox fade-message'>Entry created.</p>";
-}
-?>
+		<?php
+		zp_apply_filter('admin_note', 'acf', '');
+		$clear = gettext('Advanced custom data');
+		echo "\n<h2>" . $clear . "</h2>";
+		if ($msg) {
+			echo "\n<p class='errorbox fade-message'>" . $msg . "</p>";
+		} elseif ($msg === FALSE) {
+			echo "\n<p class='messagebox fade-message'>Entry created.</p>";
+		}
+		?>
 
-<form id="acd_field_update" action="?update&amp;tab=create_fields" method="post">
-<?php XSRFToken('advanced_custom_data');
-$acd = advanced_custom_data::getAllAcds();
- ?>
-<h2>New Field:</h2>
-	<table id="acd_admin_newfield-table">
-	<tr>
-		<td class="col1"><label for="acd_category">Category:</label></td>
-		<td class="col2"><select name="acd_category" size="1">
-			<option value="both" selected="selected">Both</option>
-			<option value="images">Images</option>
-			<option value="albums">Albums</option>
-		</select></td>
-	</tr>
-	<tr>
-		<td class="col1"><label for="acd_title">Title:</label></td>
-		<td class="col2"><input name="acd_title" type="text" size="32" maxlength="32"></input></td>
-		<td class="col3"><p>The name of the new custom data entry. Also used to fetch it in the template.</p></td>
-	</tr>
-	<tr>
-		<td class="col1"><label for="acd_desc">Description:</label></td>
-		<td class="col2"><input name="acd_desc" type="text" size="32" maxlength="128"></input></td>
-		<td class="col3"><p>A description for the new custom data entry.</p></td>
-	</tr>
-	<tr>
-		<td class="col1"><label for="acd_type">Type:</label></td>
-		<td class="col2"><select name="acd_type" id="acd_typesel" size="1">
-			<option value="checkbox">Checkbox</option>
-			<option value="input">Text</option>
-			<option value="textarea">Textarea</option>
-		</select></td>
-		<td class="col3"><p>The input type.</p></td>
-	</tr>
-	<tr id='acd_options_input' class='acd_options'>
-		<td></td>
-		<td>
-			<table>
+		<form id="acd_field_update" action="?update&amp;tab=create_fields" method="post">
+			<?php
+			XSRFToken('advanced_custom_data');
+			$acd = advanced_custom_data::getAllAcds();
+			?>
+			<h2>New Field:</h2>
+			<table id="acd_admin_newfield-table">
 				<tr>
-					<td class="col1"><label for="acd_opt_input_length">Length:</label></td>
-					<td class="col2"><input name="acd_opt_input_length" type="text" size="3" maxlength="3" value="32"></input></td>
+					<td class="col1"><label for="acd_category">Category:</label></td>
+					<td class="col2"><select name="acd_category" size="1">
+							<option value="both" selected="selected">Both</option>
+							<option value="images">Images</option>
+							<option value="albums">Albums</option>
+						</select></td>
 				</tr>
-			</table>
-		<td class="col3"><p></p></td>
-	</tr>
-	<tr id='acd_options_textarea' class='acd_options'>
-		<td></td>
-		<td>
-			<table>
 				<tr>
-					<td class="col1"><label for="acd_opt_textarea_cols">Columns:<label></td>
-					<td class="col2"><input name="acd_opt_textarea_cols" type="text" size="2" maxlength="2" value="32"></input></td>
+					<td class="col1"><label for="acd_title">Title:</label></td>
+					<td class="col2"><input name="acd_title" type="text" size="32" maxlength="32"></input></td>
+					<td class="col3"><p>The name of the new custom data entry. Also used to fetch it in the template.</p></td>
 				</tr>
 				<tr>
-					<td class="col1"><label for="acd_opt_textarea_rows">Rows:</label></td>
-					<td class="col2"><input name="acd_opt_textarea_rows" type="text" size="2" maxlength="2" value="5"></input></td>
+					<td class="col1"><label for="acd_desc">Description:</label></td>
+					<td class="col2"><input name="acd_desc" type="text" size="32" maxlength="128"></input></td>
+					<td class="col3"><p>A description for the new custom data entry.</p></td>
+				</tr>
+				<tr>
+					<td class="col1"><label for="acd_type">Type:</label></td>
+					<td class="col2"><select name="acd_type" id="acd_typesel" size="1">
+							<option value="checkbox">Checkbox</option>
+							<option value="input">Text</option>
+							<option value="textarea">Textarea</option>
+						</select></td>
+					<td class="col3"><p>The input type.</p></td>
+				</tr>
+				<tr id='acd_options_input' class='acd_options'>
+					<td></td>
+					<td>
+						<table>
+							<tr>
+								<td class="col1"><label for="acd_opt_input_length">Length:</label></td>
+								<td class="col2"><input name="acd_opt_input_length" type="text" size="3" maxlength="3" value="32"></input></td>
+							</tr>
+						</table>
+					<td class="col3"><p></p></td>
 				</tr>
-			</table>
-		<td class="col3"><p></p></td>
-	</tr>
-	
-	</table>
-
-	<p class="buttons">
-		<a title="<?php echo gettext('Back to the overview'); ?>"href="<?php echo WEBPATH . '/' . ZENFOLDER . '/admin.php'; ?>"> <img src="<?php echo FULLWEBPATH . '/' . ZENFOLDER; ?>/images/cache.png" alt="" />
-			<strong><?php echo gettext("Back"); ?> </strong>
-		</a>
-	</p>
-	<p class="buttons">
-		<button class="tooltip" type="submit" title="<?php echo "Submit changes" ?>" >
-			<img src="<?php echo WEBPATH.'/'.ZENFOLDER; ?>/images/pass.png" alt="" />
-			<?php echo gettext("Apply"); ?>
-		</button>
-	</p>
-	<br clear="all">
-</form>
+				<tr id='acd_options_textarea' class='acd_options'>
+					<td></td>
+					<td>
+						<table>
+							<tr>
+								<td class="col1"><label for="acd_opt_textarea_cols">Columns:<label></td>
+											<td class="col2"><input name="acd_opt_textarea_cols" type="text" size="2" maxlength="2" value="32"></input></td>
+											</tr>
+											<tr>
+												<td class="col1"><label for="acd_opt_textarea_rows">Rows:</label></td>
+												<td class="col2"><input name="acd_opt_textarea_rows" type="text" size="2" maxlength="2" value="5"></input></td>
+											</tr>
+											</table>
+											<td class="col3"><p></p></td>
+											</tr>
 
+											</table>
 
-<?php
-echo "\n" . '</div>';
-echo "\n" . '</div>';
-echo "\n" . '</div>';
+											<p class="buttons">
+												<a title="<?php echo gettext('Back to the overview'); ?>"href="<?php echo WEBPATH . '/' . ZENFOLDER . '/admin.php'; ?>"> <img src="<?php echo FULLWEBPATH . '/' . ZENFOLDER; ?>/images/cache.png" alt="" />
+													<strong><?php echo gettext("Back"); ?> </strong>
+												</a>
+											</p>
+											<p class="buttons">
+												<button class="tooltip" type="submit" title="<?php echo "Submit changes" ?>" >
+													<img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/pass.png" alt="" />
+													<?php echo gettext("Apply"); ?>
+												</button>
+											</p>
+											<br clear="all">
+											</form>
 
-printAdminFooter();
 
-echo "\n</body>";
-echo "\n</head>";
-?>
+											<?php
+											echo "\n" . '</div>';
+											echo "\n" . '</div>';
+											echo "\n" . '</div>';
+
+											printAdminFooter();
+
+											echo "\n</body>";
+											echo "\n</head>";
+											?>
diff --git a/advanced_custom_data/acd_edit.php b/advanced_custom_data/acd_edit.php
index 3ba469d..22dadef 100644
--- a/advanced_custom_data/acd_edit.php
+++ b/advanced_custom_data/acd_edit.php
@@ -1,41 +1,41 @@
 <?php
 /**
-* Template for advanced custom data management
-* @package plugins
-*/
+ * Template for advanced custom data management
+ * @package plugins
+ */
 // force UTF-8 Ø
 define('OFFSET_PATH', 3);
-require_once("../../zp-core/admin-globals.php");
+require_once(dirname(dirname(dirname(__FILE__))) . "/zp-core/admin-globals.php");
 require_once('functions.php');
-require_once(SERVERPATH.'/'.ZENFOLDER.'/template-functions.php');
 
+//$localrights seems not defined. Anyway, the parameter should probably be ADMIN_RIGHTS
+admin_securityChecks(ADMIN_RIGHTS, $return = currentRelativeURL());
 
-admin_securityChecks($localrights, $return = currentRelativeURL());
-
-$msg ="";
+$msg = "";
 
 $zenphoto_tabs['overview']['subtabs'] = array(
-	gettext('Create new ACD entry') => '../plugins/advanced_custom_data/acd_create.php?page=overview&amp;tab=create_fields',
-	gettext('Manage exisiting ACD entries') => '../plugins/advanced_custom_data/acd_edit.php?page=overview&amp;tab=manage_fields');
+				gettext('Create new ACD entry')					 => '../plugins/advanced_custom_data/acd_create.php?page=overview&amp;tab=create_fields',
+				gettext('Manage exisiting ACD entries')	 => '../plugins/advanced_custom_data/acd_edit.php?page=overview&amp;tab=manage_fields');
 
 if (isset($_GET['update'])) {
 	XSRFdefender('advanced_custom_data');
 	$acd_type = $_POST['acd_type'];
 	$delete = array();
-	for($i = 0; $i<$_POST['acd_fields_total']; $i++) {
-		if($_POST['delete-'.$i]) {
-			$delete[] = $_POST['id-'.$i];
+	for ($i = 0; $i < $_POST['acd_fields_total']; $i++) {
+		if ($_POST['delete-' . $i]) {
+			//I presume these are database record ids. If so they should have a sanitize_numeric() applied to insure that they are integers.
+			$delete[] = $_POST['id-' . $i];
 		}
 	}
-	
-	if(count($delete)) {
+
+	if (count($delete)) {
 		$msg = saveAcds($delete);
 	} else if ($acd_type) {
 		$msg = saveAcds();
 	}
 }
 
-printAdminHeader('overview',gettext('Advanced Custom Data'));
+printAdminHeader('overview', gettext('Advanced Custom Data'));
 echo "\n</head>";
 echo "\n<body>";
 
@@ -48,82 +48,85 @@
 <div class="tabbox">
 
 
-<?php
-zp_apply_filter('admin_note','acf', '');
-$clear = gettext('Advanced custom data');
-echo "\n<h2>".$clear."</h2>";
-if($msg) {
-	echo "\n<p class='errorbox fade-message'>".$msg."</p>";
-} elseif ($msg === FALSE) {
-	echo "\n<p class='messagebox fade-message'>Entries updated.</p>";
-}
-?>
-
-<form id="acd_field_update" action="?update&amp;tab=manage_fields" method="post">
-	<?php XSRFToken('advanced_custom_data'); ?>
-<?php
-$acd = advanced_custom_data::getAllAcds();
-if($acd) : ?>
-	<table id='acd_admin_list-table'>
-	<tr>
-	<th>Category</th>
-	<th>Name</th>
-	<th>Description</th>
-	<th>Type</th>
-	<th>Options</th>
-	<th class="del">Delete</th>
-	</tr>
 	<?php
-	$count = 0;
-	$opt ="";
-	foreach($acd as $id=>$row) :
-		echo "\n<tr>";
-		foreach($row as $key=>$value) {
-			if(strpos($key, 'acd_opt') === false && $key != 'aux') {
-				echo "\n<td class='value'>".$value."</td>";
-			} elseif ($value) {
-				$str = explode("_",$key);
-				$opt.=$str[count($str)-1].": ".$value.", ";
-			}
-		} ?>
-		<td class="value"><?php echo $opt; ?></td>
-		<td class="del">
-			<input type="hidden" name="id-<?php echo $count; ?>" value="<?php echo $id; ?>">
-			<input type="checkbox" name="delete-<?php echo $count; ?>">
-		</td>
-		</tr>
-	<?php 
-	$opt = "";
-	$count++;
-	endforeach; ?>
-	</table>
-	<input type="hidden" name="acd_fields_total" value="<?php echo $count; ?>">
-<?php else: ?>
-	<p>No custom data fields found.</p>
-<?php endif; ?>
+	zp_apply_filter('admin_note', 'acf', '');
+	$clear = gettext('Advanced custom data');
+	echo "\n<h2>" . $clear . "</h2>";
+	if ($msg) {
+		echo "\n<p class='errorbox fade-message'>" . $msg . "</p>";
+	} elseif ($msg === FALSE) {
+		echo "\n<p class='messagebox fade-message'>Entries updated.</p>";
+	}
+	?>
 
-	<p class="buttons">
-		<a title="<?php echo gettext('Back to the overview'); ?>"href="<?php echo WEBPATH . '/' . ZENFOLDER . '/admin.php'; ?>"> <img src="<?php echo FULLWEBPATH . '/' . ZENFOLDER; ?>/images/cache.png" alt="" />
-			<strong><?php echo gettext("Back"); ?> </strong>
-		</a>
-	</p>
-	<p class="buttons">
-		<button class="tooltip" type="submit" title="<?php echo "Submit changes" ?>" >
-			<img src="<?php echo WEBPATH.'/'.ZENFOLDER; ?>/images/pass.png" alt="" />
-			<?php echo gettext("Apply"); ?>
-		</button>
-	</p>
-	<br clear="all">
-</form>
+	<form id="acd_field_update" action="?update&amp;tab=manage_fields" method="post">
+		<?php XSRFToken('advanced_custom_data'); ?>
+		<?php
+		$acd = advanced_custom_data::getAllAcds();
+		if ($acd) :
+			?>
+			<table id='acd_admin_list-table'>
+				<tr>
+					<th>Category</th>
+					<th>Name</th>
+					<th>Description</th>
+					<th>Type</th>
+					<th>Options</th>
+					<th class="del">Delete</th>
+				</tr>
+				<?php
+				$count = 0;
+				$opt = "";
+				foreach ($acd as $id => $row) :
+					echo "\n<tr>";
+					foreach ($row as $key => $value) {
+						if (strpos($key, 'acd_opt') === false && $key != 'aux') {
+							echo "\n<td class='value'>" . $value . "</td>";
+						} elseif ($value) {
+							$str = explode("_", $key);
+							$opt.=$str[count($str) - 1] . ": " . $value . ", ";
+						}
+					}
+					?>
+					<td class="value"><?php echo $opt; ?></td>
+					<td class="del">
+						<input type="hidden" name="id-<?php echo $count; ?>" value="<?php echo $id; ?>">
+						<input type="checkbox" name="delete-<?php echo $count; ?>">
+					</td>
+					</tr>
+					<?php
+					$opt = "";
+					$count++;
+				endforeach;
+				?>
+			</table>
+			<input type="hidden" name="acd_fields_total" value="<?php echo $count; ?>">
+		<?php else: ?>
+			<p>No custom data fields found.</p>
+		<?php endif; ?>
 
+		<p class="buttons">
+			<a title="<?php echo gettext('Back to the overview'); ?>"href="<?php echo WEBPATH . '/' . ZENFOLDER . '/admin.php'; ?>"> <img src="<?php echo FULLWEBPATH . '/' . ZENFOLDER; ?>/images/cache.png" alt="" />
+				<strong><?php echo gettext("Back"); ?> </strong>
+			</a>
+		</p>
+		<p class="buttons">
+			<button class="tooltip" type="submit" title="<?php echo "Submit changes" ?>" >
+				<img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/pass.png" alt="" />
+				<?php echo gettext("Apply"); ?>
+			</button>
+		</p>
+		<br clear="all">
+	</form>
 
-<?php
-echo "\n" . '</div>';
-echo "\n" . '</div>';
-echo "\n" . '</div>';
 
-printAdminFooter();
+	<?php
+	echo "\n" . '</div>';
+	echo "\n" . '</div>';
+	echo "\n" . '</div>';
+
+	printAdminFooter();
 
-echo "\n</body>";
-echo "\n</head>";
-?>
+	echo "\n</body>";
+	echo "\n</head>";
+	?>
diff --git a/advanced_custom_data/functions.php b/advanced_custom_data/functions.php
index bddb438..b6c507c 100644
--- a/advanced_custom_data/functions.php
+++ b/advanced_custom_data/functions.php
@@ -1,15 +1,24 @@
-<?php 
+<?php
+
 /**
-* Template for advanced custom data management
-* @package plugins
-*/
+ * Template for advanced custom data management
+ * @package plugins
+ */
 // force UTF-8 Ø
-define('OFFSET_PATH', 3);
-require_once("../../zp-core/admin-globals.php");
-require_once(SERVERPATH.'/'.ZENFOLDER.'/template-functions.php');
-
-
-admin_securityChecks($localrights, $return = currentRelativeURL());
+//
+//
+//The following statements should not be necessary for a subordinate script (one that is only loaded by other scripts.)
+//In addition, the define will throw an error as OFFSET_PATH will have already been defined
+//in acd_create.php or acd_edit.php
+//Again setting up a robust development environment is important so that you see any errors
+//that your code generates.
+/*
+  define('OFFSET_PATH', 3);
+  require_once(dirname(dirname(dirname(__FILE__))) . "/zp-core/admin-globals.php");
+  admin_securityChecks($localrights, $return = currentRelativeURL());
+ *
+ */
+require_once(SERVERPATH . '/' . ZENFOLDER . '/template-functions.php');
 
 function loadAlbum($album) {
 	global $_zp_current_album, $_zp_current_image, $_zp_gallery, $custom, $enabled;
@@ -27,13 +36,13 @@ function loadAlbum($album) {
 
 function saveAcds($del = FALSE) {
 	$acdimage = array();
-	foreach ($_POST as $key=>$value) {
+	foreach ($_POST as $key => $value) {
 		$acdimage[$key] = sanitize(trim($value));
 	}
 
-	if (count($acdimage)>1 && $acdimage['acd_title']) {
-		$acdimage['acd_title'] = preg_replace("/[\s\"\']+/","-",$acdimage['acd_title']);
-		$sql = 'INSERT INTO '.prefix('plugin_storage').' (`type`, `aux`,`data`) VALUES ("advanced_custom_data",'.db_quote($acdimage['acd_title']).','.db_quote(serialize($acdimage)).')';
+	if (count($acdimage) > 1 && $acdimage['acd_title']) {
+		$acdimage['acd_title'] = preg_replace("/[\s\"\']+/", "-", $acdimage['acd_title']);
+		$sql = 'INSERT INTO ' . prefix('plugin_storage') . ' (`type`, `aux`,`data`) VALUES ("advanced_custom_data",' . db_quote($acdimage['acd_title']) . ',' . db_quote(serialize($acdimage)) . ')';
 		query($sql);
 		$msg = FALSE;
 	} elseif (!$acdimage['acd_title']) {
@@ -41,15 +50,16 @@ function saveAcds($del = FALSE) {
 	} else {
 		$msg = "Error, coud not create new entry.";
 	}
-	
-	if($del) {
-		foreach($del as $deli) {
-			$sql = 'DELETE FROM'.prefix('plugin_storage').'WHERE `type`="advanced_custom_data" AND `id`='.$deli;
+
+	if ($del) {
+		foreach ($del as $deli) {
+			$sql = 'DELETE FROM' . prefix('plugin_storage') . 'WHERE `type`="advanced_custom_data" AND `id`=' . $deli;
 			query($sql);
 		}
 		$msg = FALSE;
 	}
-	
+
 	return $msg;
 }
+
 ?>
