diff --git a/www/showimageid_list.php3 b/www/showimageid_list.php3
index c74bef2a07201f4a653fe78d0422a2c7c8c7ce11..4f6a0a6d4b0bf8c3a072fc37f7bdb2677ddc3052 100644
--- a/www/showimageid_list.php3
+++ b/www/showimageid_list.php3
@@ -1,7 +1,7 @@
 <?php
 #
 # EMULAB-COPYRIGHT
-# Copyright (c) 2000-2003 University of Utah and the Flux Group.
+# Copyright (c) 2000-2004 University of Utah and the Flux Group.
 # All rights reserved.
 #
 include("defs.php3");
@@ -36,12 +36,28 @@ elseif (! strcmp($sortby, "desc"))
     $order = "i.description";
 else 
     $order = "i.imagename";
+$extraclause = "";
+
+#
+# Allow for creator restriction
+#
+if (isset($creator) && $creator != "") {
+    if (! TBvalid_uid($creator)) {
+	PAGEARGERROR("Invalid characters in creator");
+    }
+    if ($isadmin) 
+	$extraclause = "where i.creator='$creator' ";
+    else
+	$extraclause = "and i.creator='$creator' ";
+}
 
 #
 # Get the list.
 #
 if ($isadmin) {
-    $query_result = DBQueryFatal("SELECT * FROM images as i order by $order");
+    $query_result = DBQueryFatal("SELECT * FROM images as i ".
+				 "$extraclause ".
+				 "order by $order");
 }
 else {
     #
@@ -55,7 +71,9 @@ else {
     $query_result =
 	DBQueryFatal("select distinct i.* from images as i ".
 		     "left join group_membership as g on g.pid=i.pid ".
-		     "where g.uid='$uid' or i.global order by $order");
+		     "where (g.uid='$uid' or i.global) ".
+		     "$extraclause ".
+		     "order by $order");
 }
 
 SUBPAGESTART();
diff --git a/www/showosid_list.php3 b/www/showosid_list.php3
index 77b754b73ff054ac36c0771323f375de410a80dc..7ab753a38a9c096daa570a59669fb164edf6d6bf 100644
--- a/www/showosid_list.php3
+++ b/www/showosid_list.php3
@@ -37,18 +37,35 @@ elseif (! strcmp($sortby, "desc"))
 else 
     $order = "o.osname";
 
+#
+# Allow for creator restriction
+#
+$extraclause = "";
+if (isset($creator) && $creator != "") {
+    if (! TBvalid_uid($creator)) {
+	PAGEARGERROR("Invalid characters in creator");
+    }
+    if ($isadmin) 
+	$extraclause = "where o.creator='$creator' ";
+    else
+	$extraclause = "and o.creator='$creator' ";
+}
+
 #
 # Get the project list.
 #
 if ($isadmin) {
     $query_result =
-	DBQueryFatal("SELECT * FROM os_info as o order by $order");
+	DBQueryFatal("SELECT * FROM os_info as o ".
+		     "$extraclause ".
+		     "order by $order");
 }
 else {
     $query_result =
 	DBQueryFatal("select distinct o.* from os_info as o ".
 		     "left join group_membership as g on g.pid=o.pid ".
-		     "where g.uid='$uid' or o.shared=1 ".
+		     "where (g.uid='$uid' or o.shared=1) ".
+		     "$extraclause ".
 		     "order by $order");
 }