From ab450415062ce9dfe9abb1654bbbcdd04115815a Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Mon, 22 Sep 2014 14:46:49 +0000
Subject: Modify HTML views to use html.url_encode

---
 freeradius3-listfiles-html.lsp        | 4 ++--
 freeradius3-listmacauthfiles-html.lsp | 2 +-
 freeradius3-listpasswdfiles-html.lsp  | 2 +-
 freeradius3-viewpasswdfile-html.lsp   | 6 +++---
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/freeradius3-listfiles-html.lsp b/freeradius3-listfiles-html.lsp
index 118ab04..add365d 100644
--- a/freeradius3-listfiles-html.lsp
+++ b/freeradius3-listfiles-html.lsp
@@ -41,10 +41,10 @@ end %>
 	<tr>
 		<td>
 		<% if viewlibrary.check_permission("editfile") then %>
-			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editfile?filename="..v.filename.."&redir="..page_info.orig_action, label="Edit "} %>
+			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editfile?filename="..html.url_encode(v.filename).."&redir="..html.url_encode(page_info.orig_action), label="Edit "} %>
 		<% end %>
 		<% if viewlibrary.check_permission("deletefile") then %>
-			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletefile?submit=true&filename="..v.filename, label="Delete "} %>
+			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletefile?submit=true&filename="..html.url_encode(v.filename), label="Delete "} %>
 		<% end %>
 		</td>
                 <td><%= html.html_escape(v.filename) %></td>
diff --git a/freeradius3-listmacauthfiles-html.lsp b/freeradius3-listmacauthfiles-html.lsp
index 516d0c9..1ebac97 100644
--- a/freeradius3-listmacauthfiles-html.lsp
+++ b/freeradius3-listmacauthfiles-html.lsp
@@ -36,7 +36,7 @@ html = require("acf.html")
 	<tr>
 		<td>
 		<% if viewlibrary.check_permission("editmacauthfile") then %>
-			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editmacauthfile?filename="..v.filename.."&redir="..html.url_encode(page_info.orig_action), label="Edit "} %>
+			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editmacauthfile?filename="..html.url_encode(v.filename).."&redir="..html.url_encode(page_info.orig_action), label="Edit "} %>
 		<% end %>
 		</td>
                 <td><%= html.html_escape(v.filename) %></td>
diff --git a/freeradius3-listpasswdfiles-html.lsp b/freeradius3-listpasswdfiles-html.lsp
index a651dde..303a481 100644
--- a/freeradius3-listpasswdfiles-html.lsp
+++ b/freeradius3-listpasswdfiles-html.lsp
@@ -34,7 +34,7 @@ html = require("acf.html")
 	<tr>
 		<td>
 		<% if viewlibrary.check_permission("viewpasswdfile") then %>
-			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/viewpasswdfile?filename="..v.filename, label="View "} %>
+			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/viewpasswdfile?filename="..html.url_encode(v.filename), label="View "} %>
 		<% end %>
 		</td>
                 <td><%= html.html_escape(v.filename) %></td>
diff --git a/freeradius3-viewpasswdfile-html.lsp b/freeradius3-viewpasswdfile-html.lsp
index 9fab448..fd480bc 100644
--- a/freeradius3-viewpasswdfile-html.lsp
+++ b/freeradius3-viewpasswdfile-html.lsp
@@ -55,13 +55,13 @@ end
 		<td>
 <% if editable then %>
 		<% if viewlibrary.check_permission("editpasswdentry") then %>
-			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editpasswdentry?filename="..view.value.filename.value.."&entry="..i.."&redir="..html.url_encode(redir), label="Edit "} %>
+			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editpasswdentry?filename="..html.url_encode(view.value.filename.value).."&entry="..i.."&redir="..html.url_encode(redir), label="Edit "} %>
 		<% end %>
 		<% if viewlibrary.check_permission("deletepasswdentry") then %>
-			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletepasswdentry?submit=true&filename="..view.value.filename.value.."&entry="..i, label="Delete "} %>
+			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletepasswdentry?submit=true&filename="..html.url_encode(view.value.filename.value).."&entry="..i, label="Delete "} %>
 		<% end %>
 		<% if 0 < containspasswd and r[containspasswd] ~= "" and viewlibrary.check_permission("editpasswd") then %>
-			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editpasswd?filename="..view.value.filename.value.."&entry="..i.."&redir="..html.url_encode(redir), label="ChangePass "} %>
+			<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/editpasswd?filename="..html.url_encode(view.value.filename.value).."&entry="..i.."&redir="..html.url_encode(redir), label="ChangePass "} %>
 		<% end %>
 <% end %>
 		</td>
-- 
cgit v1.2.3