Changed viewweblog to a form, reworked handling of config and weblog...

Changed viewweblog to a form, reworked handling of config and weblog parameters, and added deniedyesno and bypassyesno config options.

weblog-controller.lua

@@ -38,7 +38,13 @@ function viewactivitylog(self)
 end
 
 function viewweblog(self)
-	return self.model.getweblog(self.clientdata.activelog, self.clientdata.clientuserid, self.clientdata.starttime, self.clientdata.endtime, self.clientdata.clientip, self.clientdata.badyesno, self.clientdata.deniedyesno, self.clientdata.bypassyesno, self.clientdata.score, self.clientdata.urisearch, self.clientdata.sortby, self.clientdata.selected, clientdata.focus)
+	local retval = controllerfunctions.handle_form(self, self.model.getweblogparameters, self.model.getweblog, self.clientdata, "Update", "Display Weblog")
+	-- We want to get the weblog even if form wasn't submitted
+	if not self.clientdata.Update then
+		controllerfunctions.handle_clientdata(retval, self.clientdata)
+		retval = self.model.getweblog(retval)
+	end
+	return retval
 end
 
 function downloadweblog(self)
@@ -48,7 +54,7 @@ function downloadweblog(self)
 	local content = {"sourcename\tclientuserid\tclientip\tlogdatetime\turi\tbytes\treason\tscore\tshortreason\tbadyesno\tdeniedyesno\tbypassyesno"}
 	for i,log in ipairs(retval.value.log.value) do
 		content[#content+1] = string.format("%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s",
-			log.sourcename, log.clientuserid, log.clientip, log.logdatetime, log.uri, log.bytes, log.reason, log.score, log.shortreason, log.badyesno, log.deniedyesno, log.bypassyesno)
+			log.sourcename, log.clientuserid, log.clientip, log.logdatetime, log.uri, log.bytes, log.reason, log.score, log.shortreason or "", log.badyesno, log.deniedyesno, log.bypassyesno)
 	end
 	file.value = table.concat(content, "\n")
 	return file

weblog-model.lua

@@ -306,14 +306,14 @@ local generatewhereclause = function(clientuserid, starttime, endtime, clientip,
 	if clientip and clientip ~= "" then
 		where[#where+1] = "clientip = '"..escape(clientip).."'"
 	end
-	if badyesno and badyesno ~= "" then
-		where[#where+1] = "badyesno = '"..escape(badyesno).."'"
+	if badyesno then
+		where[#where+1] = "badyesno = '1'"
 	end
-	if deniedyesno and deniedyesno ~= "" then
-		where[#where+1] = "deniedyesno = '"..escape(deniedyesno).."'"
+	if deniedyesno then
+		where[#where+1] = "deniedyesno = '1'"
 	end
-	if bypassyesno and bypassyesno ~= "" then
-		where[#where+1] = "bypassyesno = '"..escape(bypassyesno).."'"
+	if bypassyesno then
+		where[#where+1] = "bypassyesno = '1'"
 	end
 	if score and score ~= "" then
 		where[#where+1] = "score >= '"..escape(score).."'"
@@ -321,7 +321,7 @@ local generatewhereclause = function(clientuserid, starttime, endtime, clientip,
 	if urisearch and urisearch ~= "" then
 	    	where[#where+1] = "lower(uri) LIKE '%"..escape(urisearch).."%'"
 	end
-	if selected and selected == "true" then
+	if selected then
 		where[#where+1] = "selected = 'true'"
 	end
 
@@ -355,10 +355,6 @@ local listlogentries = function(activelog, clientuserid, starttime, endtime, cli
 	return entries
 end
 
-local listpubweblogentries = function(...)
-	return listlogentries(...)
-end
-
 local groupflaggedlogentries = function(starttime, endtime, groupby)
 	groupby = groupby or "clientuserid"
 	local entries = {}
@@ -993,61 +989,6 @@ function getactivitylog()
 	return retval
 end
 
-local validateparameters = function(params)
-	local success = true
-	if params.clientip.value ~= "" and string.find(params.clientip.value, "[^%d%.]") then
-		params.clientip.errtxt = "Invalid IP Address"
-		success = false
-	end
-	if params.window.value ~= "" and not validator.is_integer(params.window.value) then
-		params.window.errtxt = "Must be an integer"
-		success = false
-	end
-	local res, err = pcall(function()
-		databaseconnect(DatabaseUser)
-		local s
-		if params.starttime.value ~= "" then
-			s,params.starttime.errtxt,params.starttime.value = convertdatabaseentry("TIMESTAMP", params.starttime.value)
-			success = success and s
-		end
-		if params.endtime.value ~= "" then
-			s,params.endtime.errtxt,params.endtime.value = convertdatabaseentry("TIMESTAMP", params.endtime.value)
-			success = success and s
-		end
-		if params.focus.value ~= "" then
-			s,params.focus.errtxt,params.focus.value = convertdatabaseentry("TIMESTAMP", params.focus.value)
-			success = success and s
-		end
-		databasedisconnect()
-	end)
-	if not res and err then
-		params.starttime.errtxt = err
-		params.endtime.errtxt = err
-		params.focus.errtxt = err
-		success = false
-	end
-	return success
-end
-
-local handleparameters = function(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected, focus)
-	local result = {}
-	result.activelog = cfe({ value=activelog or "pubweblog", label="Active Weblog" })
-	result.clientuserid = cfe({ value=clientuserid or "", label="User ID" })
-	result.starttime = cfe({ value=starttime or "", label="Start Time" })
-	result.endtime = cfe({ value=endtime or "", label="End Time" })
-	result.clientip = cfe({ value=clientip or "", label="Client IP" })
-	result.badyesno = cfe({ value=badyesno, label="Show Dodgy Records", descr="Limit search to Dodgy records"})
-	result.deniedyesno = cfe({ value=deniedyesno, label="Show Denied Records", descr="Limit search to Denied uri"})
-	result.bypassyesno = cfe({ value=bypassyesno, label="Show Bypass Actions", descr="Limit search to Bypass attempts"})
-	result.score = cfe({ value=score, label="Minimum Score", descr="Minimum score to search on"})
-	result.urisearch = cfe({ value=urisearch or "", label="URI Contains", descr="Retrieve records where the URI contains this word"})
-	result.sortby = cfe({ value=sortby, label="Sort By field", descr="Sort by this field when displaying records"})
-	result.selected = cfe({ value=selected, label="Show Selected Records", descr="Show only records that have been selected"})
-	result.window = cfe({ value=config.window or "5", label="Time Window" })
-	result.focus = cfe({ value=focus or "", label="Focus Time" })
-	return result
-end
-
 function geteditselected()
 	local result = {}
 	result.select = cfe({ type="list", value={}, label="Entries to mark as selected" })
@@ -1089,41 +1030,76 @@ function clearselected()
 	return retval
 end
 
-function getweblog(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected, focus )
-	if (not activelog or activelog=="") then
-		activelog = "pubweblog"
-	end
-
-	if (not starttime or starttime=="") and (not endtime or endtime=="") and config.auditstart~="" and config.auditend~="" then
-		starttime = config.auditstart
-		endtime = config.auditend
-	end
-
-	if config.badyesno=="true" then
-		badyesno = '1'
-	end
-
-	if (not score or score=="") and config.minimumscore~="" then
-		score = config.minimumscore
+local validateweblogparameters = function(params)
+	local success = modelfunctions.validateselect(params.value.activelog)
+	success = modelfunctions.validateselect(params.value.sortby) and success
+	if params.value.clientip.value ~= "" and string.find(params.value.clientip.value, "[^%d%.]") then
+		params.value.clientip.errtxt = "Invalid IP Address"
+		success = false
 	end
-
-	if (not sortby or sortby=="") and config.sortby~="" then
-		sortby = config.sortby
+	local res, err = pcall(function()
+		databaseconnect(DatabaseUser)
+		local s
+		if params.value.starttime.value ~= "" then
+			s,params.value.starttime.errtxt,params.value.starttime.value = convertdatabaseentry("TIMESTAMP", params.value.starttime.value)
+			success = success and s
+		end
+		if params.value.endtime.value ~= "" then
+			s,params.value.endtime.errtxt,params.value.endtime.value = convertdatabaseentry("TIMESTAMP", params.value.endtime.value)
+			success = success and s
+		end
+		if params.value.focus.value ~= "" then
+			s,params.value.focus.errtxt,params.value.focus.value = convertdatabaseentry("TIMESTAMP", params.value.focus.value)
+			success = success and s
+		end
+		databasedisconnect()
+	end)
+	if not res and err then
+		params.value.starttime.errtxt = err
+		params.value.endtime.errtxt = err
+		params.value.focus.errtxt = err
+		success = false
 	end
+	return success
+end
 
-	local result = handleparameters(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected, focus)
-	result.log = cfe({ type="list", value={}, label="Weblog Access Log" })
-	local success = validateparameters(result)
+function getweblogparameters()
+	local c = getconfig()
+	local result = {}
+	result.activelog = cfe({ type="select", value="pubweblog", option={"pubweblog", "pubweblog_history"}, label="Active Weblog", seq=1 })
+	result.starttime = cfe({ value=c.value.auditstart.value, label="Start Time", seq=2 })
+	result.endtime = cfe({ value=c.value.auditend.value, label="End Time", seq=3 })
+	result.clientuserid = cfe({ value="", label="User ID", seq=4 })
+	result.clientip = cfe({ value="", label="Client IP", seq=5 })
+	result.urisearch = cfe({ value="", label="URI Contains", descr="Retrieve records where the URI contains this word", seq=6 })
+	result.score = cfe({ value=c.value.minimumscore.value, label="Minimum Score", descr="Minimum score to search on", seq=7 })
+	result.sortby = cfe({ type="select", value=c.value.sortby.value, option=c.value.sortby.option, label="Sort By field", descr="Sort by this field when displaying records", seq=8 })
+	result.badyesno = cfe({ type="boolean", value=c.value.badyesno.value, label="Show Suspect Records", descr="Limit search to records marked as suspect", seq=9 })
+	result.deniedyesno = cfe({ type="boolean", value=c.value.deniedyesno.value, label="Show Denied Records", descr="Limit search to Denied URIs", seq=10 })
+	result.bypassyesno = cfe({ type="boolean", value=c.value.bypassyesno.value, label="Show Bypass Records", descr="Limit search to Bypass attempts", seq=11 })
+	result.selected = cfe({ type="boolean", value=false, label="Show Selected Records", descr="Limit search to records that have been selected", seq=12 })
+	result.focus = cfe({ value="", label="Focus Time", seq=13 })
+	return cfe({ type="group", value=result, label="Weblog Access Log" })
+end
+
+function getweblog(result)
+	local success = validateweblogparameters(result)
+	result.value.log = cfe({ type="list", value={}, label="Weblog Access Log" })
+	result.value.window = cfe({ value=config.window or "5", label="Time Window" })
+	local err
 	if success then
 		local res, err = pcall(function()
 			databaseconnect(DatabaseUser)
-			result.log.value = listpubweblogentries(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected ) or {}
+			result.value.log.value = listlogentries(result.value.activelog.value, result.value.clientuserid.value, result.value.starttime.value, result.value.endtime.value, result.value.clientip.value, result.value.badyesno.value, result.value.deniedyesno.value, result.value.bypassyesno.value, result.value.score.value, result.value.urisearch.value, result.value.sortby.value, result.value.selected.value ) or {}
 			databasedisconnect()
 		end)
+		if not res then
+			result.errtxt = err
+		end
 	else
-		err = "Invalid search parameters"
+		result.errtxt = "Invalid search parameters"
 	end
-	return cfe({ type="group", value=result, errtxt=err, label="Weblog Access Log" })
+	return result
 end
 
 function getusagestats()
@@ -1174,15 +1150,17 @@ function getconfig()
 	local result = {}
 	result.auditstart = cfe({ value=config.auditstart or "", label="Audit Start Time", seq=1 })
 	result.auditend = cfe({ value=config.auditend or "", label="Audit End Time", seq=2 })
-	result.badyesno = cfe({ type="boolean", value=(config.badyesno == "1"), label="Display Suspect Records", descr="Show only records flagged as suspect on initial display", seq=3 })
-	result.sortby = cfe({ type="select", value=config.sortby or "logdatetime", label="Sort By field", option={"logdatetime", "logdatetime DESC", "clientuserid", "clientuserid DESC", "clientip", "clientip DESC", "bytes", "bytes DESC", "score", "score DESC", "reason"}, seq=4 })
-	result.minimumscore = cfe({ value=config.minimumscore or "0", label="Minimum Score", descr="Minimum Score to search for", seq=5 })
-	result.window = cfe({ value=config.window or "5", label="Time Window", descr="Minutes of activity to display before and after selected block", seq=6 })
-	result.purgedays = cfe({ value=config.purgedays or "30", label="Days before Purge", descr="Days to keep history, regardless of audit", seq=10 })
-	result.groupby = cfe({ type="select", value=config.groupby or "clientuserid", label="Group results by", option={"clientuserid", "clientip"}, seq=7 })
-	result.shorturi = cfe({ type="boolean", value=(config.shorturi == "true"), label="Truncate URLs", descr="You can limit the length of displayed URLs by enabling this option", seq=7 })
-	result.shortreason = cfe({ type="boolean", value=(config.shortreason == "true"), label="Short Reason", descr="Display a short reason (dansguardian only)", seq=8 })
-	result.stoponerror = cfe({ type="boolean", value=(config.stoponerror == "true"), label="Stop on Error", descr="Stop import of logs if an error is encountered", seq=11})
+	result.groupby = cfe({ type="select", value=config.groupby or "clientuserid", label="Group results by", option={"clientuserid", "clientip"}, descr="Display audit results based on user ID or IP", seq=3 })
+	result.minimumscore = cfe({ value=config.minimumscore or "0", label="Minimum Score", descr="Default minimum Score to search for", seq=4 })
+	result.sortby = cfe({ type="select", value=config.sortby or "logdatetime", label="Sort By field", option={"logdatetime", "logdatetime DESC", "clientuserid", "clientuserid DESC", "clientip", "clientip DESC", "bytes", "bytes DESC", "score", "score DESC", "reason"}, descr="Default sort order", seq=5 })
+	result.badyesno = cfe({ type="boolean", value=(config.badyesno == "true"), label="Display Suspect Records", descr="By default, only show records flagged as suspect", seq=6 })
+	result.deniedyesno = cfe({ type="boolean", value=(config.deniedyesno == "true"), label="Display Denied Records", descr="By default, only show records with denied URI", seq=7 })
+	result.bypassyesno = cfe({ type="boolean", value=(config.bypassyesno == "true"), label="Display Bypass Records", descr="By default, only show records with bypass attempts", seq=8 })
+	result.shorturi = cfe({ type="boolean", value=(config.shorturi == "true"), label="Truncate URLs", descr="You can limit the length of displayed URLs by enabling this option", seq=9 })
+	result.shortreason = cfe({ type="boolean", value=(config.shortreason == "true"), label="Short Reason", descr="Display a short reason (dansguardian only)", seq=10 })
+	result.window = cfe({ value=config.window or "5", label="Time Window", descr="Minutes of activity to display before and after selected block", seq=11 })
+	result.purgedays = cfe({ value=config.purgedays or "30", label="Days before Purge", descr="Days to keep full history, regardless of audit", seq=12 })
+	result.stoponerror = cfe({ type="boolean", value=(config.stoponerror == "true"), label="Stop on Error", descr="Stop import of logs if an error is encountered", seq=13})
 	return cfe({ type="group", value=result, label="Weblog Config" })
 end
 
@@ -1233,6 +1211,8 @@ function updateconfig(newconfig)
 		configcontent = format.update_ini_file(configcontent, "", "shortreason", tostring(newconfig.value.shortreason.value))
 		configcontent = format.update_ini_file(configcontent, "", "stoponerror", tostring(newconfig.value.stoponerror.value))
 		configcontent = format.update_ini_file(configcontent, "", "badyesno", tostring(newconfig.value.badyesno.value))
+		configcontent = format.update_ini_file(configcontent, "", "deniedyesno", tostring(newconfig.value.deniedyesno.value))
+		configcontent = format.update_ini_file(configcontent, "", "bypassyesno", tostring(newconfig.value.bypassyesno.value))
 		configcontent = format.update_ini_file(configcontent, "", "minimumscore", tostring(newconfig.value.minimumscore.value))
 		configcontent = format.update_ini_file(configcontent, "", "sortby", tostring(newconfig.value.sortby.value))
 

weblog-viewweblog-html.lsp

@@ -94,85 +94,18 @@ end
 
 <H1>Search Parameters</H1>
 <DL>
-<% if data.errtxt then %><p class="error"><%= html.html_escape(data.errtxt) %></p><% end %>
-<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action) %>" method="POST">
-<DT>Active Weblog</DT>
-<DD><select name="activelog">
-<option value="pubweblog">Current</option>
-<option value="pubweblog_history"<% if data.value.activelog.value == "pubweblog_history" then %> selected="selected" <% end %> >History</option>
-</select>  
-</DD>
-<DT>Start Time</DT>
-<DD><input class="text" type="text" name="starttime" value="<%= html.html_escape(data.value.starttime.value) %>" >
-<p><%= html.html_escape(data.value.starttime.value) %></p>
-<% if data.value.starttime.errtxt then %><p class="error"><%= html.html_escape(data.value.starttime.errtxt) %></p><% end %>
-</DD>
-<DT>User ID</DT>
-<DD><input class="text" type="text"  name="clientuserid"  value="<%= html.html_escape(data.value.clientuserid.value) %>" >
-<p><%= html.html_escape(data.value.clientuserid.value) %></p>
-<% if data.value.clientuserid.errtxt then %><p class="error"><%= html.html_escape(data.value.clientuserid.errtxt) %></p><% end %>
-</DD>
-<DT>Client IP</DT>
-<DD><input class="text" type="text"  name="clientip"  value="<%= html.html_escape(data.value.clientip.value) %>" >
-<p><%= html.html_escape(data.value.clientip.value) %></p>
-<% if data.value.clientip.errtxt then %><p class="error"><%= html.html_escape(data.value.clientip.errtxt) %></p><% end %>
-</DD>
-<DT>End Time</DT>
-<DD><input class="text" type="text"  name="endtime"  value="<%= html.html_escape(data.value.endtime.value) %>" >
-<p><%= html.html_escape(data.value.endtime.value) %></p>
-<% if data.value.endtime.errtxt then %><p class="error"><%= html.html_escape(data.value.endtime.errtxt) %></p><% end %>
-</DD>
-<DT>URI Contains</DT>
-<DD><input class="text" type="text"  name="urisearch"  value="<%= html.html_escape(data.value.urisearch.value) %>" >
-<P CLASS="descr">Retrieve records where the URI contains this word</P>
-<p><%= html.html_escape(data.value.urisearch.value) %></p>
-<% if data.value.urisearch.errtxt then %><p class="error"><%= html.html_escape(data.value.urisearch.errtxt) %></p><% end %>
-</DD>
-<DT>Minimum Score</DT>
-<DD><input class="text" type="text"  name="score"  value="<%= html.html_escape(data.value.score.value) %>" >
-<P CLASS="descr">Minimum score to search on</P>
-<% if data.value.score.errtxt then %><p class="error"><%= html.html_escape(data.value.score.errtxt) %></p><% end %>
-</DD>
-<DT>Sort By</DT>
-<DD><select name="sortby">
-<option value="logdatetime"<% if data.value.log.value == "sortby" then %> selected="selected" <% end %> >Timestamp</option>
-<option value="logdatetime DESC"<% if data.value.sortby.value == "logdatetime DESC" then %> selected="selected" <% end %> >Timestamp DESC</option>
-<option value="clientuserid"<% if data.value.sortby.value == "clientuserid" then %> selected="selected" <% end %> >User ID</option>
-<option value="clientuserid DESC"<% if data.value.sortby.value == "clientuserid DESC" then %> selected="selected" <% end %> >User ID DESC</option>
-<option value="bytes"<% if data.value.sortby.value == "bytes" then %> selected="selected" <% end %> >Size</option>
-<option value="bytes DESC"<% if data.value.sortby.value == "bytes DESC" then %> selected="selected" <% end %> >Size DESC</option>
-<option value="score"<% if data.value.sortby.value == "score" then %> selected="selected" <% end %> >Score</option>
-<option value="score DESC"<% if data.value.sortby.value == "score DESC" then %> selected="selected" <% end %> >Score DESC</option>
-<option value="reason"<% if data.value.sortby.value == "reason" then %> selected="selected" <% end %> >Reason</option>
-<option value="reason DESC"<% if data.value.sortby.value == "reason DESC" then %> selected="selected" <% end %> >Reason DESC</option>
-</select>  
-</DD>
-<DT>Show Suspect Records</DT>
-<DD>
-<input class="checkbox" type="checkbox"  name="badyesno"  value="1" <% if data.value.badyesno.value == "1" then %> checked <% end %>>
-<P CLASS="descr">Show only URIs containing flagged words</P>
-<% if data.value.badyesno.errtxt then %><p class="error"><%= html.html_escape(data.value.badyesno.errtxt) %></p><% end %>
-</DD>
-<DT>Show Denied URIs</DT>
-<DD>
-<input class="checkbox" type="checkbox" name="deniedyesno" value="1" <% if data.value.deniedyesno.value == "1" then %>checked<% end %>>
-<% if data.value.deniedyesno.errtxt then %><p class="error"><%= html.html_escape(data.value.deniedyesno.errtxt) %></p><% end %>
-<P CLASS="descr">Show only Denied URIs</P>
-</DD>
-<DT>Show Bypass Attempts</DT>
-<DD>
-<input class="checkbox" type="checkbox"  name="bypassyesno"  value="1" <% if data.value.bypassyesno.value == "1" then %>checked <% end %>>
-<% if data.value.bypassyesno.errtxt then %><p class="error"><%= html.html_escape(data.value.bypassyesno.errtxt) %></p><% end %>
-<P CLASS="descr">Show only Bypass attempts</P>
-</DD>
-<DT>Show Selected Records</DT>
-<DD>
-<input class="checkbox" type="checkbox" name="selected" value="true" <% if data.value.selected.value == "true" then %>checked <% end %>>
-<% if data.value.selected.errtxt then %><p class="error"><%= html.html_escape(data.value.selected.errtxt) %></p><% end %>
-<P CLASS="descr">Show only records that have been selected</P>
-</DD>
-<DT></DT><DD><input class="submit" type="submit" name="Update" value="Update"></DD>
-</FORM>
+<% -- Display the form, but skip log, window, and focus fields
+local log = data.value.log
+data.value.log = nil
+local window = data.value.window
+data.value.window = nil
+local focus = data.value.focus
+data.value.focus = nil
+displayform(data, nil, nil, page_info, 2)
+data.value.log = log
+data.value.window = window
+data.value.focus = focus
+%>
 </DL>
 
 <%
@@ -232,7 +165,7 @@ end %>
 		<TD <% if data.value.clientip.value == watch.clientip then %> style="font-weight:bold;" <% end %> ><%= html.html_escape(watch.clientip) %></TD>
 		<TD <% if data.value.clientuserid.value == watch.clientuserid then %> style="font-weight:bold;" <% end %> ><%= html.html_escape(watch.clientuserid) %></TD>
 		<TD><%= html.html_escape(watch.bytes) %></TD>
-		<TD WIDTH="2%"><% if watch.badyesno == "1" then %><IMG SRC='<%= html.html_escape(page_info.wwwprefix..page_info.staticdir) %>/dodgy.png' width='13' height='13'><% end %></TD>
+		<TD WIDTH="2%"><% if watch.badyesno ~= "0" then %><IMG SRC='<%= html.html_escape(page_info.wwwprefix..page_info.staticdir) %>/dodgy.png' width='13' height='13'><% end %></TD>
 		<TD WIDTH="2%"><% if watch.deniedyesno ~= "0" then %> <IMG SRC='<%= html.html_escape(page_info.wwwprefix..page_info.staticdir) %>/denied.png' width='13' height='13'><% end %></TD>
 		<TD WIDTH="2%"><% if watch.bypassyesno ~= "0" then %> <IMG SRC='<%= html.html_escape(page_info.wwwprefix..page_info.staticdir) %>/bypass.png' width='13' height='13'><% end %></TD>   
 		<TD><%= html.html_escape(watch.score) %></TD>
@@ -269,21 +202,16 @@ end %>
 <p>No results, try adjusting search parameters</p>
 <% end %>
 
-<% if viewlibrary.check_permission("downloadweblog") then %>
-<form action="<%= html.html_escape(page_info.script .. page_info.prefix .. page_info.controller .. "/downloadweblog") %>" method="POST">
-<input type="hidden"  name="activelog" value="<%= html.html_escape(data.value.activelog.value) %>" >
-<input type="hidden"  name="starttime" value="<%= html.html_escape(data.value.starttime.value) %>" >
-<input type="hidden"  name="clientuserid" value="<%= html.html_escape(data.value.clientuserid.value) %>" >
-<input type="hidden"  name="clientip" value="<%= html.html_escape(data.value.clientip.value) %>" >
-<input type="hidden"  name="endtime" value="<%= html.html_escape(data.value.endtime.value) %>" >
-<input type="hidden"  name="badyesno" value="<%= html.html_escape(data.value.badyesno.value) %>" >
-<input type="hidden"  name="deniedyesno" value="<%= html.html_escape(data.value.deniedyesno.value) %>" >
-<input type="hidden"  name="bypassyesno" value="<%= html.html_escape(data.value.bypassyesno.value) %>" >
-<input type="hidden"  name="score" value="<%= html.html_escape(data.value.score.value) %>" >
-<input type="hidden"  name="sortby" value="<%= html.html_escape(data.value.sortby.value) %>" >
-<input type="hidden"  name="urisearch" value="<%= html.html_escape(data.value.urisearch.value) %>" >
-<input type="hidden"  name="selected" value="<%= html.html_escape(data.value.selected.value) %>" >
-<DT>Download log</DT><DD><input class="submit" type="submit" name="Download" value="Download"></DD>
-</form>
-<% end %>
+<% if viewlibrary.check_permission("downloadweblog") then
+data.action = "downloadweblog"
+data.option = "Download"
+data.value.log = nil
+data.value.window = nil
+data.value.focus = nil
+for n,v in pairs(data.value) do
+	v.type = "hidden"
+	v.checked = nil
+end
+displayform(data, nil, nil, page_info, 2)
+end %>
 </DL>