Fix for false security exception

Security exceptions would be raised for file names with a "%20" in them. This is because it is also a url-encoding for the "space" character.

Signed-off-by: Aaron Rosenzweig <aaron@chatnbike.com>

Frameworks/BusinessLogic/ERAttachment/Sources/er/attachment/ERAttachmentRequestHandler.java

@@ -122,7 +122,12 @@ public WOResponse handleRequest(WORequest request) {
               attachment = (ERAttachment) ERXEOGlobalIDUtilities.fetchObjectWithGlobalID(editingContext, gid);
               String actualWebPath = attachment.webPath();
               if (!actualWebPath.equals(webPath)) {
-                throw new SecurityException("You are not allowed to view the requested attachment."); 
+            	  // Aaron Rosenzweig - April 24, 2014 - If the file name has %20 in it on the server already (because it was uploaded that way)...
+            	  // then we need to compare "decoded" with "decoded" for fairness
+            	  String urlDecodedActualPath = ERXStringUtilities.urlDecode(actualWebPath);
+            	  if ( ! urlDecodedActualPath.equals(webPath)) {
+                      throw new SecurityException("You are not allowed to view the requested attachment."); 
+            	  }
               }
             }
             else {