diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc
index 627cc0f291..2035902cbc 100644
--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
@@ -1806,7 +1806,7 @@ function portal_hostname_from_client_ip($cliip) {
                $listenporthttp = $cpcfg['listenporthttp'] ? $cpcfg['listenporthttp'] : ($cpcfg['zoneid'] + 8000);
                $ifip = portal_ip_from_client_ip($cliip);
                if (!$ifip) {
-                       $ourhostname = config_get_path('system/hostname') . config_get_path('system/domain');
+                       $ourhostname = config_get_path('system/hostname') . '.' . config_get_path('system/domain');
                } else {
                        $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}";
                }
diff --git a/src/usr/local/captiveportal/index.php b/src/usr/local/captiveportal/index.php
index 699094b4f291f90a63d1a1ccd5db91ed1058a27f..ce3a3b92fac49cf40d378e1da63b6d97d8ab14b9 100644
--- a/src/usr/local/captiveportal/index.php
+++ b/src/usr/local/captiveportal/index.php
@@ -230,21 +230,25 @@ if ($_POST['logout_id']) {
 	}
 
 } elseif ($_POST['accept'] || $cpcfg['auth_method'] === 'radmac') {
-	
-		if ($cpcfg['auth_method'] === 'radmac' && !isset($_POST['accept'])) {
-			$user = $clientmac; 
-			$passwd = $cpcfg['radmac_secret'];
-			$context = 'radmac'; // Radius MAC authentication
-		} elseif (!empty(trim($_POST['auth_user2']))) { 
-			$user = trim($_POST['auth_user2']);
-			$passwd = $_POST['auth_pass2'];
-			$context = 'second'; // Assume users to use the first context if auth_user2 is empty/does not exist
-		} else {
-			$user = trim($_POST['auth_user']);
-			$passwd = $_POST['auth_pass'];
-			$context = 'first';
-		}
-	
+
+	if ($cpcfg['auth_method'] == 'none') {
+		$user = '';
+		$passwd = '';
+		$context = 'none';
+	} elseif ($cpcfg['auth_method'] === 'radmac' && !isset($_POST['accept'])) {
+		$user = $clientmac;
+		$passwd = $cpcfg['radmac_secret'];
+		$context = 'radmac'; // Radius MAC authentication
+	} elseif (!empty(trim($_POST['auth_user2']))) {
+		$user = trim($_POST['auth_user2']);
+		$passwd = $_POST['auth_pass2'];
+		$context = 'second'; // Assume users to use the first context if auth_user2 is empty/does not exist
+	} else {
+		$user = trim($_POST['auth_user']);
+		$passwd = $_POST['auth_pass'];
+		$context = 'first';
+	}
+
 	$pipeno = captiveportal_get_next_dn_ruleno('auth', 2000, 64500, true);
 	/* if the pool is empty, return appropriate message and exit */
 	if (is_null($pipeno)) {
diff --git a/src/usr/local/www/status_captiveportal.php b/src/usr/local/www/status_captiveportal.php
index 2c2ea5d85fb77a637ee163a4ce5e0b9d016e51af..2317aa75e79438e746065c4dac9b0dd772c1d8c7 100644
--- a/src/usr/local/www/status_captiveportal.php
+++ b/src/usr/local/www/status_captiveportal.php
@@ -289,7 +289,7 @@ if (!empty($cpzone)): ?>
 		endif;
 ?>
 					<td>
-						<a href="?zone=<?=htmlspecialchars($cpzone)?>&amp;showact=<?=htmlspecialchars($_REQUEST['showact'])?>&amp;act=del&amp;id=<?=htmlspecialchars($cpent[5])?>" usepost><i class="fa-solid fa-trash-can" title="<?=gettext("Disconnect this User")?>"></i></a>
+						<a href="?zone=<?=urlencode($cpzone)?>&amp;showact=<?=urlencode($_REQUEST['showact'])?>&amp;act=del&amp;id=<?=urlencode($cpent[5])?>" usepost><i class="fa-solid fa-trash-can" title="<?=gettext("Disconnect this User")?>"></i></a>
 					</td>
 				</tr>
 <?php
diff --git a/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php
index 5a74e1256a1e93406f96c74716941419d05e41af..ed5f7a37686bb8aea6847a96bd5b0bc3b5af5433 100644
--- a/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php
+++ b/src/usr/local/www/widgets/widgets/captive_portal_status.widget.php
@@ -32,21 +32,6 @@ require_once("pfsense-utils.inc");
 require_once("functions.inc");
 require_once("captiveportal.inc");
 
-$cpzone = $_GET['zone'];
-if (isset($_POST['zone'])) {
-	$cpzone = $_POST['zone'];
-}
-$cpzone = strtolower($cpzone);
-
-if (isset($cpzone) && !empty($cpzone)) {
-	$cpzoneid = config_get_path("captiveportal/{$cpzone}/zoneid");
-}
-
-if (($_GET['act'] == "del") && !empty($cpzone) && isset($cpzoneid)) {
-	captiveportal_disconnect_client($_GET['id'], 6);
-}
-unset($cpzone);
-
 flush();
 
 if (!function_exists('clientcmp')) {
@@ -83,21 +68,21 @@ foreach (config_get_path('captiveportal', []) as $cpzone => $cp) {
 		<tbody>
 	<?php foreach ($cpdb_all as $cpent): ?>
 		<tr>
-			<td><?=$cpent[2];?></td>
-			<td><?=$cpent[3];?></td>
-			<td><?=$cpent[4];?></td>
-			<td><?=date("m/d/Y H:i:s", $cpent[0]);?></td>
+			<td><?=htmlspecialchars($cpent[2]);?></td>
+			<td><?=htmlspecialchars($cpent[3]);?></td>
+			<td><?=htmlspecialchars($cpent[4]);?></td>
+			<td><?=htmlspecialchars(date("m/d/Y H:i:s", $cpent[0]));?></td>
 			<td>
 <?php
 			if ($cpent[11] && ($cpent[11] > 0)):
-				echo date("m/d/Y H:i:s", $cpent[11]);
+				echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[11]));
 			else:
 				echo "&nbsp;";
 			endif;
 ?>
 			</td>
 			<td>
-				<a href="?order=<?=htmlspecialchars($_GET['order']);?>&amp;showact=<?=$showact;?>&amp;act=del&amp;zone=<?=$cpent[10];?>&amp;id=<?=$cpent[5];?>">
+				<a href="status_captiveportal.php?order=<?=urlencode($_GET['order']);?>&amp;showact=<?=urlencode($showact);?>&amp;act=del&amp;zone=<?=urlencode($cpent[10]);?>&amp;id=<?=urlencode($cpent[5]);?>" usepost>
 					<i class="fa-solid fa-trash-can" title="<?=gettext("delete");?>"></i>
 				</a>
 			</td>