1
diff -Nur awstats-6.5/wwwroot/cgi-bin/awstats.pl awstats-6.5.new/wwwroot/cgi-bin/awstats.pl
2
--- awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-10-06 14:30:47.497024425 -0700
3
+++ awstats-6.5.new/wwwroot/cgi-bin/awstats.pl 2006-10-06 14:35:01.053898947 -0700
5
print "Example: If your config file is awstats.mysite.conf, use -config=mysite\n";
7
print "- ${tagbold}Did you create your config file 'awstats.$SiteConfig.conf' ?${tagunbold}${tagbr}\n";
8
- print "If not, you can run \"$dir/tools/awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
9
+ print "If not, you can run \"awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
12
else { print "${tagbr}${tagbold}Setup (".($FileConfig?"'".$FileConfig."'":"Config")." file, web server or permissions) may be wrong.${tagunbold}${tagbr}\n"; }
15
#------------------------------------------------------------------------------
16
# Function: Clean a string of HTML tags to avoid 'Cross Site Scripting attacks'
18
# Parameters: stringtoclean
22
my $stringtoclean=shift;
23
$stringtoclean =~ s/</</g;
24
$stringtoclean =~ s/>/>/g;
25
+ $stringtoclean =~ s/|//g;
26
return $stringtoclean;
30
'hostfilter','hostfilterex','urlfilter','urlfilterex','refererpagesfilter','refererpagesfilterex',
31
'pluginmode','filterrawlog');
33
+# Parse input parameters and sanitize them for security reasons
35
# AWStats use GATEWAY_INTERFACE to known if ran as CLI or CGI. AWSTATS_DEL_GATEWAY_INTERFACE can
36
# be set to force AWStats to be ran as CLI even from a web page.
37
@@ -5542,26 +5545,26 @@
38
# No update but report by default when run from a browser
39
$UpdateStats=($QueryString=~/update=1/i?1:0);
41
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
42
- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
43
- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
44
- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
45
+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); }
46
+ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
47
+ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
48
+ if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }
50
- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with hostfilter=filter
51
- if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}=&DecodeEncodedString("$1"); } #
52
- if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can also be defined with urlfilter=filter
53
- if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}=&DecodeEncodedString("$1"); } #
54
- if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can also be defined with refererpagesfilter=filter
55
- if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}=&DecodeEncodedString("$1"); } #
56
+ if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter
57
+ if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}="$1"; } #
58
+ if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can also be defined with urlfilter=filter
59
+ if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}="$1"; } #
60
+ if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can also be defined with refererpagesfilter=filter
61
+ if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}="$1"; } #
63
- if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
64
- if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
65
- if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
66
- if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
67
+ if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
68
+ if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
69
+ if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
70
+ if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
73
if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) {
74
- $MigrateStats=&Sanitize(&DecodeEncodedString("$2"));
75
+ $MigrateStats=&Sanitize("$2");
76
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
77
$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
80
$QueryString .= "$NewLinkParams";
83
- $QueryString = CleanFromCSSA($QueryString);
84
+ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));
87
if ($ENV{'AWSTATS_DEL_GATEWAY_INTERFACE'} && $QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }