1
Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl
2
===================================================================
3
--- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2005-11-24 15:11:19.000000000 -0500
4
+++ awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-05-06 17:34:13.000000000 -0400
6
$QueryString =~ s/&/&/g;
9
- $QueryString = CleanFromCSSA($QueryString);
10
+ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));
13
if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }
15
# No update but report by default when run from a browser
16
$UpdateStats=($QueryString=~/update=1/i?1:0);
18
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); }
19
+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
20
if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
21
if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
22
if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
26
if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) {
27
- $MigrateStats=&DecodeEncodedString("$2");
28
+ $MigrateStats=&Sanitize(&DecodeEncodedString("$2"));
29
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
30
$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
33
# Update with no report by default when run from command line
36
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; }
37
+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); }
38
if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
39
if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
40
if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }