← Back to branch summary

~ubuntu-branches/ubuntu/maverick/awstats/maverick-security

« back to all changes in this revision

Viewing changes to debian/patches/1001_sanitize_more.patch

  • Committer: Bazaar Package Importer
  • Author(s): Jonas Smedegaard, Charles Fry, Jonas Smedegaard
  • Date: 2006-05-09 23:10:43 UTC
  • Revision ID: james.westby@ubuntu.com-20060509231043-1anmscca1fvenh8u
Tags: 6.5-2
http://bugs.debian.org/365910
http://bugs.debian.org/364443
http://bugs.debian.org/365909
[ Charles Fry ]
* Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to
  enable configdir. Closes: #365910 (thanks to Hendrik Weimer
  <hendrik@enyo.de>)
* Integrated security patches from upstream:
  + Decode QueryString. Closes: #364443 (thanks to Micah Anderson
    <micah@debian.org>)
  + Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
    <hendrik@enyo.de>)
* Indent Homepage in long description, per debian reference guideline

[ Jonas Smedegaard ]
* Update local cdbs snippet copyright-check.mk:
  + Broaden scan to also look for "(c)" by default.
  + Make egrep options configurable.
* Semi-auto-update debian/control:
  + Bump up versioned build-dependency on debhelper.
* Semi-auto-update debian/copyright_hints (nothing remarkable).
* Set urgency=high as this upload fixes security-related bugs
  (bug#365909: CVE-2006-2237).
* Fix including a couple of example shell scripts ignored by mistake.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/1001_sanitize_more.patch
1
 
Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl
2
 
===================================================================
3
 
--- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2005-11-24 15:11:19.000000000 -0500
4
 
+++ awstats-6.5/wwwroot/cgi-bin/awstats.pl      2006-05-05 16:43:12.000000000 -0400
5
 
@@ -5542,8 +5542,8 @@
6
 
        # No update but report by default when run from a browser
7
 
        $UpdateStats=($QueryString=~/update=1/i?1:0);
8
 
 
9
 
-       if ($QueryString =~ /config=([^&]+)/i)                          { $SiteConfig=&DecodeEncodedString("$1"); }
10
 
-       if ($QueryString =~ /diricons=([^&]+)/i)                        { $DirIcons=&DecodeEncodedString("$1"); }
11
 
+       if ($QueryString =~ /config=([^&]+)/i)                          { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
12
 
+       if ($QueryString =~ /diricons=([^&]+)/i)                        { $DirIcons=&Sanitize(&DecodeEncodedString("$1")); }
13
 
        if ($QueryString =~ /pluginmode=([^&]+)/i)                      { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
14
 
        if ($QueryString =~ /configdir=([^&]+)/i)                       { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
15
 
        # All filters
16
 
@@ -5561,7 +5561,7 @@
17
 
 
18
 
        # If migrate
19
 
        if ($QueryString =~ /(^|-|&|&amp;)migrate=([^&]+)/i)    {
20
 
-               $MigrateStats=&DecodeEncodedString("$2"); 
21
 
+               $MigrateStats=&Sanitize(&DecodeEncodedString("$2"));
22
 
                $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
23
 
                $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//;                # SiteConfig is used to find config file
24
 
        }
25
 
@@ -5591,8 +5591,8 @@
26
 
        # Update with no report by default when run from command line
27
 
        $UpdateStats=1;
28
 
 
29
 
-       if ($QueryString =~ /config=([^&]+)/i)                          { $SiteConfig="$1"; }
30
 
-       if ($QueryString =~ /diricons=([^&]+)/i)                        { $DirIcons="$1"; }
31
 
+       if ($QueryString =~ /config=([^&]+)/i)                          { $SiteConfig=&Sanitize("$1"); }
32
 
+       if ($QueryString =~ /diricons=([^&]+)/i)                        { $DirIcons=&Sanitize("$1"); }
33
 
        if ($QueryString =~ /pluginmode=([^&]+)/i)                      { $PluginMode=&Sanitize("$1",1); }
34
 
        if ($QueryString =~ /configdir=([^&]+)/i)                       { $DirConfig=&Sanitize("$1"); }
35
 
        # All filters