1716
1716
# Other possible directories : "/usr/local/etc/awstats", "/etc"
1717
1717
# FHS standard, Suse package : "/etc/opt/awstats"
1718
1718
my $configdir = shift;
1719
my @PossibleConfigDir = ();
1722
# If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
1723
if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) {
1724
error("Sorry, to allow overwriting of configdir parameter from an AWStats CGI usage, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1");
1727
@PossibleConfigDir = ("$configdir");
1731
@PossibleConfigDir = (
1732
"$DIR", "/etc/awstats",
1719
my @PossibleConfigDir = (
1733
1722
"/usr/local/etc/awstats", "/etc",
1734
1723
"/etc/opt/awstats"
1727
# Check if configdir is outside default values.
1728
my $outsidedefaultvalue=1;
1729
foreach (@PossibleConfigDir) {
1730
if ($_ eq $configdir) { $outsidedefaultvalue=0; last; }
1733
# If from CGI, overwriting of configdir with a value that differs from a default value
1734
# is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
1735
if ($ENV{'GATEWAY_INTERFACE'} && $outsidedefaultvalue && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
1737
error("Sorry, to allow overwriting of configdir parameter, from an AWStats CGI page, with a non default value, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1. For example, by adding the line 'SetEnv AWSTATS_ENABLE_CONFIG_DIR 1' in your Apache config file or into a .htaccess file.");
1740
@PossibleConfigDir = ("$configdir");
1738
1743
# Open config file
1856
local( *CONFIG_INCLUDE );
1851
1857
if ( open( CONFIG_INCLUDE, $includeFile ) ) {
1852
1858
&Parse_Config( *CONFIG_INCLUDE, $level + 1, $includeFile );
1853
1859
close(CONFIG_INCLUDE);
3053
3059
""; # If split has only on part, pluginparam is not initialized
3054
3060
$pluginfile =~ s/\.pm$//i;
3055
3061
$pluginfile =~ /([^\/\\]+)$/;
3056
my $pluginname = $1; # pluginname is pluginfile without any path
3057
# Check if plugin is not disabled
3062
$pluginfile = Sanitize($1); # pluginfile is cleaned from any path for security reasons and from .pm
3063
my $pluginname = $pluginfile;
3058
3064
if ( $NoLoadPlugin{$pluginname} && $NoLoadPlugin{$pluginname} > 0 ) {
7719
7725
my $stringtoclean = shift;
7720
7726
my $full = shift || 0;
7722
$stringtoclean =~ s/[^\w]//g;
7728
$stringtoclean =~ s/[^\w\d]//g;
7725
$stringtoclean =~ s/[^\w\-\\\/\.:\s]//g;
7731
$stringtoclean =~ s/[^\w\d\-\\\/\.:\s]//g;
7727
7733
return $stringtoclean;
9541
9547
if ( $QueryString =~ /configdir=([^&]+)/i ) {
9542
9548
$DirConfig = &Sanitize("$1");
9549
$DirConfig =~ s/\\{2,}/\\/g; # This is to clean Remote URL
9550
$DirConfig =~ s/\/{2,}/\//g; # This is to clean Remote URL
9626
9634
if ( $QueryString =~ /configdir=([^&]+)/i ) {
9627
9635
$DirConfig = &Sanitize("$1");
9636
$DirConfig =~ s/\\{2,}/\\/g; # This is to clean Remote URL
9637
$DirConfig =~ s/\/{2,}/\//g; # This is to clean Remote URL