diff options
Diffstat (limited to 'www/awstats/files/patch-awstats.pl-security')
| -rw-r--r-- | www/awstats/files/patch-awstats.pl-security | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/www/awstats/files/patch-awstats.pl-security b/www/awstats/files/patch-awstats.pl-security deleted file mode 100644 index 668e4c06c701..000000000000 --- a/www/awstats/files/patch-awstats.pl-security +++ /dev/null @@ -1,91 +0,0 @@ ---- wwwroot/cgi-bin/awstats.pl Wed Oct 25 09:05:29 2006 -+++ wwwroot/cgi-bin/awstats.pl Wed Oct 25 09:02:30 2006 -@@ -1131,7 +1131,18 @@ - my $configdir=shift; - my @PossibleConfigDir=(); - -- if ($configdir) { @PossibleConfigDir=("$configdir"); } -+ if ($configdir) -+ { -+ # If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined -+ #if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) -+ #{ -+ # error("Sorry, to allow overwriting of configdir parameter from an AWStats CGI usage, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1"); -+ #} -+ #else -+ #{ -+ @PossibleConfigDir=("$configdir"); -+ #} -+ } - else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); } - - # Open config file -@@ -4439,6 +4450,7 @@ - my $stringtoclean=shift; - $stringtoclean =~ s/</</g; - $stringtoclean =~ s/>/>/g; -+ $stringtoclean =~ s/|//g; - return $stringtoclean; - } - -@@ -5534,7 +5546,7 @@ - $QueryString =~ s/&/&/g; - } - -- $QueryString = CleanFromCSSA($QueryString); -+ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString)); - - # Security test - if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); } -@@ -5542,26 +5554,26 @@ - # No update but report by default when run from a browser - $UpdateStats=($QueryString=~/update=1/i?1:0); - -- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); } -- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); } -- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } -- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } -- # All filters -- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with hostfilter=filter -- if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}=&DecodeEncodedString("$1"); } # -- if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can also be defined with urlfilter=filter -- if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}=&DecodeEncodedString("$1"); } # -- if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can also be defined with refererpagesfilter=filter -- if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}=&DecodeEncodedString("$1"); } # -+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); } -+ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } -+ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } -+ if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } -+ # All filters -+ if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter -+ if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}="$1"; } # -+ if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can also be defined with urlfilter=filter -+ if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}="$1"; } # -+ if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can also be defined with refererpagesfilter=filter -+ if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}="$1"; } # - # All output -- if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed -- if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed -- if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed -- if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed -+ if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed -+ if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed -+ if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed -+ if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed - - # If migrate - if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) { -- $MigrateStats=&DecodeEncodedString("$2"); -+ $MigrateStats=&Sanitize("$2"); - $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; - $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file - } -@@ -5625,8 +5637,6 @@ - if ($QueryString =~ /(^|&|&)databasebreak=(\w+)/i) { $DatabaseBreak=$2; } - if ($QueryString =~ /(^|&|&)updatefor=(\d+)/i) { $UpdateFor=$2; } - if ($QueryString =~ /(^|&|&)noloadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=1; } } --#Removed for security reasons --#if ($QueryString =~ /(^|&|&)loadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=-1; } } - if ($QueryString =~ /(^|&|&)limitflush=(\d+)/i) { $LIMITFLUSH=$2; } - # Get/Define output - if ($QueryString =~ /(^|&|&)output(=[^&]*|)(.*)(&|&)output(=[^&]*|)(&|$)/i) { error("Only 1 output option is allowed","","",1); } |