--- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2005-11-24 15:11:19.000000000 -0500 +++ awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-05-06 17:34:13.000000000 -0400 @@ -5534,7 +5534,7 @@ $QueryString =~ s/&/&/g; } - $QueryString = CleanFromCSSA($QueryString); + $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString)); # Security test if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); } @@ -5542,7 +5542,7 @@ # No update but report by default when run from a browser $UpdateStats=($QueryString=~/update=1/i?1:0); - if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); } + if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); } if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); } if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } @@ -5561,7 +5561,7 @@ # If migrate if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) { - $MigrateStats=&DecodeEncodedString("$2"); + $MigrateStats=&Sanitize(&DecodeEncodedString("$2")); $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file } @@ -5591,7 +5591,7 @@ # Update with no report by default when run from command line $UpdateStats=1; - if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; } + if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); } if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl =================================================================== --- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl 2006-05-05 16:43:12.000000000 -0400 +++ awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-05-06 17:26:10.000000000 -0400 @@ -1131,7 +1131,7 @@ my $configdir=shift; my @PossibleConfigDir=(); - if ($configdir) { @PossibleConfigDir=("$configdir"); } + if ($configdir && $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) { @PossibleConfigDir=("$configdir"); } else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); } # Open config file diff -urN awstats-6.5.orig/tools/awstats_buildstaticpages.pl awstats-6.5/tools/awstats_buildstaticpages.pl --- awstats-6.5.orig/tools/awstats_buildstaticpages.pl 2005-08-23 15:56:35.000000000 -0400 +++ awstats-6.5/tools/awstats_buildstaticpages.pl 2006-01-04 00:58:20.490613529 -0500 @@ -75,7 +75,7 @@ # Return: None #------------------------------------------------------------------------------ sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } @@ -95,7 +95,7 @@ # print "$messagestring
\n"; # } # else { - print "$messagestring\n"; + print STDERR "$messagestring\n"; # } # } } diff -urN awstats-6.5.orig/tools/awstats_configure.pl awstats-6.5/tools/awstats_configure.pl --- awstats-6.5.orig/tools/awstats_configure.pl 2005-04-22 13:34:05.000000000 -0400 +++ awstats-6.5/tools/awstats_configure.pl 2006-01-04 00:58:24.987002812 -0500 @@ -87,7 +87,7 @@ # error #------------------------------------------------------- sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } diff -urN awstats-6.5.orig/tools/awstats_exportlib.pl awstats-6.5/tools/awstats_exportlib.pl --- awstats-6.5.orig/tools/awstats_exportlib.pl 2003-12-05 18:53:38.000000000 -0500 +++ awstats-6.5/tools/awstats_exportlib.pl 2006-01-04 00:58:30.769217454 -0500 @@ -93,8 +93,8 @@ my $thirdmessage=shift||""; my $donotshowsetupinfo=shift||0; if ($Debug) { debug("$message $secondmessage $thirdmessage",1); } - print "$message"; - print "\n"; + print STDERR "$message"; + print STDERR "\n"; exit 1; } diff -urN awstats-6.5.orig/tools/awstats_updateall.pl awstats/tools/awstats_updateall.pl --- awstats-6.5.orig/tools/awstats_updateall.pl 2005-04-22 13:34:05.000000000 -0400 +++ awstats-6.5/tools/awstats_updateall.pl 2006-01-04 00:58:34.910654953 -0500 @@ -36,7 +36,7 @@ # Return: None #------------------------------------------------------------------------------ sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } diff -urN awstats-6.5.orig/tools/logresolvemerge.pl awstats-6.5/tools/logresolvemerge.pl --- awstats-6.5.orig/tools/logresolvemerge.pl 2005-12-04 16:10:46.000000000 -0500 +++ awstats-6.5/tools/logresolvemerge.pl 2006-01-04 00:58:38.552160356 -0500 @@ -104,7 +104,7 @@ # Return: None #------------------------------------------------------------------------------ sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } @@ -133,7 +133,7 @@ sub warning { my $messagestring=shift; if ($Debug) { debug("$messagestring",1); } - print "$messagestring\n"; + print STDERR "$messagestring\n"; } #----------------------------------------------------------------------------- diff -urN awstats-6.5.orig/tools/maillogconvert.pl awstats-6.5/tools/maillogconvert.pl --- awstats-6.5.orig/tools/maillogconvert.pl 2005-04-22 13:34:05.000000000 -0400 +++ awstats-6.5/tools/maillogconvert.pl 2006-01-04 00:58:42.465628823 -0500 @@ -56,7 +56,7 @@ #------------------------------------------------------- sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; }