Attachment #87626 for bug #130487

View | Details | Raw Unified | Return to bug 130487
Collapse All | Expand All




	    $QueryString =~ s/&/&amp;/g;
	}

	$QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));

    # Security test
	if ($QueryString =~ /LogFile=([^&]+)/i)				{ error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }

	# No update but report by default when run from a browser
	$UpdateStats=($QueryString=~/update=1/i?1:0);

	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }
	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }


	# If migrate
	if ($QueryString =~ /(^|-|&|&amp;)migrate=([^&]+)/i)	{
		$MigrateStats=&Sanitize(&DecodeEncodedString("$2"));
		$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
		$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//;		# SiteConfig is used to find config file
	}

	# Update with no report by default when run from command line
	$UpdateStats=1;

	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize("$1"); }
	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }
	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1",1); }
	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }

Lines 1131-1137 Link Here

(-)awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl (-1 / +1 lines)
1131	my $configdir=shift;	1131	my $configdir=shift;
1132	my @PossibleConfigDir=();	1132	my @PossibleConfigDir=();
1133		1133
1134	if ($configdir) { @PossibleConfigDir=("$configdir"); }	1134	if ($configdir && $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) { @PossibleConfigDir=("$configdir"); }
1135	else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); }	1135	else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); }
1136		1136
1137	# Open config file	1137	# Open config file

Lines 75-81 Link Here

(-)awstats-6.5.orig/tools/awstats_buildstaticpages.pl (-2 / +2 lines)
75	# Return: None	75	# Return: None
76	#------------------------------------------------------------------------------	76	#------------------------------------------------------------------------------
77	sub error {	77	sub error {
78	print "Error: $_[0].\n";	78	print STDERR "Error: $_[0].\n";
79	exit 1;	79	exit 1;
80	}	80	}
81		81
Lines 95-101 Link Here
95	# print "$messagestring<br />\n";	95	# print "$messagestring<br />\n";
96	# }	96	# }
97	# else {	97	# else {
98	print "$messagestring\n";	98	print STDERR "$messagestring\n";
99	# }	99	# }
100	# }	100	# }
101	}	101	}

Lines 87-93 Link Here

(-)awstats-6.5.orig/tools/awstats_configure.pl (-1 / +1 lines)
87	# error	87	# error
88	#-------------------------------------------------------	88	#-------------------------------------------------------
89	sub error {	89	sub error {
90	print "Error: $_[0].\n";	90	print STDERR "Error: $_[0].\n";
91	exit 1;	91	exit 1;
92	}	92	}
93		93

Lines 93-100 Link Here

(-)awstats-6.5.orig/tools/awstats_exportlib.pl (-2 / +2 lines)
93	my $thirdmessage=shift\|\|"";	93	my $thirdmessage=shift\|\|"";
94	my $donotshowsetupinfo=shift\|\|0;	94	my $donotshowsetupinfo=shift\|\|0;
95	if ($Debug) { debug("$message $secondmessage $thirdmessage",1); }	95	if ($Debug) { debug("$message $secondmessage $thirdmessage",1); }
96	print "$message";	96	print STDERR "$message";
97	print "\n";	97	print STDERR "\n";
98	exit 1;	98	exit 1;
99	}	99	}
100		100

Lines 36-42 Link Here

(-)awstats-6.5.orig/tools/awstats_updateall.pl (-1 / +1 lines)
36	# Return: None	36	# Return: None
37	#------------------------------------------------------------------------------	37	#------------------------------------------------------------------------------
38	sub error {	38	sub error {
39	print "Error: $_[0].\n";	39	print STDERR "Error: $_[0].\n";
40	exit 1;	40	exit 1;
41	}	41	}
42		42

Lines 104-110 Link Here

(-)awstats-6.5.orig/tools/logresolvemerge.pl (-2 / +2 lines)
104	# Return: None	104	# Return: None
105	#------------------------------------------------------------------------------	105	#------------------------------------------------------------------------------
106	sub error {	106	sub error {
107	print "Error: $_[0].\n";	107	print STDERR "Error: $_[0].\n";
108	exit 1;	108	exit 1;
109	}	109	}
110		110
Lines 133-139 Link Here
133	sub warning {	133	sub warning {
134	my $messagestring=shift;	134	my $messagestring=shift;
135	if ($Debug) { debug("$messagestring",1); }	135	if ($Debug) { debug("$messagestring",1); }
136	print "$messagestring\n";	136	print STDERR "$messagestring\n";
137	}	137	}
138		138
139	#-----------------------------------------------------------------------------	139	#-----------------------------------------------------------------------------

Lines 56-62 Link Here

(-)awstats-6.5.orig/tools/maillogconvert.pl (-1 / +1 lines)
56	#-------------------------------------------------------	56	#-------------------------------------------------------
57		57
58	sub error {	58	sub error {
59	print "Error: $_[0].\n";	59	print STDERR "Error: $_[0].\n";
60	exit 1;	60	exit 1;
61	}	61	}
62		62

Return to bug 130487

Lines 5534-5540 Link Here

(-)awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl (-4 / +4 lines)
5534	$QueryString =~ s/&/&/g;	5534	$QueryString =~ s/&/&/g;
5535	}	5535	}
5536		5536
5537	$QueryString = CleanFromCSSA($QueryString);	5537	$QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));
5538		5538
5539	# Security test	5539	# Security test
5540	if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }	5540	if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }
Lines 5542-5548 Link Here
5542	# No update but report by default when run from a browser	5542	# No update but report by default when run from a browser
5543	$UpdateStats=($QueryString=~/update=1/i?1:0);	5543	$UpdateStats=($QueryString=~/update=1/i?1:0);
5544		5544
5545	if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); }	5545	if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
5546	if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }	5546	if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
5547	if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }	5547	if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
5548	if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }	5548	if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
Lines 5561-5567 Link Here
5561		5561
5562	# If migrate	5562	# If migrate
5563	if ($QueryString =~ /(^\|-\|&\|&)migrate=([^&]+)/i) {	5563	if ($QueryString =~ /(^\|-\|&\|&)migrate=([^&]+)/i) {
5564	$MigrateStats=&DecodeEncodedString("$2");	5564	$MigrateStats=&Sanitize(&DecodeEncodedString("$2"));
5565	$MigrateStats =~ /^(.)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.)\.txt$/;	5565	$MigrateStats =~ /^(.)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.)\.txt$/;
5566	$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file	5566	$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
5567	}	5567	}
Lines 5591-5597 Link Here
5591	# Update with no report by default when run from command line	5591	# Update with no report by default when run from command line
5592	$UpdateStats=1;	5592	$UpdateStats=1;
5593		5593
5594	if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; }	5594	if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); }
5595	if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }	5595	if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
5596	if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }	5596	if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
5597	if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }	5597	if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }