Fix: Fix security hole that allows a user to run perl code with web server permissions.

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index c5a3c839b8db7a4e9a8839cc0e16cc1e5bad3623..e4ef800cf0625466b6f17915086ef8b78fde9c44 100644 (file)
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -838,7 +838,7 @@ sub error {
                                print "Example: If your config file is awstats.mysite.conf, use -config=mysite\n";
                        }
                        print "- ${tagbold}Did you create your config file 'awstats.$SiteConfig.conf' ?${tagunbold}${tagbr}\n";
-                       print "If not, you can run \"$dir/tools/configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
+                       print "If not, you can run \"$dir/tools/awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
                        print "${tagbr}\n";
                }
                else { print "${tagbr}${tagbold}Setup (".($FileConfig?"'".$FileConfig."'":"Config")." file, web server or permissions) may be wrong.${tagunbold}${tagbr}\n"; }
@@ -4285,7 +4285,7 @@ sub UnCompileRegex {
 #------------------------------------------------------------------------------
 sub CleanPluginName {
        my $stringtoclean=shift;
-       $stringtoclean =~ s/[^\w_].*$//g;
+       $stringtoclean =~ s/[^\w_]//g;
        return $stringtoclean;
 }