New: Can allow urls with awredir without using md5 key parameter.

diff --git a/wwwroot/cgi-bin/awredir.pl b/wwwroot/cgi-bin/awredir.pl
index a8a3fc99dbc30fa49e9dd650ddcfb29f8bd40551..24f68631531e902895adfedc049164e1b52af5a2 100644 (file)
--- a/wwwroot/cgi-bin/awredir.pl
+++ b/wwwroot/cgi-bin/awredir.pl
@@ -34,6 +34,9 @@ $EXCLUDEIP="127.0.0.1";
 # site you can set this to empty string, but warning this is a security hole as everybody
 # can use awredir on your site to redirect to any web site (even non legal web sites). 
 $KEYFORMD5='YOURKEYFORMD5';
+# Put here url pattern you want to allow event if parameter key is not provided.
+$AUTHORIZEDWITHOUTKEY='';
+
 
 #-------------------------------------------------------
 # Functions
@@ -106,7 +109,7 @@ if (! $ENV{'GATEWAY_INTERFACE'}) {  # Run from command line
        exit 0;
 }
 
-if ($KEYFORMD5 eq 'YOURKEYFORMD5') {
+if ((! $AUTHORIZEDWITHOUTKEY) && ($KEYFORMD5 eq 'YOURKEYFORMD5')) {
         error("Error: You must change value of constant KEYFORMD5 in awredir.pl script.");
 }
 
@@ -131,12 +134,11 @@ if (! $UrlParam) {
 if ($Url !~ /^http/i) { $Url = "http://".$Url; }
 if ($DEBUG) { print LOGFILE "Url=$Url\n"; }
 
-if ($KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$UrlParam))) {
+if ((! $AUTHORIZEDWITHOUTKEY || $UrlParam !~ /$AUTHORIZEDWITHOUTKEY/) && $KEYFORMD5 && ($Key ne md5_hex($KEYFORMD5.$UrlParam))) {
 #       error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam." - ".$KEYFORMD5." - ".md5_hex($KEYFORMD5.$UrlParam) );
         error("Error: Bad value for parameter key=".$Key." to allow a redirect to ".$UrlParam.". Key must be hexadecimal md5(KEYFORMD5.".$UrlParam.") where KEYFORMD5 is value hardcoded into awredir.pl. Note: You can remove use of key by setting KEYFORMD5 to empty string in script awredir.pl");
 }
 
-
 # Get date
 ($nowsec,$nowmin,$nowhour,$nowday,$nowmonth,$nowyear,$nowwday,$nowyday,$nowisdst) = localtime(time);
 if ($nowyear < 100) { $nowyear+=2000; } else { $nowyear+=1900; }