Fix security hole reported by StenoPlasma @ www.ExploitDevelopment.com

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 68c8471585e0cf307b303fff884d4df17eb7a2df..041c8af5cfad7701caaa56eb80207c8e0e8e3ac7 100644 (file)
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1669,15 +1669,20 @@ sub Read_Config {
                ); 
 
        if ($configdir) {
-               # If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
-               if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
-               {
-                       error("Sorry, to allow overwriting of configdir parameter, from an AWStats CGI page, with a non default value, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1. For example, by adding the line 'SetEnv AWSTATS_ENABLE_CONFIG_DIR 1' in your Apache config file or into a .htaccess file.");
+               # Check if configdir is outside default values.
+               my $outsidedefaultvalue=1;
+               foreach (@PossibleConfigDir) {
+                       if ($_ eq $configdir) { $outsidedefaultvalue=0; last; }
                }
-               else
+
+               # If from CGI, overwriting of configdir with a value that differs from a defautl value
+               # is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
+               if ($ENV{'GATEWAY_INTERFACE'} && $outsidedefaultvalue && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
                {
-                       @PossibleConfigDir = ("$configdir");
+                       error("Sorry, to allow overwriting of configdir parameter, from an AWStats CGI page, with a non default value, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1. For example, by adding the line 'SetEnv AWSTATS_ENABLE_CONFIG_DIR 1' in your Apache config file or into a .htaccess file.");
                }
+
+               @PossibleConfigDir = ("$configdir");
        }
 
        # Open config file