New: Disable dangerous script by default.

diff --git a/wwwroot/cgi-bin/awdownloadcsv.pl b/wwwroot/cgi-bin/awdownloadcsv.pl
index e4ef310b7ea51b60a86ff4eda8b797287aa6cc92..9fc9b98b795c5768f007af24f96015676a95be79 100755 (executable)
--- a/wwwroot/cgi-bin/awdownloadcsv.pl
+++ b/wwwroot/cgi-bin/awdownloadcsv.pl
@@ -21,6 +21,16 @@
 #------------------------------------------------------------------------------\r
 use CGI qw(:standard);\r
 \r
+my $ALLOWDOWNLOAD=0;\r
+\r
+# Disabled by default for security reason\r
+if (! $ALLOWDOWNLOAD) \r
+{\r
+       print("Error: You must first edit script to change ALLOWDOWNLOAD to 1 to allow usage of this script.\n");\r
+       print("Reason is that enabling this script may be a security hole as it allows someone to download/view details of your awstats data files.\n");\r
+       exit;\r
+}\r
+\r
 my $q               = new CGI;\r
 my $outputFile      = "";   # used to write the output to a file\r
 my $inputFile       = "";   # the fully qualified path to the input log database file\r