From: eldy <>
Date: Wed, 15 Feb 2012 15:23:43 +0000 (+0000)
Subject: New: Disable dangerous script by default.
X-Git-Tag: AWSTATS_7_1_BETA2^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a5ad5ed11271fa5ccde395a4a10c12405f026229;p=thirdparty%2FAWStats.git

New: Disable dangerous script by default.
---

diff --git a/wwwroot/cgi-bin/awdownloadcsv.pl b/wwwroot/cgi-bin/awdownloadcsv.pl
index e4ef310b..9fc9b98b 100755
--- a/wwwroot/cgi-bin/awdownloadcsv.pl
+++ b/wwwroot/cgi-bin/awdownloadcsv.pl
@@ -21,6 +21,16 @@
 #------------------------------------------------------------------------------
 use CGI qw(:standard);
 
+my $ALLOWDOWNLOAD=0;
+
+# Disabled by default for security reason
+if (! $ALLOWDOWNLOAD) 
+{
+	print("Error: You must first edit script to change ALLOWDOWNLOAD to 1 to allow usage of this script.\n");
+	print("Reason is that enabling this script may be a security hole as it allows someone to download/view details of your awstats data files.\n");
+	exit;
+}
+
 my $q               = new CGI;
 my $outputFile      = "";   # used to write the output to a file
 my $inputFile       = "";   # the fully qualified path to the input log database file