From 20d0dff955dc3486bdfa1c7d3dbc4d7390dc4872 Mon Sep 17 00:00:00 2001
From: eldy <>
Date: Sun, 27 Jul 2008 17:41:57 +0000
Subject: [PATCH] Secu: Fix RSS vulnerability

---
 wwwroot/cgi-bin/awstats.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 79d9a552..a2a2e606 100644
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -4406,6 +4406,7 @@ sub EncodeString {
 sub DecodeEncodedString {
 	my $stringtodecode=shift;
 	$stringtodecode =~ tr/\+/ /s;
+	$stringtodecode =~ s/%22//g;
 	$stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
 	return $stringtodecode;
 }
@@ -4458,9 +4459,12 @@ sub Sanitize {
 #------------------------------------------------------------------------------
 sub CleanXSS {
 	my $stringtoclean=shift;
+	# To avoid html tags and javascript
 	$stringtoclean =~ s/</&lt;/g;
 	$stringtoclean =~ s/>/&gt;/g;
 	$stringtoclean =~ s/|//g;
+	# To avoid onload="
+	$stringtoclean =~ s/onload//g;
 	return $stringtoclean;
 }
 
-- 
2.47.3