From a5ad5ed11271fa5ccde395a4a10c12405f026229 Mon Sep 17 00:00:00 2001
From: eldy <>
Date: Wed, 15 Feb 2012 15:23:43 +0000
Subject: [PATCH] New: Disable dangerous script by default.

---
 wwwroot/cgi-bin/awdownloadcsv.pl | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/wwwroot/cgi-bin/awdownloadcsv.pl b/wwwroot/cgi-bin/awdownloadcsv.pl
index e4ef310b..9fc9b98b 100755
--- a/wwwroot/cgi-bin/awdownloadcsv.pl
+++ b/wwwroot/cgi-bin/awdownloadcsv.pl
@@ -21,6 +21,16 @@
 #------------------------------------------------------------------------------
 use CGI qw(:standard);
 
+my $ALLOWDOWNLOAD=0;
+
+# Disabled by default for security reason
+if (! $ALLOWDOWNLOAD) 
+{
+	print("Error: You must first edit script to change ALLOWDOWNLOAD to 1 to allow usage of this script.\n");
+	print("Reason is that enabling this script may be a security hole as it allows someone to download/view details of your awstats data files.\n");
+	exit;
+}
+
 my $q               = new CGI;
 my $outputFile      = "";   # used to write the output to a file
 my $inputFile       = "";   # the fully qualified path to the input log database file
-- 
2.47.3