]> git.ipfire.org Git - thirdparty/AWStats.git/commitdiff
projects / thirdparty / AWStats.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a113318)
Fix: Security hole.
authoreldy <>
Mon, 16 Aug 2004 19:56:00 +0000 (19:56 +0000)
committereldy <>
Mon, 16 Aug 2004 19:56:00 +0000 (19:56 +0000)
wwwroot/cgi-bin/plugins/rawlog.pm patch | blob | blame | history

diff --git a/wwwroot/cgi-bin/plugins/rawlog.pm b/wwwroot/cgi-bin/plugins/rawlog.pm
index f277046354e89e5540996bba5e219ceef9c37e8f..4f92fd8e01750df21452bac3adbdd68118668ca1 100644 (file)
--- a/wwwroot/cgi-bin/plugins/rawlog.pm
+++ b/wwwroot/cgi-bin/plugins/rawlog.pm
@@ -81,6 +81,12 @@ sub BuildFullHTMLOutput_rawlog {
        my $Filter='';
        if ($QueryString =~ /filterrawlog=([^&]+)/i) { $Filter=&DecodeEncodedString("$1"); }
 
+    # A security check
+       if ($QueryString =~ /logfile=/i) { 
+           print "<br>Option logfile is not allowed while building rawlog output.<br>";
+        return 0;
+       }
+
        # Show form
        &_ShowForm($Filter);
 
Mirror of https://github.com/eldy/AWStats.git