From: eldy <>
Date: Sat, 13 Nov 2004 00:09:10 +0000 (+0000)
Subject: Fix: Fix security hole that allows a user to run perl code with web server permissions.
X-Git-Tag: AWSTATS_6_3_RELEASE~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=427d655a75ecf2b5ced5539e4a5a1bbeb099153a;p=thirdparty%2FAWStats.git

Fix: Fix security hole that allows a user to run perl code with web server permissions.
---

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index c5a3c839..e4ef800c 100644
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -838,7 +838,7 @@ sub error {
 				print "Example: If your config file is awstats.mysite.conf, use -config=mysite\n";
 			}
 			print "- ${tagbold}Did you create your config file 'awstats.$SiteConfig.conf' ?${tagunbold}${tagbr}\n";
-			print "If not, you can run \"$dir/tools/configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
+			print "If not, you can run \"$dir/tools/awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
 			print "${tagbr}\n";
 		}
 		else { print "${tagbr}${tagbold}Setup (".($FileConfig?"'".$FileConfig."'":"Config")." file, web server or permissions) may be wrong.${tagunbold}${tagbr}\n"; }
@@ -4285,7 +4285,7 @@ sub UnCompileRegex {
 #------------------------------------------------------------------------------
 sub CleanPluginName {
 	my $stringtoclean=shift;
-	$stringtoclean =~ s/[^\w_].*$//g;
+	$stringtoclean =~ s/[^\w_]//g;
 	return $stringtoclean;
 }