From: eldy <>
Date: Mon, 16 Aug 2004 19:56:00 +0000 (+0000)
Subject: Fix: Security hole.
X-Git-Tag: AWSTATS_6_3_RELEASE~107
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65030b85dcae449403b1555cb38d2bb8ab6f6a48;p=thirdparty%2FAWStats.git

Fix: Security hole.
---

diff --git a/wwwroot/cgi-bin/plugins/rawlog.pm b/wwwroot/cgi-bin/plugins/rawlog.pm
index f2770463..4f92fd8e 100644
--- a/wwwroot/cgi-bin/plugins/rawlog.pm
+++ b/wwwroot/cgi-bin/plugins/rawlog.pm
@@ -81,6 +81,12 @@ sub BuildFullHTMLOutput_rawlog {
 	my $Filter='';
 	if ($QueryString =~ /filterrawlog=([^&]+)/i) { $Filter=&DecodeEncodedString("$1"); }
 
+    # A security check
+	if ($QueryString =~ /logfile=/i) { 
+	    print "<br>Option logfile is not allowed while building rawlog output.<br>";
+        return 0;
+	}
+
 	# Show form
 	&_ShowForm($Filter);