From: eldy <>
Date: Mon, 24 May 2010 00:53:20 +0000 (+0000)
Subject: Fix: Sanitize configdir to disable usage of external path in cgi mode.
X-Git-Tag: AWSTATS_7_0_BETA2~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec2cd3fc799ea30727c7b327e6893191f7d4cd59;p=thirdparty%2FAWStats.git

Fix: Sanitize configdir to disable usage of external path in cgi mode.
---

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 825be66b..757fa4b1 100644
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1667,7 +1667,7 @@ sub Read_Config {
 		# If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined
 		if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"})
 		{
-			error("Sorry, to allow overwriting of configdir parameter from an AWStats CGI usage, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1");
+			error("Sorry, to allow overwriting of configdir parameter from an AWStats CGI usage, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1. For example, by adding the line 'SetEnv AWSTATS_ENABLE_CONFIG_DIR 1' in your Apache config file or into a .htaccess file.");
 		}
 		else
 		{