From: eldy <>
Date: Sun, 10 Aug 2003 13:42:45 +0000 (+0000)
Subject: Chars < and > inside reported values are no more removed but coded with &lt; and... 
X-Git-Tag: AWSTATS_5_7_RELEASE~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efbc34dbbe5261e921acfe76ba50d55d4fa08b9d;p=thirdparty%2FAWStats.git

Chars < and > inside reported values are no more removed but coded with &lt; and &gt; in html built page.
---

diff --git a/docs/awstats_changelog.txt b/docs/awstats_changelog.txt
index b845e54f..95a3c10a 100644
--- a/docs/awstats_changelog.txt
+++ b/docs/awstats_changelog.txt
@@ -21,6 +21,8 @@ Fixes:
 - Geoip lookup is always done (as it should) on ip when ip is known, even if
   DNSLookup is enabled and successfull. This increase seriously AWStats speed
   when DNSLookup and Geoip are both enabled.
+- Chars < and > inside reported values are no more removed but coded with &lt;
+  and &gt; in html built page.
 
 New features/improvements:
 - Added 'rawlog' plugin to add a form to show raw log content with filter
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index af118bcf..c26b6e86 100644
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -3889,7 +3889,7 @@ sub DecodeEncodedString {
 }
 
 #--------------------------------------------------------------------
-# Function:     Clean a string of all HTML code to avoid 'Cross Site Scripting attacks'
+# Function:     Clean a string of HTML tags to avoid 'Cross Site Scripting attacks'
 # Parameters:   stringtodecode
 # Input:        None
 # Output:       None
@@ -3897,7 +3897,9 @@ sub DecodeEncodedString {
 #--------------------------------------------------------------------
 sub CleanFromCSSA {
 	my $stringtoclean=shift;
-	$stringtoclean =~ s/[<>].*$//;
+#	$stringtoclean =~ s/[<>].*$//;
+	$stringtoclean =~ s/</&lt;/g;
+	$stringtoclean =~ s/>/&gt;/g;
 	return $stringtoclean;
 }
 
@@ -7609,7 +7611,7 @@ if (scalar keys %HTMLOutput) {
 		my $count=0;
 		&BuildKeyList($MaxRowsInHTMLOutput,$MinHit{'Keyphrase'},\%_keyphrases,\%_keyphrases);
 		foreach my $key (@keylist) {
-			my $mot = DecodeEncodedString(CleanFromCSSA($key));
+			my $mot = CleanFromCSSA(DecodeEncodedString($key));
 			my $p;
 			if ($TotalKeyphrases) { $p=int($_keyphrases{$key}/$TotalKeyphrases*1000)/10; }
 			print "<TR><TD CLASS=AWS>$mot</TD><TD>$_keyphrases{$key}</TD><TD>$p %</TD></TR>\n";
@@ -7635,7 +7637,7 @@ if (scalar keys %HTMLOutput) {
 		my $count=0;
 		&BuildKeyList($MaxRowsInHTMLOutput,$MinHit{'Keyword'},\%_keywords,\%_keywords);
 		foreach my $key (@keylist) {
-			my $mot = DecodeEncodedString(CleanFromCSSA($key));
+			my $mot = CleanFromCSSA(DecodeEncodedString($key));
 			my $p;
 			if ($TotalKeywords) { $p=int($_keywords{$key}/$TotalKeywords*1000)/10; }
 			print "<TR><TD CLASS=AWS>$mot</TD><TD>$_keywords{$key}</TD><TD>$p %</TD></TR>\n";
@@ -8945,7 +8947,7 @@ if (scalar keys %HTMLOutput) {
 			my $count=0;
 			&BuildKeyList($MaxNbOf{'KeyphrasesShown'},$MinHit{'Keyphrase'},\%_keyphrases,\%_keyphrases);
 			foreach my $key (@keylist) {
-				my $mot = DecodeEncodedString(CleanFromCSSA($key));
+				my $mot = CleanFromCSSA(DecodeEncodedString($key));
 				my $p;
 				if ($TotalKeyphrases) { $p=int($_keyphrases{$key}/$TotalKeyphrases*1000)/10; }
 				print "<TR><TD CLASS=AWS>$mot</TD><TD>$_keyphrases{$key}</TD><TD>$p %</TD></TR>\n";
@@ -8974,7 +8976,7 @@ if (scalar keys %HTMLOutput) {
 			my $count=0;
 			&BuildKeyList($MaxNbOf{'KeywordsShown'},$MinHit{'Keyword'},\%_keywords,\%_keywords);
 			foreach my $key (@keylist) {
-				my $mot = DecodeEncodedString(CleanFromCSSA($key));
+				my $mot = CleanFromCSSA(DecodeEncodedString($key));
 				my $p;
 				if ($TotalKeywords) { $p=int($_keywords{$key}/$TotalKeywords*1000)/10; }
 				print "<TR><TD CLASS=AWS>$mot</TD><TD>$_keywords{$key}</TD><TD>$p %</TD></TR>\n";
@@ -9109,7 +9111,7 @@ if (scalar keys %HTMLOutput) {
 	 			&BuildKeyList($MaxNbOfExtra[$extranum],$MinHitExtra[$extranum],\%{'_section_' . $extranum . '_h'},\%{'_section_' . $extranum . '_h'});
 	 		}
 			foreach my $key (@keylist) {
-	 			my $firstcol = DecodeEncodedString(CleanFromCSSA($key));
+	 			my $firstcol = CleanFromCSSA(DecodeEncodedString($key));
 	 			print "<TR><TD CLASS=AWS>$firstcol</TD>";
 	 			if ($ExtraStatTypes[$extranum] =~ m/P/i) { print "<TD>" . ${'_section_' . $extranum . '_p'}{$key} . "</TD>"; }
 	 			if ($ExtraStatTypes[$extranum] =~ m/H/i) { print "<TD>" . ${'_section_' . $extranum . '_h'}{$key} . "</TD>"; }