From: Beuc <beuc@beuc.net>
Date: Thu, 17 Dec 2020 17:14:43 +0000 (+0100)
Subject: Only look for configuration in dedicated awstats directories
X-Git-Tag: AWSTATS_7_9~9^2~2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F196%2Fhead;p=thirdparty%2FAWStats.git

Only look for configuration in dedicated awstats directories

Fixes #195/CVE-2020-35176
---

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index e709b7f5..8341c0a5 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -1711,13 +1711,13 @@ sub Read_Config {
 	# Check config file in common possible directories :
 	# Windows :                   				"$DIR" (same dir than awstats.pl)
 	# Standard, Mandrake and Debian package :	"/etc/awstats"
-	# Other possible directories :				"/usr/local/etc/awstats", "/etc"
+	# Other possible directories :				"/usr/local/etc/awstats",
 	# FHS standard, Suse package : 				"/etc/opt/awstats"
 	my $configdir         = shift;
 	my @PossibleConfigDir = (
 			"$DIR",
 			"/etc/awstats",
-			"/usr/local/etc/awstats", "/etc",
+			"/usr/local/etc/awstats",
 			"/etc/opt/awstats"
 		);