Index: awstats-6.5/wwwroot/cgi-bin/awstats.pl =================================================================== --- awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl +++ awstats-6.5/wwwroot/cgi-bin/awstats.pl @@ -1131,7 +1131,7 @@ sub Read_Config { my $configdir=shift; my @PossibleConfigDir=(); - if ($configdir) { @PossibleConfigDir=("$configdir"); } + if ($configdir && $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) { @PossibleConfigDir=("$configdir"); } else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); } # Open config file @@ -5534,7 +5534,7 @@ if ($ENV{'GATEWAY_INTERFACE'}) { # Run f $QueryString =~ s/&/&/g; } - $QueryString = CleanFromCSSA($QueryString); + $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString)); # Security test if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); } @@ -5542,7 +5542,7 @@ if ($ENV{'GATEWAY_INTERFACE'}) { # Run f # No update but report by default when run from a browser $UpdateStats=($QueryString=~/update=1/i?1:0); - if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); } + if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); } if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); } if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } @@ -5561,7 +5561,7 @@ if ($ENV{'GATEWAY_INTERFACE'}) { # Run f # If migrate if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) { - $MigrateStats=&DecodeEncodedString("$2"); + $MigrateStats=&Sanitize(&DecodeEncodedString("$2")); $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file } @@ -5591,7 +5591,7 @@ else { # Run from command line # Update with no report by default when run from command line $UpdateStats=1; - if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig="$1"; } + if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); } if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } Index: awstats-6.5/tools/awstats_buildstaticpages.pl =================================================================== --- awstats-6.5.orig/tools/awstats_buildstaticpages.pl +++ awstats-6.5/tools/awstats_buildstaticpages.pl @@ -75,7 +75,7 @@ $nowsec $nowmin $nowhour $nowday $nowmon # Return: None #------------------------------------------------------------------------------ sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } @@ -95,7 +95,7 @@ sub warning { # print "$messagestring
\n"; # } # else { - print "$messagestring\n"; + print STDERR "$messagestring\n"; # } # } } Index: awstats-6.5/tools/awstats_configure.pl =================================================================== --- awstats-6.5.orig/tools/awstats_configure.pl +++ awstats-6.5/tools/awstats_configure.pl @@ -87,7 +87,7 @@ $Step=0; # error #------------------------------------------------------- sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } Index: awstats-6.5/tools/awstats_exportlib.pl =================================================================== --- awstats-6.5.orig/tools/awstats_exportlib.pl +++ awstats-6.5/tools/awstats_exportlib.pl @@ -93,8 +93,8 @@ sub error { my $thirdmessage=shift||""; my $donotshowsetupinfo=shift||0; if ($Debug) { debug("$message $secondmessage $thirdmessage",1); } - print "$message"; - print "\n"; + print STDERR "$message"; + print STDERR "\n"; exit 1; } Index: awstats-6.5/tools/awstats_updateall.pl =================================================================== --- awstats-6.5.orig/tools/awstats_updateall.pl +++ awstats-6.5/tools/awstats_updateall.pl @@ -36,7 +36,7 @@ my $AwstatsProg=''; # Return: None #------------------------------------------------------------------------------ sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } Index: awstats-6.5/tools/logresolvemerge.pl =================================================================== --- awstats-6.5.orig/tools/logresolvemerge.pl +++ awstats-6.5/tools/logresolvemerge.pl @@ -104,7 +104,7 @@ my $bzcat_file = '\.bz2$'; # Return: None #------------------------------------------------------------------------------ sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; } @@ -133,7 +133,7 @@ sub debug { sub warning { my $messagestring=shift; if ($Debug) { debug("$messagestring",1); } - print "$messagestring\n"; + print STDERR "$messagestring\n"; } #----------------------------------------------------------------------------- Index: awstats-6.5/tools/maillogconvert.pl =================================================================== --- awstats-6.5.orig/tools/maillogconvert.pl +++ awstats-6.5/tools/maillogconvert.pl @@ -56,7 +56,7 @@ $MailType=''; # Mail server family (p #------------------------------------------------------- sub error { - print "Error: $_[0].\n"; + print STDERR "Error: $_[0].\n"; exit 1; }