1 files changed, 20 insertions, 0 deletions

diff --git a/net-www/awstats/files/awstats-6.3-CAN-2005-0016.diff b/net-www/awstats/files/awstats-6.3-CAN-2005-0016.diff
new file mode 100644
index 000000000000..9d00f6beb342
--- /dev/null
+++ b/net-www/awstats/files/awstats-6.3-CAN-2005-0016.diff
@@ -0,0 +1,20 @@
+--- awstats-6.3.orig/wwwroot/cgi-bin/awstats.pl	2005-01-22 11:34:38.000000000 -0500
++++ awstats-6.3/wwwroot/cgi-bin/awstats.pl	2005-02-12 16:48:13.446660569 -0500
+@@ -5368,7 +5368,7 @@
+ 	# No update but report by default when run from a browser
+ 	$UpdateStats=($QueryString=~/update=1/i?1:0);
+ 
+-	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&DecodeEncodedString("$1"); }
++	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
+ 	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }
+ 	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1")); }
+ 	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
+@@ -5416,7 +5416,7 @@
+ 	# Update with no report by default when run from command line
+ 	$UpdateStats=1;
+ 
+-	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig="$1"; }
++	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize("$1"); }
+ 	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }
+ 	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1"); }
+ 	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }