[Pkg-awstats-commits] [SCM] awstats Debian packaging branch, master, updated. debian/6.9.5.dfsg-4-6-gfb1436b
Sergey B Kirpichev
skirpichev at gmail.com
Tue Dec 14 23:21:59 UTC 2010
The following commit has been merged in the master branch:
commit fb1436bc846ff40ab84e981ac07632cd1f0a4f95
Author: Sergey B Kirpichev <skirpichev at gmail.com>
Date: Wed Dec 15 02:19:23 2010 +0300
Sanitize configdir to disable usage of external path in cgi mode (upstream patch)
diff --git a/debian/patches/1002_disable_configdir.patch b/debian/patches/1002_disable_configdir.patch
index 71f0974..d2ce463 100644
--- a/debian/patches/1002_disable_configdir.patch
+++ b/debian/patches/1002_disable_configdir.patch
@@ -52,3 +52,21 @@ Bug-Debian: http://bugs.debian.org/606263
}
# Open config file
+@@ -9545,6 +9546,8 @@
+ }
+ if ( $QueryString =~ /configdir=([^&]+)/i ) {
+ $DirConfig = &Sanitize("$1");
++ $DirConfig =~ s/\\{2,}/\\/g; # This is to clean Remote URL
++ $DirConfig =~ s/\/{2,}/\//g; # This is to clean Remote URL
+ }
+
+ # All filters
+@@ -9630,6 +9633,8 @@
+ }
+ if ( $QueryString =~ /configdir=([^&]+)/i ) {
+ $DirConfig = &Sanitize("$1");
++ $DirConfig =~ s/\\{2,}/\\/g; # This is to clean Remote URL
++ $DirConfig =~ s/\/{2,}/\//g; # This is to clean Remote URL
+ }
+
+ # All filters
--
awstats Debian packaging
More information about the Pkg-awstats-commits
mailing list