[Pkg-awstats-devel] Bug#435028: Confirmed on recent version of awstats

[Guillaume Delacour]

tags 435028 + confirmed
forwarded 435028
https://sourceforge.net/tracker/?func=detail&aid=2769526&group_id=13764&atid=113764
thanks

For version 6.7 (from current Lenny but last upstream version 6.9 too),
the workaround is quite the same, comment the line 5589 to not parse
xss pattern when invoked in cli:

$QueryString = CleanXSS($QueryString);

It is possible, as another workaround, to use "gzip -cd <logfile>"
instead of "gzip -d < <logfile>" to not be cleaned by the CleanXSS
function:

# /usr/lib/cgi-bin/awstats.pl -LogFile="gzip
-cd /var/log/apache2/www.xxxxx-access.log.2.gz|" -config=xxxxx
Create/Update database for config "/etc/awstats/awstats.xxxxx.conf"
by AWStats version 6.7 (build 1.892) 
From data in log file "gzip
-cd /var/log/apache2/www.xxxxx-access.log.2.gz|"... 
Phase 1 : First bypass old records, searching new record... 
Searching new records from beginning of log file... 
Phase 2 : Now process new records (Flush history on disk after 20000
hosts)... 
Jumped lines in file: 0 
Parsed lines in file: 1611 
Found 83 dropped records, 
Found 0 corrupted records, 
Found 0 old records, 
Found 1528 new qualified records.

I think it's a good idea (and i done it under id 2769526) to suggest
upstream to change his default config file to use a non-xss filtered
syntax or to adapt his code to not parse for xss pattern when invoked
by cli.

-- 

Guillaume Delacour
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-awstats-devel/attachments/20090417/da9023f4/attachment.pgp>