3 XSS (http://secunia.com/advisories/31519/) fix. Not needed in 6.9.
5 --- wwwroot/cgi-bin/awstats.pl.orig 2008-08-20 14:17:04.000000000 -0700
6 +++ wwwroot/cgi-bin/awstats.pl
7 @@ -4380,6 +4380,7 @@ sub EncodeString {
8 sub DecodeEncodedString {
9 my $stringtodecode=shift;
10 $stringtodecode =~ tr/\+/ /s;
11 + $stringtodecode =~ s/%22//g;
12 $stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
13 return $stringtodecode;
15 @@ -4432,9 +4433,12 @@ sub Sanitize {
16 #------------------------------------------------------------------------------
18 my $stringtoclean=shift;
19 + # To avoid html tags and javascript
20 $stringtoclean =~ s/</</g;
21 $stringtoclean =~ s/>/>/g;
22 $stringtoclean =~ s/|//g;
24 + $stringtoclean =~ s/onload//g;
25 return $stringtoclean;