diff -up awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize awstats-7.1/wwwroot/cgi-bin/awredir.pl
--- awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize 2012-02-15 15:19:22.000000000 +0100
+++ awstats-7.1/wwwroot/cgi-bin/awredir.pl 2013-01-04 10:31:33.303448288 +0100
@@ -21,6 +21,8 @@
#use DBD::mysql;
use Digest::MD5 qw(md5 md5_hex md5_base64);
+use HTML::Entities;
+use URI::Escape;
#-------------------------------------------------------
@@ -193,14 +195,17 @@ if ($TRACEBASE == 1) {
if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
if ($DEBUG == 1) { print LOGFILE "Execution requete Update sur BASE=$BASE, USER=$USER, PASS=$PASS\n"; }
my $dbh = DBI->connect("DBI:mysql:$BASE", $USER, $PASS) || die "Can't connect to DBI:mysql:$BASE: $dbh->errstr\n";
- my $sth = $dbh->prepare("UPDATE T_LINKS set HITS_LINKS = HIT_LINKS+1 where URL_LINKS = '$Url'");
- $sth->execute || error("Error: Unable execute query:$dbh->err, $dbh->errstr");
+ my $sth = $dbh->prepare("UPDATE T_LINKS set HITS_LINKS = HIT_LINKS+1 where URL_LINKS = ?");
+ $sth->execute($Url) || error("Error: Unable execute query:$dbh->err, $dbh->errstr");
$sth->finish;
$dbh->disconnect;
if ($DEBUG == 1) { print LOGFILE "Execution requete Update - OK\n"; }
}
}
+$Url=uri_escape($Url, "^A-Za-z0-9\-\._~/:");
+$Tag=uri_escape($Tag);
+
if ($TRACEFILE == 1) {
if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
open(FICHIER,">>$TXTDIR/$TXTFILE") || error("Error: Enable to open trace file $TXTDIR/$TXTFILE: $!");