[awstats/f15] fix CRLF Injection flaw (#740926)

[Petr Lautrbach]

commit 157fd89687902a41ff3f43b7a5052de08d5618f0
Author: Petr Lautrbach <plautrba at redhat.com>
Date:   Fri Oct 7 13:32:45 2011 +0200

    fix CRLF Injection flaw (#740926)

 awstats-awredir.pl-sanitize-parameters.patch |   15 ++++++++-------
 1 files changed, 8 insertions(+), 7 deletions(-)
---
diff --git a/awstats-awredir.pl-sanitize-parameters.patch b/awstats-awredir.pl-sanitize-parameters.patch
index 49c8f71..1615e9b 100644
--- a/awstats-awredir.pl-sanitize-parameters.patch
+++ b/awstats-awredir.pl-sanitize-parameters.patch
@@ -1,5 +1,5 @@
 diff --git a/wwwroot/cgi-bin/awredir.pl b/wwwroot/cgi-bin/awredir.pl
-index 35ee82d..3feeb83 100755
+index 35ee82d..f1e4cd2 100755
 --- a/wwwroot/cgi-bin/awredir.pl
 +++ b/wwwroot/cgi-bin/awredir.pl
 @@ -8,6 +8,8 @@
@@ -46,7 +46,7 @@ index 35ee82d..3feeb83 100755
  
  # Get date
  ($nowsec,$nowmin,$nowhour,$nowday,$nowmonth,$nowyear,$nowwday,$nowyday,$nowisdst) = localtime(time);
-@@ -151,8 +154,8 @@ if ($TRACEBASE == 1) {
+@@ -151,14 +154,17 @@ if ($TRACEBASE == 1) {
  	if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
  		if ($DEBUG == 1) { print LOGFILE "Execution requete Update sur BASE=$BASE, USER=$USER, PASS=$PASS\n"; }
  		my $dbh = DBI->connect("DBI:mysql:$BASE", $USER, $PASS) || die "Can't connect to DBI:mysql:$BASE: $dbh->errstr\n";
@@ -57,11 +57,12 @@ index 35ee82d..3feeb83 100755
  		$sth->finish;
  		$dbh->disconnect;
  		if ($DEBUG == 1) { print LOGFILE "Execution requete Update - OK\n"; }
-@@ -167,6 +170,7 @@ if ($TRACEFILE == 1) {
  	}
  }
  
-+$Url=uri_escape($Url);
- # Redir html instructions
- print "Location: $Url\n\n";
- 
++$Url=uri_escape($Url, "^A-Za-z0-9\-\._~/:");
++$Tag=uri_escape($Tag);
++
+ if ($TRACEFILE == 1) {
+ 	if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {
+ 		open(FICHIER,">>$TXTDIR/$TXTFILE") || error("Error: Enable to open trace file $TXTDIR/$TXTFILE: $!");