1 files changed, 36 insertions, 0 deletions

diff --git a/network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch b/network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch
new file mode 100644
index 0000000000..b899ab5b19
--- /dev/null
+++ b/network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch
@@ -0,0 +1,36 @@
+From b421096d5596f1c6ade078fa0b1103deefc3a5ed Mon Sep 17 00:00:00 2001
+From: qssam <Sam.Webb@quiet-storm.net>
+Date: Tue, 7 Feb 2017 16:49:10 +0000
+Subject: [PATCH] Fix to window.opener vulnerability in external referral site
+ links
+
+Reference: https://mathiasbynens.github.io/rel-noopener/
+---
+ wwwroot/cgi-bin/awstats.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
+index 75f0ed95..8bde5c03 100755
+--- a/wwwroot/cgi-bin/awstats.pl
++++ b/wwwroot/cgi-bin/awstats.pl
+@@ -8892,7 +8892,7 @@ sub HTMLShowURLInfo {
+ 			{    # URL seems to be extracted from a proxy log file
+ 				print "<a href=\""
+ 				  . XMLEncode("$newkey")
+-				  . "\" target=\"url\" rel=\"nofollow\">"
++				  . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
+ 				  . XMLEncode($nompage) . "</a>";
+ 			}
+ 			elsif ( $newkey =~ /^\// )
+@@ -8907,7 +8907,7 @@ sub HTMLShowURLInfo {
+ 				}
+ 				print "<a href=\""
+ 				  . XMLEncode("$urlprot://$SiteDomain$newkey")
+-				  . "\" target=\"url\" rel=\"nofollow\">"
++				  . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
+ 				  . XMLEncode($nompage) . "</a>";
+ 			}
+ 			else {
+-- 
+2.15.1
+