diff options
Diffstat (limited to 'network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch')
-rw-r--r-- | network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch b/network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch new file mode 100644 index 0000000000..b899ab5b19 --- /dev/null +++ b/network/awstats/patches/0001-Fix-to-window.opener-vulnerability-in-external-refer.patch @@ -0,0 +1,36 @@ +From b421096d5596f1c6ade078fa0b1103deefc3a5ed Mon Sep 17 00:00:00 2001 +From: qssam <Sam.Webb@quiet-storm.net> +Date: Tue, 7 Feb 2017 16:49:10 +0000 +Subject: [PATCH] Fix to window.opener vulnerability in external referral site + links + +Reference: https://mathiasbynens.github.io/rel-noopener/ +--- + wwwroot/cgi-bin/awstats.pl | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl +index 75f0ed95..8bde5c03 100755 +--- a/wwwroot/cgi-bin/awstats.pl ++++ b/wwwroot/cgi-bin/awstats.pl +@@ -8892,7 +8892,7 @@ sub HTMLShowURLInfo { + { # URL seems to be extracted from a proxy log file + print "<a href=\"" + . XMLEncode("$newkey") +- . "\" target=\"url\" rel=\"nofollow\">" ++ . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">" + . XMLEncode($nompage) . "</a>"; + } + elsif ( $newkey =~ /^\// ) +@@ -8907,7 +8907,7 @@ sub HTMLShowURLInfo { + } + print "<a href=\"" + . XMLEncode("$urlprot://$SiteDomain$newkey") +- . "\" target=\"url\" rel=\"nofollow\">" ++ . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">" + . XMLEncode($nompage) . "</a>"; + } + else { +-- +2.15.1 + |