--- awstats-6.3.orig/wwwroot/cgi-bin/awstats.pl	2005-01-22 11:34:38.000000000 -0500
+++ awstats-6.3/wwwroot/cgi-bin/awstats.pl	2005-02-12 16:48:13.446660569 -0500
@@ -5368,7 +5368,7 @@
 	# No update but report by default when run from a browser
 	$UpdateStats=($QueryString=~/update=1/i?1:0);
 
-	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&DecodeEncodedString("$1"); }
+	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
 	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }
 	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1")); }
 	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
@@ -5416,7 +5416,7 @@
 	# Update with no report by default when run from command line
 	$UpdateStats=1;
 
-	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig="$1"; }
+	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize("$1"); }
 	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }
 	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1"); }
 	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }