diff -up awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize awstats-7.1/wwwroot/cgi-bin/awredir.pl

--- awstats-7.1/wwwroot/cgi-bin/awredir.pl.sanitize	2012-02-15 15:19:22.000000000 +0100

+++ awstats-7.1/wwwroot/cgi-bin/awredir.pl	2013-01-04 10:31:33.303448288 +0100

@@ -21,6 +21,8 @@

 #use DBD::mysql;

 use Digest::MD5 qw(md5 md5_hex md5_base64);

+use HTML::Entities;

+use URI::Escape;

 #-------------------------------------------------------

@@ -193,14 +195,17 @@ if ($TRACEBASE == 1) {

 	if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {

 		if ($DEBUG == 1) { print LOGFILE "Execution requete Update sur BASE=$BASE, USER=$USER, PASS=$PASS\n"; }

 		my $dbh = DBI->connect("DBI:mysql:$BASE", $USER, $PASS) || die "Can't connect to DBI:mysql:$BASE: $dbh->errstr\n";

-		my $sth = $dbh->prepare("UPDATE T_LINKS set HITS_LINKS = HIT_LINKS+1 where URL_LINKS = '$Url'");

-		$sth->execute || error("Error: Unable execute query:$dbh->err, $dbh->errstr");

+		my $sth = $dbh->prepare("UPDATE T_LINKS set HITS_LINKS = HIT_LINKS+1 where URL_LINKS = ?");

+		$sth->execute($Url) || error("Error: Unable execute query:$dbh->err, $dbh->errstr");

 		$sth->finish;

 		$dbh->disconnect;

 		if ($DEBUG == 1) { print LOGFILE "Execution requete Update - OK\n"; }

 	}

 }

+$Url=uri_escape($Url, "^A-Za-z0-9\-\._~/:");

+$Tag=uri_escape($Tag);

+

 if ($TRACEFILE == 1) {

 	if ($ENV{REMOTE_ADDR} !~ /$EXCLUDEIP/) {

 		open(FICHIER,">>$TXTDIR/$TXTFILE") || error("Error: Enable to open trace file $TXTDIR/$TXTFILE: $!");