Fixes XSS in awstats.pl: CVE-2008-3714

Please, note that the upstream fix at r.1911 is incomplete and can be
easily curcumvented,
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080

Obtained from: Upstream, http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.925&r2=1.926
Debian, http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=33;filename=awstats-6.7.dfsg-5_6.7.dfsg-5.1.patch;att=1;bug=495432

See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
          

--- wwwroot/cgi-bin/awstats.pl.old	2009-01-04 13:50:42.000000000 +0800
+++ wwwroot/cgi-bin/awstats.pl	2009-01-04 13:52:43.000000000 +0800
@@ -7521,8 +7521,9 @@
 sub DecodeEncodedString {
 	my $stringtodecode = shift;
 	$stringtodecode =~ tr/\+/ /s;
-	$stringtodecode =~ s/%22//g;
 	$stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
+	$stringtodecode =~ s/["']//g;
+
 	return $stringtodecode;
 }
 
