From b421096d5596f1c6ade078fa0b1103deefc3a5ed Mon Sep 17 00:00:00 2001
From: qssam <Sam.Webb@quiet-storm.net>
Date: Tue, 7 Feb 2017 16:49:10 +0000
Subject: [PATCH] Fix to window.opener vulnerability in external referral site
 links

Reference: https://mathiasbynens.github.io/rel-noopener/
---
 wwwroot/cgi-bin/awstats.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 75f0ed95..8bde5c03 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -8892,7 +8892,7 @@ sub HTMLShowURLInfo {
 			{    # URL seems to be extracted from a proxy log file
 				print "<a href=\""
 				  . XMLEncode("$newkey")
-				  . "\" target=\"url\" rel=\"nofollow\">"
+				  . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
 				  . XMLEncode($nompage) . "</a>";
 			}
 			elsif ( $newkey =~ /^\// )
@@ -8907,7 +8907,7 @@ sub HTMLShowURLInfo {
 				}
 				print "<a href=\""
 				  . XMLEncode("$urlprot://$SiteDomain$newkey")
-				  . "\" target=\"url\" rel=\"nofollow\">"
+				  . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
 				  . XMLEncode($nompage) . "</a>";
 			}
 			else {
-- 
2.15.1