--- webalizer.c.orig	Tue Oct 17 00:15:53 2000
+++ webalizer.c	Sat Oct 20 19:03:39 2001
@@ -101,9 +101,9 @@
 /*********************************************/
 
 char    *version     = "2.01";                /* program version          */
-char    *editlvl     = "06";                  /* edit level               */
-char    *moddate     = "17-Oct-2000";         /* modification date        */
-char    *copyright   = "Copyright 1997-2000 by Bradford L. Barrett";
+char    *editlvl     = "08";                  /* edit level               */
+char    *moddate     = "20-Oct-2001";         /* modification date        */
+char    *copyright   = "Copyright 1997-2001 by Bradford L. Barrett";
 
 int     verbose      = 2;                     /* 2=verbose,1=err, 0=none  */ 
 int     debug_mode   = 0;                     /* debug mode flag          */
@@ -724,18 +724,23 @@
             lptr=lptr->next;
          }
 
+         /* unescape referrer */
+         unescape(log_rec.refer);
+
          /* fix referrer field */
          cp1 = log_rec.refer;
          cp3 = cp2 = cp1++;
          if ( (*cp2 != '\0') && (*cp2 == '"') )
          {
-            while ( *cp1 != '\0' ) { cp3 = cp2; *cp2++ = *cp1++; }
+            while ( *cp1 != '\0' )
+            {
+               cp3=cp2;
+               if (*cp1<32 || *cp1>=127 || *cp1=='<') *cp1=0;
+               else *cp2++=*cp1++;
+            }
             *cp3 = '\0';
          }
 
-         /* unescape referrer */
-         unescape(log_rec.refer);
-
          /* strip query portion of cgi referrals */
          cp1 = log_rec.refer;
          if (*cp1 != '\0')
@@ -995,8 +1000,9 @@
          cp1 = log_rec.hostname;
          while (*cp1 != '\0')
          {
-            if ( (*cp1>='A') && (*cp1<='Z')) *cp1 += 'a'-'A';
-            cp1++;
+            if ( (*cp1>='A') && (*cp1<='Z') ) *cp1 += 'a'-'A';
+            if ( (isalnum(*cp1))||(*cp1=='.')||(*cp1=='-') ) cp1++;
+            else *cp1='\0';
          }
 
          /* Ignore/Include check */