Page 1 of 1

Xataface Security Release 1.3rc5 (Critical Bugfix)

PostPosted: Wed Aug 03, 2011 1:00 pm
by shannah
Xataface 1.3rc5 was released today and is available for download on Sourceforge:
https://sourceforge.net/projects/datafa ... ce-1.3rc5/

It patches a critical security vulnerability.

(Note that the above bug report includes a number of issues. Only one of them was identified as a current vulnerability).

All installs of the 1.3.x branch should be updated to this version. If you are working off the trunk of the SVN repository, you should update to revision 2509 or later.

Fixes for Older Versions

Users of the 1.2.x branch should update to 1.2.7:
https://sourceforge.net/projects/datafa ... ace-1.2.7/

Users of the 1.1.x branch (PHP 4) should update to version 1.1.6
https://sourceforge.net/projects/datafa ... ace-1.1.6/


Patching Existing Releases

If you would rather just patch your existing release, the diff for this update is:
Code: Select all
Index: Dataface/Application.php
===================================================================
--- Dataface/Application.php   (revision 2508)
+++ Dataface/Application.php   (revision 2509)
@@ -590,9 +590,10 @@
      $prefix = $this->_conf['cookie_prefix'];
      //print_r($_COOKIE);
      if ( isset($_REQUEST['--lang']) ){
-      
+         $_REQUEST['--lang'] = basename($_REQUEST['--lang']);
         $this->_conf['lang'] = $_REQUEST['--lang'];
      } else if ( isset( $_REQUEST['-lang'] ) ){
+         $_REQUEST['-lang'] = basename($_REQUEST['-lang']);
         $this->_conf['lang'] = $_REQUEST['-lang'];
         if ( @$_COOKIE[$prefix.'lang'] !== $_REQUEST['-lang'] ){
            setcookie($prefix.'lang', $_REQUEST['-lang'], null, '/');
@@ -610,6 +611,7 @@
         setcookie($prefix.'lang', $this->_conf['lang'], null, '/');
      }
      
+      $this->_conf['lang'] = basename($this->_conf['lang']);
      
      
      // Set the mode (edit or view)
Index: Dataface/templates/Dataface_Main_Template.html
===================================================================
--- Dataface/templates/Dataface_Main_Template.html   (revision 2508)
+++ Dataface/templates/Dataface_Main_Template.html   (revision 2509)
@@ -18,7 +18,7 @@
  *-------------------------------------------------------------------------------
  *}{if !$ENV.APPLICATION_OBJECT->main_content_only}{define_slot name="doctype_tag"}<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
         "http://www.w3.org/TR/html4/strict.dtd">{/define_slot}
-{define_slot name="html_tag"}<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="{$ENV.language}" lang="{$ENV.language}">{/define_slot}
+{define_slot name="html_tag"}<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="{$ENV.language|escape}" lang="{$ENV.language|escape}">{/define_slot}

   <head>
   {if !$ENV.prefs.no_history}


Other Applications

Web Auction

Web Auction 0.3.7 was released today that includes the latest Xataface with this security patch. You can either update your entire web auction install, or simply update the "dataface" directory to the latest Xataface.
https://sourceforge.net/projects/webauc ... ion-0.3.7/

Librarian DB

Web Auction 0.3.1 was released today that includes the latest Xataface with this security patch. You can either update your entire Librarian DB install, or simply update the "dataface" directory to the latest Xataface.
https://sourceforge.net/projects/librar ... ndb-0.3.1/

Internet Media Manager

Internet Media Manager 0.3.1 was released today that includes the latest Xataface with this security patch. You can either update your entire Internet Media Manager install, or simply update the "dataface" directory to the latest Xataface.
https://sourceforge.net/projects/immgr/files/imm-0.3.1/

Re: Xataface Security Release 1.3rc5 (Critical Bugfix)

PostPosted: Wed Aug 03, 2011 2:04 pm
by ADobkin
FYI, I am getting an Access Denied error when trying to view the bug report URL provided in this announcement. I am able to log into the bug tracker but still cannot access this report.

Re: Xataface Security Release 1.3rc5 (Critical Bugfix)

PostPosted: Tue Aug 07, 2012 9:21 am
by shannah
That link doesn't look like it goes to the bug report... I can't seem to find the original report just now... I'll keep looking and post it when I find it.

-Steve