Critical Vulnerability: Xataface <= 1.2.5

by **shannah** » Sat Jul 02, 2011 3:44 am

A critical vulnerability affecting Xataface version 1.2.5 and earlier versions has been identified. If you are using any of these versions you must patch the Dataface/Application.php file as follows:

Replace the line:

Code: Select all: $this->rawQuery = $query;

with

Code: Select all: if ( isset($query['-action']) ){ $query['-action'] = basename($query['-action']); } if ( isset($query['-table']) ){ $query['-table'] = basename($query['-table']); } $this->rawQuery = $query;

This bug does not affect versions 1.2.6 or higher.

Critical Vulnerability: Xataface <= 1.2.5

Critical Vulnerability: Xataface <= 1.2.5

Who is online