Page 1 of 1

Critical Vulnerability: Xataface <= 1.2.5

PostPosted: Sat Jul 02, 2011 3:44 am
by shannah
A critical vulnerability affecting Xataface version 1.2.5 and earlier versions has been identified. If you are using any of these versions you must patch the Dataface/Application.php file as follows:

Replace the line:
Code: Select all
$this->rawQuery = $query;


with
Code: Select all
if ( isset($query['-action']) ){
    $query['-action'] = basename($query['-action']);
}
if ( isset($query['-table']) ){
    $query['-table'] = basename($query['-table']);
}
$this->rawQuery = $query;


This bug does not affect versions 1.2.6 or higher.