Critical Vulnerability: Xataface <= 1.2.5
Posted: Sat Jul 02, 2011 3:44 am
A critical vulnerability affecting Xataface version 1.2.5 and earlier versions has been identified. If you are using any of these versions you must patch the Dataface/Application.php file as follows:
Replace the line:
with
This bug does not affect versions 1.2.6 or higher.
Replace the line:
- Code: Select all
$this->rawQuery = $query;
with
- Code: Select all
if ( isset($query['-action']) ){
$query['-action'] = basename($query['-action']);
}
if ( isset($query['-table']) ){
$query['-table'] = basename($query['-table']);
}
$this->rawQuery = $query;
This bug does not affect versions 1.2.6 or higher.