Xataface 1.2.5 has been released. It includes a number of minor bug fixes and security updates. It is recommended for all users of 1.2.x.
You can download it from Sourceforge:
https://sourceforge.net/projects/dataface/files/
Change log:
-Fixed metadata not being updated when saving related record. Thanks to fantomasdm.
-Fixed notice at line 62 of delete_file action that caused a notice when deleting an attachment from a table where there is no mimetype field associated with the container
-Fixed XSS scripting vulnerability in search and full-path disclosure
-Fixed warning about undefined variable on line 2046 of Table.php
-Added logger class to log notices and error messages
-Fixed PermissionsTool delegate to only contain the filterPermissions(&, &) method. This can be used to filter the permissions on a temporary basis. In particular it is usedby the register action right now to convert the register permission to the new permission.
-Added ajax_record_details, before_ajax_record_details, and after_ajax_record_details slots to the Dataface_AjaxRecordDetails.html template
-Added val() method as shortcut to getValue()
-Fixed php notice if filter is not set
-Fixed issue with blank queries being kept in the query.
-Added {filters} tag to templates to show result filters
-Fixed broken tags in registration template introduced by last commit
-Added heading to registration form and slot to override this header: registration_form_label
-Added Dataface_Registration.label string which is used for heading of the registration form
-Fixed register action to use the register permission instead of the new permission.
-Added support for a permissions tool delegate if you need to slightly modify how permissions are handled temporarily
-Added support for before_authenticate trigger in application delegate class
-Added support for startSession method in application delegate class
-Fixed 'Notice: Undefined variable: HTTP_SESSION_VARS' on line 78 of config.inc.php