Critical Vulnerability: Xataface <= 1.2.5

News about Xataface

Critical Vulnerability: Xataface <= 1.2.5

Postby shannah » Sat Jul 02, 2011 3:44 am

A critical vulnerability affecting Xataface version 1.2.5 and earlier versions has been identified. If you are using any of these versions you must patch the Dataface/Application.php file as follows:

Replace the line:
Code: Select all
$this->rawQuery = $query;


with
Code: Select all
if ( isset($query['-action']) ){
    $query['-action'] = basename($query['-action']);
}
if ( isset($query['-table']) ){
    $query['-table'] = basename($query['-table']);
}
$this->rawQuery = $query;


This bug does not affect versions 1.2.6 or higher.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Return to Xataface News

Who is online

Users browsing this forum: No registered users and 0 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved