Critical Vulnerability: Xataface <= 1.2.5

Archived from the Xataface News forum.

shannah — Sat Jul 02, 2011 3:44 am

A critical vulnerability affecting Xataface version 1.2.5 and earlier versions has been identified. If you are using any of these versions you must patch the Dataface/Application.php file as follows:

Replace the line:

Code: Select all

$this->rawQuery = $query;

with

Code: Select all

if ( isset($query['-action']) ){     $query['-action'] = basename($query['-action']); } if ( isset($query['-table']) ){     $query['-table'] = basename($query['-table']); } $this->rawQuery = $query;

This bug does not affect versions 1.2.6 or higher.