Modules: A security patch for XFSections module is available

Posted by: ohwadaon 2006/3/20 8:50:11 5995 reads Important

The security hole was found in XFSection module.
V1.11 was released.
I recommend you to upgrade.

Here is XFsection 1.11


In this security hole, the cause is that GET variable are unfolding automatically.
I corrected all codes similar to this.

foreach ($HTTP_GET_VARS as $k => $v)
{    ${
$k} = $v;    }


* The contents of change
There are bug fix altogether.
No additional functional.

1.Security
delete code "foreach ($HTTP_GET_VARS as $k => $v)"

2.corresponding to PHP5
(1) Fatal error: Cannot re-assign $this in include/functions.php
(2) Fatal error: Cannot redeclare class wfsfiles
(3) register_long_arrays = Off
replae $HTTP_*_VARS

3.page number is displayed too many

* changed files
Since I changed many files, it may be degraded.