A security patch for XFSections module is available

Date 2006/3/20 8:50:11 | Topic: Modules


The security hole was found in XFSection module.
V1.11 was released.
I recommend you to upgrade.

Here is XFsection 1.11

In this security hole, the cause is that GET variable are unfolding automatically.
I corrected all codes similar to this.

foreach ($HTTP_GET_VARS as $k => $v)
{    ${
$k} = $v;    }

* The contents of change
There are bug fix altogether.
No additional functional.

delete code "foreach ($HTTP_GET_VARS as $k => $v)"

2.corresponding to PHP5
(1) Fatal error: Cannot re-assign $this in include/functions.php
(2) Fatal error: Cannot redeclare class wfsfiles
(3) register_long_arrays = Off
replae $HTTP_*_VARS

3.page number is displayed too many

* changed files
Since I changed many files, it may be degraded.

This article comes from XOOPS Web Application System

The URL for this story is: