Important
The security hole was found in XFSection module.
V1.11 was released.
I recommend you to upgrade.
Here is XFsection 1.11
In this security hole, the cause is that GET variable are unfolding automatically.
I corrected all codes similar to this.
foreach ($HTTP_GET_VARS as $k => $v)
{ ${$k} = $v; }
* The contents of change
There are bug fix altogether.
No additional functional.
1.Security
delete code "foreach ($HTTP_GET_VARS as $k => $v)"
2.corresponding to PHP5
(1) Fatal error: Cannot re-assign $this in include/functions.php
(2) Fatal error: Cannot redeclare class wfsfiles
(3) register_long_arrays = Off
replae $HTTP_*_VARS
3.page number is displayed too many
* changed files
Since I changed many files, it may be degraded.
|
