All CakePHP users,
A kind soul informed us that the Not Found error page can be exploited via inserting _javascript_ code in the address bar. This release provides a fix for this vulnerability. This release also includes some other improvements to the bake script and prepares for the day when the controller object is not available in the view. Cakebaker mentioned the addition of the session helper. It is recommended that everyone upgrade and change all references to $this->controller->Session in the view to the new helper, $session.
While not every bug in trac has been fixed, several others were, so check out the change log to see what was done.
Download: http://cakeforge.org/frs/?group_id=23&release_id=124
Change Log: http://cakeforge.org/frs/shownotes.php?release_id=124
Happy Baking,
CakePHP development team
--
/**
* @author Larry E. Masters
* @var string $userName
* @param string $realName
* @returns string aka PhpNut
* @access public
*/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
- IMPORTANT CakePHP Security Fix Larry E. Masters aka PhpNut
- Re: IMPORTANT CakePHP Security Fix Albert Siersema
- Re: IMPORTANT CakePHP Security Fix nate
- Re: IMPORTANT CakePHP Security Fi... someguy
- Re: IMPORTANT CakePHP Securit... calzone
- Re: IMPORTANT CakePHP Se... Larry E. Masters aka PhpNut
- Re: IMPORTANT CakePH... calzone
- Re: IMPORTANT Ca... nate
- Re: IMPORTANT Ca... calzone
- Re: IMPORTANT Ca... nate
- Re: IMPORTANT Ca... calzone
