There was an security exploit brought to my attention today. I have fixed this exploit in the trunk and branched versions. Please replace the app/webroot/js/vendors.php with this file.
https://trac.cakephp.org/browser/trunk/cake/1.x.x.x/app/webroot/js/vendors.php?format=txt
This exploit is important to correct since it would allow reading files outside of the vendors/_javascript_ directory when magic_quotes_gpc = Off.
Thank you,
--
/**
* @author Larry E. Masters
* @var string $userName
* @param string $realName
* @returns string aka PhpNut
* @access public
*/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
- Security Exploit. Larry E. Masters aka PhpNut
- Re: Security Exploit. Felix Geisendörfer
- Re: Security Exploit. [EMAIL PROTECTED]
- Re: Security Exploit. [EMAIL PROTECTED]
- Re: Security Exploit. John David Anderson (_psychic_)
- Re: Security Exploit. Larry E. Masters aka PhpNut
- Re: Security Exploit. Felix Geisendörfer
