On 03/28/2013 09:54 AM, Vladislav Bogdanov wrote:
Patch for 0.6: http://ow.ly/jtQNd
Are previous versions affected?
Looking at my 0.4 installation, save_prefs is implemented absolutely differently, there are lists of prefs for each section, and they are cherry-picked from a what client sends.
0.4 is vulnerable too, you're looking in a wrong place. The issue is in steps/utils/save_pref.inc. We don't support such very old releases.