It is imperative that you make the following change ASAP! In fact, take PhpDig down until you hear the all clear, and change your passwords now. Make sure you have new passwords at once, and do not use PhpDig until you get the all clear. The problem can affect multiple versions of PhpDig.
In search.php find:
PHP Code:
extract(phpdigHttpVars(
array('query_string'=>'string',
'refine'=>'integer',
'refine_url'=>'string',
'site'=>'string', // set to integer later
'limite'=>'integer',
'option'=>'string',
'lim_start'=>'integer',
'browse'=>'integer',
'path'=>'string'
)
));
And replace with:
PHP Code:
extract(phpdigHttpVars(
array('query_string'=>'string',
'refine'=>'integer',
'refine_url'=>'string',
'site'=>'string', // set to integer later
'limite'=>'integer',
'option'=>'string',
'lim_start'=>'integer',
'browse'=>'integer',
'path'=>'string'
)
),EXTR_SKIP);
Also, make sure to watch this thread (http://www.phpdig.net/forum/showthread.php?t=1573) for the next couple of days, as more posts may be coming. In the meantime, it would be a good idea to find every extract in the code and add the EXTR_SKIP option to the end. PhpDig will not be available for download until this problem is fixed.
Argh..........