For immediate release - April 28, 2006 - Cartweaver 2.17.11 update released -
This free incremental update is released to address a potential issue with erroneous values passed to a query in a URL variable. Cartweaver 2 CF has always used Custom Error handling to present benign error messages to the user should erroneous query string data be passed to a CFQuery. However, there is the potential of a developer/user disabling the custom error feature in order to see the complete CF Error information during the development and set up of a Cartweaver based site, and then mistakenly publishing the site to the live server with Enable Error Handling still disabled. Due to ColdFusion's elegant method of handling query string data, no real threat was present to the data stored in the database and due to the fact that Cartweaver does not store sensitive credit data, there was no chance of any customer financial data being compromised. However the error messages presented by ColdFusion in this sort of a query failure could reveal application data that may not be intended to be visible to the public - such as database table and field names. This update to Cartweaver corrects this issue by scrubbing the erroneous or mis-formatted query string values and presenting the user with either valid search results or a "no product found" style message for product details. To avoid the potential of problems with erroneous or malicious query strings we recommend Cartweaver users apply this update to their sites. If an update is not possible we encourage users to make sure that the default Error Handling is turned on. This update release is part of our on-going efforts to make Cartweaver the best choice in ecommerce solutions. If you have any questions, please fill out our contact form at: http://www.cartweaver.com/contact/ Thank you. Cartweaver Development Team. www.cartweaver.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239086 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
