prep for 0.9.37.10.9.37.1 0.9.37

author: Ben Fuhrmannek 2014-12-12 15:46:19 +0100
committer: Ben Fuhrmannek 2014-12-12 15:46:19 +0100
commit: 81a16673650967db321d9aa6b61bd4d2f91ae0cf (patch)
tree: c05b4f7b35423c6be90b26859118473ca31da3d2
parent: 275a7053ac8fe5610089109822cf8f918b763203 (diff)
4 files changed, 11 insertions, 4 deletions
diff --git a/Changelog b/Changelog
index 6cd25c8..4ccb5b9 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,7 @@
+2014-12-12 - 0.9.37.1
+    - Changed version string to 0.9.37.1 (without -dev)
+    - Relaxed array index blacklist (removed '-') due to wordpress incompatibility
 2014-12-03 - 0.9.37
    - Added SQL injection protection for Mysqli and several test cases
diff --git a/php_suhosin.h b/php_suhosin.h
index 5987345..80c7675 100644
--- a/php_suhosin.h
+++ b/php_suhosin.h
@@ -22,7 +22,7 @@
 #ifndef PHP_SUHOSIN_H
 #define PHP_SUHOSIN_H
-#define SUHOSIN_EXT_VERSION  "0.9.37"
+#define SUHOSIN_EXT_VERSION  "0.9.37.1"
 /*#define SUHOSIN_DEBUG*/
 #define SUHOSIN_LOG "/tmp/suhosin_log.txt"
diff --git a/suhosin.c b/suhosin.c
index 8ce279d..5b24789 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -824,7 +824,7 @@ PHP_INI_BEGIN()
        STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
        STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
                STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
-                STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+-<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
+                STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
        STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
        STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
    
diff --git a/suhosin.ini b/suhosin.ini
index e739dff..d5a6b24 100644
--- a/suhosin.ini
+++ b/suhosin.ini
@@ -1210,11 +1210,14 @@
 ; suhosin.request.array_index_blacklist
 ; -------------------------------------
 ; * Type: String
-; * Default: "'\"+-<>;()"
+; * Default: "'\"+<>;()"
 ; 
 ; Defines a character blacklist for array indices not allowed in user input.
 ; 
-;suhosin.request.array_index_blacklist = "'\"+-<>;()"
+; Note: The default value also contained '-' in 0.9.37, which was removed in
+; 0.9.37.1 due to incompatibility issues.
+; 
+;suhosin.request.array_index_blacklist = "'\"+<>;()"
 ;
 ; suhosin.request.array_index_whitelist
author	Ben Fuhrmannek	2014-12-12 15:46:19 +0100
committer	Ben Fuhrmannek	2014-12-12 15:46:19 +0100
commit	81a16673650967db321d9aa6b61bd4d2f91ae0cf (patch)
tree	c05b4f7b35423c6be90b26859118473ca31da3d2
parent	275a7053ac8fe5610089109822cf8f918b763203 (diff)