Merge branch '0.9.37'

Conflicts: Changelog php_suhosin.h
author: Ben Fuhrmannek 2014-12-15 18:24:49 +0100
committer: Ben Fuhrmannek 2014-12-15 18:24:49 +0100
commit: 59dab711ba444a16fc5f7114d628749e1818e303 (patch)
tree: 7acd8ba54a0fc2c0d490d330d20b35f1d7c2c08d
parent: 61e49e7a4f172f9acfaf53a28d7b34a803360f63 (diff)
parent: 81a16673650967db321d9aa6b61bd4d2f91ae0cf (diff)
3 files changed, 10 insertions, 3 deletions
diff --git a/Changelog b/Changelog
index c426c15..7f9dfda 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,9 @@
 2014-xx-xx - 0.9.38-dev
+2014-12-12 - 0.9.37.1
+    - Changed version string to 0.9.37.1 (without -dev)
+    - Relaxed array index blacklist (removed '-') due to wordpress incompatibility
 2014-12-03 - 0.9.37
    - Added SQL injection protection for Mysqli and several test cases
diff --git a/suhosin.c b/suhosin.c
index 8ce279d..5b24789 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -824,7 +824,7 @@ PHP_INI_BEGIN()
        STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
        STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
                STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
-                STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+-<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
+                STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
        STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
        STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
    
diff --git a/suhosin.ini b/suhosin.ini
index e739dff..d5a6b24 100644
--- a/suhosin.ini
+++ b/suhosin.ini
@@ -1210,11 +1210,14 @@
 ; suhosin.request.array_index_blacklist
 ; -------------------------------------
 ; * Type: String
-; * Default: "'\"+-<>;()"
+; * Default: "'\"+<>;()"
 ; 
 ; Defines a character blacklist for array indices not allowed in user input.
 ; 
-;suhosin.request.array_index_blacklist = "'\"+-<>;()"
+; Note: The default value also contained '-' in 0.9.37, which was removed in
+; 0.9.37.1 due to incompatibility issues.
+; 
+;suhosin.request.array_index_blacklist = "'\"+<>;()"
 ;
 ; suhosin.request.array_index_whitelist
author	Ben Fuhrmannek	2014-12-15 18:24:49 +0100
committer	Ben Fuhrmannek	2014-12-15 18:24:49 +0100
commit	59dab711ba444a16fc5f7114d628749e1818e303 (patch)
tree	7acd8ba54a0fc2c0d490d330d20b35f1d7c2c08d
parent	61e49e7a4f172f9acfaf53a28d7b34a803360f63 (diff)
parent	81a16673650967db321d9aa6b61bd4d2f91ae0cf (diff)