Set default array index blacklist to '"+-<>;()

1 files changed, 12 insertions, 3 deletions

diff --git a/suhosin.ini b/suhosin.ini
index 6887c09..f844b9e 100644
--- a/suhosin.ini
+++ b/suhosin.ini
@@ -338,6 +338,8 @@
 ; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
 ; specified, then the blacklist is evaluated.
 ; 
+; Note: This setting deactivates suhosin.executor.include.blacklist.
+; 
 ;suhosin.executor.include.whitelist = 
 ;
 
@@ -377,6 +379,8 @@
 ; whitelist is empty the blacklist is evaluated, otherwise calling a function not
 ; in the whitelist will terminate the script and get logged.
 ; 
+; Note: This setting deactivates suhosin.executor.func.blacklist.
+; 
 ;suhosin.executor.func.whitelist = 
 ;
 
@@ -402,6 +406,8 @@
 ; calling a function not in the whitelist will terminate the script and get
 ; logged. Please read the instructions carefully.
 ; 
+; Note: This setting deactivates suhosin.executor.eval.blacklist.
+; 
 ;suhosin.executor.eval.whitelist = 
 ;
 
@@ -901,6 +907,8 @@
 ; In case some cookies should not be encrypted this is a comma separated list of
 ; cookies that do not get encrypted. All other cookies will be encrypted.
 ; 
+; Note: This setting deactivates suhosin.cookie.cryptlist.
+; 
 ;suhosin.cookie.plainlist = 
 ;
 
@@ -1197,12 +1205,11 @@
 ; suhosin.request.array_index_blacklist
 ; -------------------------------------
 ; * Type: String
-; * Default:
-; * Example: ";-+"
+; * Default: "'\"+-<>;()"
 ; 
 ; Defines a character blacklist for array indices not allowed in user input.
 ; 
-;suhosin.request.array_index_blacklist = 
+;suhosin.request.array_index_blacklist = "'\"+-<>;()"
 ;
 
 ; suhosin.request.array_index_whitelist
@@ -1213,6 +1220,8 @@
 ; 
 ; Defines a character whitelist for array indices allowed in user input.
 ; 
+; Note: This setting deactivates suhosin.request.array_index_blacklist.
+; 
 ;suhosin.request.array_index_whitelist = 
 ;