diff options
| -rw-r--r-- | Changelog | 4 | ||||
| -rw-r--r-- | php_suhosin.h | 2 | ||||
| -rw-r--r-- | suhosin.c | 2 | ||||
| -rw-r--r-- | suhosin.ini | 7 |
4 files changed, 11 insertions, 4 deletions
| @@ -1,3 +1,7 @@ | |||
| 1 | 2014-12-12 - 0.9.37.1 | ||
| 2 | - Changed version string to 0.9.37.1 (without -dev) | ||
| 3 | - Relaxed array index blacklist (removed '-') due to wordpress incompatibility | ||
| 4 | |||
| 1 | 2014-12-03 - 0.9.37 | 5 | 2014-12-03 - 0.9.37 |
| 2 | 6 | ||
| 3 | - Added SQL injection protection for Mysqli and several test cases | 7 | - Added SQL injection protection for Mysqli and several test cases |
diff --git a/php_suhosin.h b/php_suhosin.h index 5987345..80c7675 100644 --- a/php_suhosin.h +++ b/php_suhosin.h | |||
| @@ -22,7 +22,7 @@ | |||
| 22 | #ifndef PHP_SUHOSIN_H | 22 | #ifndef PHP_SUHOSIN_H |
| 23 | #define PHP_SUHOSIN_H | 23 | #define PHP_SUHOSIN_H |
| 24 | 24 | ||
| 25 | #define SUHOSIN_EXT_VERSION "0.9.37" | 25 | #define SUHOSIN_EXT_VERSION "0.9.37.1" |
| 26 | 26 | ||
| 27 | /*#define SUHOSIN_DEBUG*/ | 27 | /*#define SUHOSIN_DEBUG*/ |
| 28 | #define SUHOSIN_LOG "/tmp/suhosin_log.txt" | 28 | #define SUHOSIN_LOG "/tmp/suhosin_log.txt" |
| @@ -824,7 +824,7 @@ PHP_INI_BEGIN() | |||
| 824 | STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals) | 824 | STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals) |
| 825 | STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals) | 825 | STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals) |
| 826 | STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals) | 826 | STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals) |
| 827 | STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+-<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) | 827 | STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) |
| 828 | STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals) | 828 | STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals) |
| 829 | STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals) | 829 | STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals) |
| 830 | 830 | ||
diff --git a/suhosin.ini b/suhosin.ini index e739dff..d5a6b24 100644 --- a/suhosin.ini +++ b/suhosin.ini | |||
| @@ -1210,11 +1210,14 @@ | |||
| 1210 | ; suhosin.request.array_index_blacklist | 1210 | ; suhosin.request.array_index_blacklist |
| 1211 | ; ------------------------------------- | 1211 | ; ------------------------------------- |
| 1212 | ; * Type: String | 1212 | ; * Type: String |
| 1213 | ; * Default: "'\"+-<>;()" | 1213 | ; * Default: "'\"+<>;()" |
| 1214 | ; | 1214 | ; |
| 1215 | ; Defines a character blacklist for array indices not allowed in user input. | 1215 | ; Defines a character blacklist for array indices not allowed in user input. |
| 1216 | ; | 1216 | ; |
| 1217 | ;suhosin.request.array_index_blacklist = "'\"+-<>;()" | 1217 | ; Note: The default value also contained '-' in 0.9.37, which was removed in |
| 1218 | ; 0.9.37.1 due to incompatibility issues. | ||
| 1219 | ; | ||
| 1220 | ;suhosin.request.array_index_blacklist = "'\"+<>;()" | ||
| 1218 | ; | 1221 | ; |
| 1219 | 1222 | ||
| 1220 | ; suhosin.request.array_index_whitelist | 1223 | ; suhosin.request.array_index_whitelist |