diff options
| -rw-r--r-- | Changelog | 4 | ||||
| -rw-r--r-- | suhosin.c | 2 | ||||
| -rw-r--r-- | suhosin.ini | 7 |
3 files changed, 10 insertions, 3 deletions
| @@ -1,5 +1,9 @@ | |||
| 1 | 2014-xx-xx - 0.9.38-dev | 1 | 2014-xx-xx - 0.9.38-dev |
| 2 | 2 | ||
| 3 | 2014-12-12 - 0.9.37.1 | ||
| 4 | - Changed version string to 0.9.37.1 (without -dev) | ||
| 5 | - Relaxed array index blacklist (removed '-') due to wordpress incompatibility | ||
| 6 | |||
| 3 | 2014-12-03 - 0.9.37 | 7 | 2014-12-03 - 0.9.37 |
| 4 | 8 | ||
| 5 | - Added SQL injection protection for Mysqli and several test cases | 9 | - Added SQL injection protection for Mysqli and several test cases |
| @@ -824,7 +824,7 @@ PHP_INI_BEGIN() | |||
| 824 | STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals) | 824 | STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals) |
| 825 | STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals) | 825 | STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals) |
| 826 | STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals) | 826 | STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals) |
| 827 | STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+-<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) | 827 | STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) |
| 828 | STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals) | 828 | STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals) |
| 829 | STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals) | 829 | STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals) |
| 830 | 830 | ||
diff --git a/suhosin.ini b/suhosin.ini index e739dff..d5a6b24 100644 --- a/suhosin.ini +++ b/suhosin.ini | |||
| @@ -1210,11 +1210,14 @@ | |||
| 1210 | ; suhosin.request.array_index_blacklist | 1210 | ; suhosin.request.array_index_blacklist |
| 1211 | ; ------------------------------------- | 1211 | ; ------------------------------------- |
| 1212 | ; * Type: String | 1212 | ; * Type: String |
| 1213 | ; * Default: "'\"+-<>;()" | 1213 | ; * Default: "'\"+<>;()" |
| 1214 | ; | 1214 | ; |
| 1215 | ; Defines a character blacklist for array indices not allowed in user input. | 1215 | ; Defines a character blacklist for array indices not allowed in user input. |
| 1216 | ; | 1216 | ; |
| 1217 | ;suhosin.request.array_index_blacklist = "'\"+-<>;()" | 1217 | ; Note: The default value also contained '-' in 0.9.37, which was removed in |
| 1218 | ; 0.9.37.1 due to incompatibility issues. | ||
| 1219 | ; | ||
| 1220 | ;suhosin.request.array_index_blacklist = "'\"+<>;()" | ||
| 1218 | ; | 1221 | ; |
| 1219 | 1222 | ||
| 1220 | ; suhosin.request.array_index_whitelist | 1223 | ; suhosin.request.array_index_whitelist |