summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-10-06suppress date/time logging with suhosin.log.file.time=0Ben Fuhrmannek
2014-10-01added script to build binary debian packageBen Fuhrmannek
2014-09-25array index whitelist/blacklist for multipart formdataBen Fuhrmannek
2014-09-25array index whitelist/blacklistBen Fuhrmannek
2014-09-22disallow_nul does not assume the input value to be nul terminated anymoreBen Fuhrmannek
2014-09-22test case for suhosin.cookie.max_varsBen Fuhrmannek
2014-09-22commented out duplicate function (resolves #59)Ben Fuhrmannek
2014-09-22warn if ini contstants are not availableBen Fuhrmannek
2014-09-19test case for issue #62Ben Fuhrmannek
2014-09-05Filters are allowed to change the content of a value. Always allocate a copy ↵Stefan Esser
before giving it to the filters.
2014-08-31Fix compilation problem with old suhosin patch installedStefan Esser
2014-08-21updated documentation + new ini entriesBen Fuhrmannek
2014-08-21suhosin.executor.max_depth -> 750 (resolves #56)Ben Fuhrmannek
2014-08-19updated changelog after mergeBen Fuhrmannek
2014-08-19Merge branch 'cleanup'Ben Fuhrmannek
2014-08-18use localtime instead of gmttime for logging (fixes #55)Ben Fuhrmannek
2014-08-18extra null checksBen Fuhrmannek
2014-08-01fixed potential segfault/hashtable inconsistency for disable_display_errors=failBen Fuhrmannek
2014-07-27reintroduced loop-free check for invalid varnames in ↵Ben Fuhrmannek
suhosin_register_server_variables
2014-07-24re-introduced suhosin_is_protected_varname as extra varname checkBen Fuhrmannek
2014-07-17suhosin_get_raw_cookies() parses cookies in reverse order to give first ↵Ben Fuhrmannek
occurrence precedence
2014-07-17minor changes / no more compiler warningsBen Fuhrmannek
2014-07-17some php_varname_check()s may be silent as we produce custom errorsBen Fuhrmannek
2014-07-17more redundancy removed / varname checksBen Fuhrmannek
2014-07-17import_request_variables() will only be replaced with PHP < 5.4.0Ben Fuhrmannek
2014-07-17removed redundant implementations of protected varname checkBen Fuhrmannek
2014-07-16rewrite of register_server_variables - less redundancy (may be slower though)Ben Fuhrmannek
2014-07-16updated suhosin versionBen Fuhrmannek
2014-07-16fixed duplicate char* declaration. (closes #51)Ben Fuhrmannek
2014-07-15replaced suhosin_register_cookie_variable + ↵Ben Fuhrmannek
suhosin_register_cookie_variable_safe
2014-07-15simplified else/breakBen Fuhrmannek
2014-07-14updated changelog after mergeBen Fuhrmannek
2014-07-14Merge branch 'filter'Ben Fuhrmannek
2014-07-14Merge branch 'sql'Ben Fuhrmannek
2014-07-14updated changelogBen Fuhrmannek
2014-07-14*ignore*Ben Fuhrmannek
2014-07-12introduced suhosin.upload.allow_utf8Ben Fuhrmannek
2014-07-11remove_binary and disallow_binary allow utf-8. +testcasesBen Fuhrmannek
2014-07-11disallow_ws now matches all single-byte whitespace charactersBen Fuhrmannek
2014-07-09untested features must be enabled: configure --enable-suhosin-experimentalBen Fuhrmannek
2014-07-09experimental PDO supportBen Fuhrmannek
2014-07-09test cases for user_prefix + user_postfixBen Fuhrmannek
2014-07-09SQL username check in sim. mode checks only for the first occ. of inv. charsBen Fuhrmannek
2014-07-09enforce SQL username check + return FALSE instead of bailoutBen Fuhrmannek
2014-07-09more files to be ignored by gitBen Fuhrmannek
2014-07-09added sql.user_match + username character checkBen Fuhrmannek
2014-07-07brand new default suhosin.ini with documentation and correct default valuesBen Fuhrmannek
2014-06-24Added SQL injection protection for Mysqli and several test casesBen Fuhrmannek
2014-06-10Prepare release of suhosin-0.9.36suhosin-0.9.36Stefan Esser
2014-06-09Improve SessionHandler() recursion protectionStefan Esser