diff options
| author | jvoisin | 2022-03-20 18:20:45 +0100 |
|---|---|---|
| committer | jvoisin | 2022-03-20 18:20:45 +0100 |
| commit | 81dd7f2ef07af306fe83d7755cbac4529aa9fc8d (patch) | |
| tree | 32cc44c6231b30db5ac7b15699297863460784aa /config/detect_dangerous_extensions.rules | |
| parent | 83b01942dfc80474cc05e09aeef4b44307a7120b (diff) | |
| parent | c38df1077a6c1dfbca1baca049214d053e2e7684 (diff) | |
Merge remote-tracking branch 'sektioneins/master'
Diffstat (limited to 'config/detect_dangerous_extensions.rules')
| -rw-r--r-- | config/detect_dangerous_extensions.rules | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/config/detect_dangerous_extensions.rules b/config/detect_dangerous_extensions.rules new file mode 100644 index 0000000..8f10532 --- /dev/null +++ b/config/detect_dangerous_extensions.rules | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | ## This example rules file shows how to detect and disable certain potentially | ||
| 2 | ## dangerous or unwanted extensions. | ||
| 3 | |||
| 4 | @condition extension_loaded("runkit7"); | ||
| 5 | @error "The runkit7 extension can be used to rename classes and functions, thereby circumventing any filters set by Snuffleupagus. Please disable runkit7."; | ||
| 6 | |||
| 7 | @condition extension_loaded("FFI"); | ||
| 8 | @warning "FFI extension is loaded. Disabling via 'ffi.enable=false'"; | ||
| 9 | sp.ini_protection.enable(); | ||
| 10 | sp.ini.key("ffi.enable").set("false").ro(); | ||
| 11 | @end_condition; | ||
| 12 | |||