Fix yet another php surprised-rename of functions parameters

author: jvoisin 2024-03-24 17:40:27 +0100
committer: jvoisin 2024-03-24 17:40:27 +0100
commit: 6fe3815271a50329a2ba0aa492bb2c9a9820b962 (patch)
tree: ee08d7fc61758146de8a68b964a515096413dd68 /config
parent: 435977aca7655f12db77e2f255b701a84c8c79e0 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/config/default_php8.rules b/config/default_php8.rules
index 580ba0a..98cc0db 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -39,7 +39,9 @@ sp.disable_function.function("chmod").param("permissions").value("438").drop();
 sp.disable_function.function("chmod").param("permissions").value("511").drop();
 # Prevent various `mail`-related vulnerabilities
-sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
+# Uncommend the second rule if you're using php8.3+
+#sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
+#sp.disable_function.function("mail").param("additional_params").value_r("\\-").drop();
 # Since it's now burned, me might as well mitigate it publicly
 sp.disable_function.function("putenv").param("assignment").value_r("LD_").drop()
author	jvoisin	2024-03-24 17:40:27 +0100
committer	jvoisin	2024-03-24 17:40:27 +0100
commit	6fe3815271a50329a2ba0aa492bb2c9a9820b962 (patch)
tree	ee08d7fc61758146de8a68b964a515096413dd68 /config
parent	435977aca7655f12db77e2f255b701a84c8c79e0 (diff)

diff --git a/config/default_php8.rules b/config/default_php8.rules index 580ba0a..98cc0db 100644 --- a/config/default_php8.rules +++ b/config/default_php8.rules
@@ -39,7 +39,9 @@ sp.disable_function.function("chmod").param("permissions").value("438").drop();
39	sp.disable_function.function("chmod").param("permissions").value("511").drop();	39	sp.disable_function.function("chmod").param("permissions").value("511").drop();
40		40
41	# Prevent various `mail`-related vulnerabilities	41	# Prevent various `mail`-related vulnerabilities
42	sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();	42	# Uncommend the second rule if you're using php8.3+
		43	#sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
		44	#sp.disable_function.function("mail").param("additional_params").value_r("\\-").drop();
43		45
44	# Since it's now burned, me might as well mitigate it publicly	46	# Since it's now burned, me might as well mitigate it publicly
45	sp.disable_function.function("putenv").param("assignment").value_r("LD_").drop()	47	sp.disable_function.function("putenv").param("assignment").value_r("LD_").drop()