summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config/default_php8.rules4
1 files changed, 3 insertions, 1 deletions
diff --git a/config/default_php8.rules b/config/default_php8.rules
index 580ba0a..98cc0db 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -39,7 +39,9 @@ sp.disable_function.function("chmod").param("permissions").value("438").drop();
39sp.disable_function.function("chmod").param("permissions").value("511").drop(); 39sp.disable_function.function("chmod").param("permissions").value("511").drop();
40 40
41# Prevent various `mail`-related vulnerabilities 41# Prevent various `mail`-related vulnerabilities
42sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop(); 42# Uncommend the second rule if you're using php8.3+
43#sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
44#sp.disable_function.function("mail").param("additional_params").value_r("\\-").drop();
43 45
44# Since it's now burned, me might as well mitigate it publicly 46# Since it's now burned, me might as well mitigate it publicly
45sp.disable_function.function("putenv").param("assignment").value_r("LD_").drop() 47sp.disable_function.function("putenv").param("assignment").value_r("LD_").drop()