1 files changed, 3 insertions, 3 deletions
diff --git a/config/default.rules b/config/default.rules
index f6d8893..a19d678 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -49,8 +49,8 @@ sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
 sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
 # Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
-sp.disable_function.function("extract").param("var_array").value_r("^_").drop()
+sp.disable_function.function("extract").pos("0").value_r("^_").drop()
-sp.disable_function.function("extract").param("extract_type").value("0").drop()
+sp.disable_function.function("extract").pos("1").value("0").drop()
 # This is also burned:
 # ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
@@ -71,7 +71,7 @@ sp.disable_function.function("include").drop()
 # Prevent `system`-related injections
 sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
+sp.disable_function.function("shell_exec").pos("0").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();

diff --git a/config/default.rules b/config/default.rules index f6d8893..a19d678 100644 --- a/config/default.rules +++ b/config/default.rules
@@ -49,8 +49,8 @@ sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
49	sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()	49	sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
50		50
51	# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector	51	# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
52	sp.disable_function.function("extract").param("var_array").value_r("^_").drop()	52	sp.disable_function.function("extract").pos("0").value_r("^_").drop()
53	sp.disable_function.function("extract").param("extract_type").value("0").drop()	53	sp.disable_function.function("extract").pos("1").value("0").drop()
54		54
55	# This is also burned:	55	# This is also burned:
56	# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));	56	# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
@@ -71,7 +71,7 @@ sp.disable_function.function("include").drop()
71		71
72	# Prevent `system`-related injections	72	# Prevent `system`-related injections
73	sp.disable_function.function("system").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();	73	sp.disable_function.function("system").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
74	sp.disable_function.function("shell_exec").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();	74	sp.disable_function.function("shell_exec").pos("0").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
75	sp.disable_function.function("exec").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();	75	sp.disable_function.function("exec").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
76	sp.disable_function.function("proc_open").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();	76	sp.disable_function.function("proc_open").param("command").value_r("[$\|;&`\\n\\(\\)\\\\]").drop();
77		77