summaryrefslogtreecommitdiff
path: root/config/default.rules
diff options
context:
space:
mode:
Diffstat (limited to 'config/default.rules')
-rw-r--r--config/default.rules8
1 files changed, 8 insertions, 0 deletions
diff --git a/config/default.rules b/config/default.rules
index 0fa4878..818e73d 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -73,6 +73,14 @@ sp.cookie.name("PHPSESSID").samesite("lax");
73 sp.disable_function.function("putenv").param("assignment").value_r("GCONV_").drop() 73 sp.disable_function.function("putenv").param("assignment").value_r("GCONV_").drop()
74@end_condition; 74@end_condition;
75 75
76# https://github.com/php/php-src/issues/22035
77# CURLOPT_SSLENGINE = 10089
78@condition PHP_VERSION_ID < 80000;
79 sp.disable_function.function("curl_setopt").param("option").value("10089").drop()
80@condition PHP_VERSION_ID >= 80000;
81 sp.disable_function.function("curl_setopt").param("option").value("10089").drop()
82@end_condition;
83
76# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector 84# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
77@condition PHP_VERSION_ID < 80000; 85@condition PHP_VERSION_ID < 80000;
78sp.disable_function.function("extract").pos("0").value_r("^_").drop() 86sp.disable_function.function("extract").pos("0").value_r("^_").drop()