summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-03Add a gitlab-ci file, and a fix test on Fedorajvoisin
2019-01-01Fix a harmless-but-invalid zend_string_releasejvoisin
2019-01-01Fix the buildjvoisin
Snuffleupagus doesn't support php7.4 for now
2018-12-31Fix spelling issue in features docPhilip Keighley
Changed 'passer' to 'passed'
2018-12-26Document that it's not possible to hook builtins via regexpjvoisin
Also bump a bit the coverage
2018-12-26Add two eval-related testsjvoisin
2018-12-26Fix a typojvoisin
2018-12-26Fix the build for php7.0jvoisin
We only want to prevent crash/infinite recursion, we don't really care about the error/warning messages.
2018-12-26Fix the build for php7.0 and php7.1jvoisin
2018-12-26Bump a bit the coveragejvoisin
2018-12-26Add a PHP5 guardjvoisin
2018-12-26Remove an unnecessary guard against infinite recursion in session handlingjvoisin
This used to be useful in the times of PHP5.4/Suhosin (https://github.com/sektioneins/suhosin/issues/60), but nowadays, php is handling this case on its own.
2018-12-26Make the testsuite a bit more portablejvoisin
2018-12-25Tighten a bit the command-injection prevention rulejvoisin
2018-12-23Mention that SP is packaged in Fedora and FreeBSDjvoisin
2018-12-23Fix a typo in the changelogjvoisin
Spotted by @PeeHaa
2018-12-21bump the changelogv0.4.1kka
2018-12-15Document the previous commitjvoisin
2018-12-15Provide a php script, to get rid of the python one for test suiteRemi Collet
This commit adds a php version of the upload_validation.py script.
2018-12-15Improve simulation mode for session cookies (#259)jvoisin
Since decrypt_zval doesn't provide a way to tell apart failed and successful decryption when used in simulation mode, we'll have to restore the original value if something goes wrong, because crypto_secretbox_open might modify the value.
2018-12-07Add support for php7.3jvoisin
2018-12-01Improve the documentation wrt. functions hooked by sloppy comparisonsjvoisin
This should close #264
2018-11-29Document our curl-tls-verification magicjvoisin
2018-11-23Document a bit more the threat modeljvoisin
2018-11-18Minor code clarificationjvoisin
2018-11-18Improve the cookie encryption documentationjvoisin
This should close #261
2018-11-18Add alertot to the list of usersjvoisin
Source: https://twitter.com/alertot/status/1063366265593622528
2018-10-25Minor formatting issuejvoisin
2018-10-25Snuffleupagus should now compile on Windowsjvoisin
2018-10-23Improve a bit the documentation, againjvoisin
2018-10-23Clarify a bit the documentationjvoisin
A user was a bit afraid that Snuffleupagus might damage their website permanently, so we rephrase the documentation to convey that this is not the case.
2018-10-09Bump againjvoisin
2018-10-09Bump coveragejvoisin
2018-10-09Bump the coverage a bitjvoisin
2018-10-09Remove 3 useless linesjvoisin
2018-10-09Don't check the return values of functions that might not return (#255)jvoisin
This is due to our modifications to the logging system
2018-10-09Improve mb_string hooking logicjvoisin
2018-10-08Add a testjvoisin
2018-10-07Document the `.pos` filterjvoisin
2018-10-06Add a missing opcode in sp_execute_exjvoisin
2018-10-06Coverage++jvoisin
2018-10-06Bump coverage againjvoisin
2018-10-06Bump coverage againjvoisin
2018-10-06Fix the silly mistake for goodjvoisin
2018-10-06Improve a bit the documentationjvoisin
Thanks to @joe for bringing up this issue ♥
2018-10-06Fix a silly mistakejvoisin
2018-10-06Add a testjvoisin
2018-10-06Bump a bit the coveragejvoisin
* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-10-06Remove sp_terminate and bump a bit the coveragejvoisin
2018-10-05Fix segfault array keyskkadosh
Many thanks to @xXx-caillou-xXx for finding the true root cause and fixing the issue ♥