| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-06-09 | Ensure to inject php-stream filter also on stream_wrapper_restore() | Christian Göttsche | |
| Not sure this is needed, but better safe than sorry. | |||
| 2024-06-09 | Use more generic expected test result format | Christian Göttsche | |
| 2024-06-09 | Add option to specify the allowed "php" wrapper types | Christian Göttsche | |
| In addition of the current possibility to filter wrappers by their protocol name, also add the option to filter the "php" wrapper by the requested kind. Especially the 'filter' backend can be disabled that way. | |||
| 2024-06-06 | Add format attribute to log function and adjust format specifiers | Christian Göttsche | |
| Annotate the common logging function sp_log_msgf() with the format attribute so compilers can check the used format string and passed arguments for discrepancies. Adjust the lineno printing by using %zu and the type size_t consistently. | |||
| 2024-06-06 | Silence unused variable warning with php 8.3 | Christian Göttsche | |
| src/sp_unserialize.c: In function 'zif_sp_unserialize': src/sp_unserialize.c:131:15: warning: unused variable 'orig_handler' [-Wunused-variable] 131 | zif_handler orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")); | ^~~~~~~~~~~~ | |||
| 2024-06-06 | Free allocated memory in early exit | Christian Göttsche | |
| 2024-06-06 | Fix misc typos | Christian Göttsche | |
| 2024-06-06 | Enable some additional compiler warnings | Christian Göttsche | |
| 2024-06-06 | Avoid dropping const qualifier in casts | Christian Göttsche | |
| Adjusts casts to void dropping const qualifiers. This helps to avoid mistakes, e.g. modifying string literals. Also use size_t for length, similar to the upstream php interfaces. | |||
| 2024-06-06 | Declare file local variables and functions static | Christian Göttsche | |
| Avoid missing prototype warnings by declaring variables and functions that are only used in a single file static. | |||
| 2024-06-06 | Use strict prototypes | Christian Göttsche | |
| Use the special value void as parameter for functions taking nor argument. | |||
| 2024-06-06 | Fix missing token in config dump | Christian Göttsche | |
| 2024-06-06 | Add target to run tests incremental | Christian Göttsche | |
| Avoid the configure step each time during development. | |||
| 2024-06-06 | Reorder calloc(3) arguments | Christian Göttsche | |
| Please GCC: In file included from /usr/include/php/20220829/Zend/zend.h:30, from /usr/include/php/20220829/main/php.h:31, from /usr/include/php/20220829/main/SAPI.h:20, from src/php_snuffleupagus.h:37, from src/sp_ifilter.c:1: src/sp_pcre_compat.h: In function 'sp_regexp_compile': src/sp_pcre_compat.h:38:36: warning: '__zend_calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args] 38 | sp_regexp *ret = pecalloc(sizeof(sp_regexp), 1, 1); | ^~~~~~~~~ /usr/include/php/20220829/Zend/zend_alloc.h:199:72: note: in definition of macro 'pecalloc' 199 | #define pecalloc(nmemb, size, persistent) ((persistent)?__zend_calloc((nmemb), (size)):ecalloc((nmemb), (size))) | ^~~~~ src/sp_pcre_compat.h:38:36: note: earlier argument should specify number of elements, later size of each element 38 | sp_regexp *ret = pecalloc(sizeof(sp_regexp), 1, 1); | ^~~~~~~~~ /usr/include/php/20220829/Zend/zend_alloc.h:199:72: note: in definition of macro 'pecalloc' 199 | #define pecalloc(nmemb, size, persistent) ((persistent)?__zend_calloc((nmemb), (size)):ecalloc((nmemb), (size))) | ^~~~~ | |||
| 2024-04-25 | Move from php83-rc to php83 in the CI | jvoisin | |
| 2024-04-13 | Run PHP8.2 tests on Alpine, now that PHP81 is dead there | jvoisin | |
| 2024-03-24 | Don't forbid use of assert in PHP 8+ | bohwaz | |
| 2024-03-24 | Fix yet another php surprised-rename of functions parameters | jvoisin | |
| 2024-03-24 | Also ignore function definitions | bohwaz | |
| 2024-03-24 | Don't whitelist files if the function name is actually a method of a class | bohwaz | |
| 2024-03-08 | Update the deprecation checks | jvoisin | |
| 2024-02-19 | Include functions from global space that are prefixed with \ | Christoph Amthor | |
| 2024-01-26 | Bail early in case of invalid config in PHP_RINIT_ | jvoisin | |
| 2024-01-15 | Add a test for issue #479 | jvoisin | |
| 2024-01-09 | Add some comments to a rule | jvoisin | |
| This should help diagnose https://github.com/jvoisin/snuffleupagus/issues/477 | |||
| 2023-12-13 | print key and value on INI violations | Christian Göttsche | |
| On violations of INI settings include the key and if appropriate the value in the log message. This helps to locate offenders and fine tune the configuration itself. | |||
| 2023-12-13 | github: tweak skipping tests during package build | Christian Göttsche | |
| 2023-12-13 | debian: downgrade to debhelper compat 12 | Christian Göttsche | |
| Support Debian old-old-stable (buster) by using debhelper compat level 12. | |||
| 2023-12-13 | debian: fix typo in changelog | Christian Göttsche | |
| 2023-12-13 | debian: update nocheck build profile | Christian Göttsche | |
| 2023-12-13 | debian: add short license text and link to full license file | Christian Göttsche | |
| 2023-12-13 | debian: bump to standards-version 4.6.2 | Christian Göttsche | |
| Declare Rules-Requires-Root | |||
| 2023-12-13 | debian: update links | Christian Göttsche | |
| 2023-12-13 | debian: add missing changelog author lines | Christian Göttsche | |
| 2023-12-13 | debian: add extended package description | Christian Göttsche | |
| 2023-12-13 | debian: bump to debhelper compat 13 | Christian Göttsche | |
| 2023-12-13 | debian: add missing dh-php build dependency | Christian Göttsche | |
| 2023-12-07 | make 'phar' filenames work in sp.disabled_functions | Julien Voisin | |
| This fixes #472 | |||
| 2023-12-07 | make 'phar' filenames work in sp.disabled_functions, fixes #472 | brown-midas | |
| 2023-11-27 | Configuration fixes | Julien Voisin | |
| - Update comment to match configuration - Add condition for mysqli.reconnect: mysqli.reconnect has been removed in PHP 8.2, see https://www.php.net/manual/de/mysqli.configuration.php#ini.mysqli.reconnect. | |||
| 2023-11-27 | Update config/ini_protection.rules | Julien Voisin | |
| 2023-11-27 | Add condition for mysqli.reconnect | Christian Göttsche | |
| mysqli.reconnect has been removed in PHP 8.2, see https://www.php.net/manual/de/mysqli.configuration.php#ini.mysqli.reconnect. | |||
| 2023-11-26 | Fix typos | Julien Voisin | |
| 2023-11-26 | Fix typos | Christian Göttsche | |
| 2023-11-26 | Clarify a bit the documentation wrt. match/regex | jvoisin | |
| This closes #468 | |||
| 2023-11-26 | Revert "Move from php8.3-rc to 8.3 in the CI" | jvoisin | |
| This reverts commit 6a9edc1c9b1d4d455f14ccf0c2e9234f4bcc0460. | |||
| 2023-11-24 | Move from php8.3-rc to 8.3 in the CI | jvoisin | |
| 2023-11-03 | Add some documentation in the default rules. | jvoisin | |
| 2023-09-20 | Bump the changelogv0.10.0 | jvoisin | |
| 2023-09-20 | Improve a bit the documentation | jvoisin | |
| Based on a suggestion from @dimitargi | |||
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |