summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-03-04Run the CI every weekjvoisin
2021-11-26PHP8 update parameters name in "move_uploaded_file" (#406)pfdutot
In the 8.0.8 and 8.1 version of PHP, the parameters name for move_uploaded_file are "from" and "to". This config file fail to apply the relevant rules unless the parameter names are updated using "to" instead of "destination".
2021-11-22docs fix: path in filename() must be absolute (#404)Jakub Onderka
2021-08-29updated documentation URLBen Fuhrmannek
2021-08-16Fix a few typos and inconsistencies in config filesGasper Vozel
2021-08-14debug log to dup'd stderr / php is closing stderr during shutdownBen Fuhrmannek
2021-08-14missing efree in sp_log_msgfBen Fuhrmannek
2021-08-14fixed mem leak in parserBen Fuhrmannek
2021-08-14fixed incorrect debug log invocationBen Fuhrmannek
2021-08-14fixed mem leak in get_paramBen Fuhrmannek
2021-08-14removed unused variableBen Fuhrmannek
2021-08-14fixed null pointer dereferenceBen Fuhrmannek
2021-08-02Fix warning when SP_HAS_PCRE2 is not defined (#397)Giovanni
2021-08-02Bump the changelogv0.7.1jvoisin
2021-07-28Sprinkle even more `const`jvoisin
2021-07-25Replace an odd call to strtok_r().WhiteWinterWolf
2021-07-22Sprinkle some constjvoisin
2021-05-09Add some guard to prevent hooking recursionjvoisin
This shouldn't be necessary, but better safe than sorry.
2021-05-09strtok/strtok_r is a thing from the past, don't use it.jvoisin
2021-05-09Add some checks to prevent recursion upon config reloadingjvoisin
2021-05-09Fix disable function chmodWhiteWinterWolf
2021-05-09Fix the testsuite on php7.4jvoisin
2021-05-09Allow session-related things to fail on php8 for nowjvoisin
2021-05-09Fix the testsuite on fedorajvoisin
2021-05-09Fix compilation on non-pcre2 targetsjvoisin
2021-05-08Remove some memory-leaksjvoisin
2021-05-08Add a test for #390jvoisin
2021-05-08Fix a memory leak when using pcre2jvoisin
2021-05-08Handle a possible issue with regexpjvoisin
Gracefully handle the case where we can't get allocated memory when trying to match a regex.
2021-05-01Additional PHP 8 sample config argument name changesTristan Deloche
2021-05-01Improve our SQLI-related documentation and remove some useless rulesjvoisin
2021-05-01Add a warning about the HMAC thingy for wordpressjvoisin
2021-04-28A pass of clang-formatjvoisin
2021-04-28Simplify a bit get_ip()jvoisin
2021-04-28Add an action to run coverity scan weeklyjvoisin
2021-04-28Add some logging for the XXE mitigationjvoisin
2021-04-28Add a blogpost to our propaganda sectionjvoisin
2021-04-27Protect against XXE in php8jvoisin
PHP8 disables external entities by default, but they can still be explicitly used (cf. https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/), which is badâ„¢. The right way to defend against XXE is now to set libxml_set_external_entity_loader to null.
2021-04-27Update some parameter names which changed for PHP 8.0Tristan Deloche
2021-04-27Fix SKIPIF output syntax errorTristan Deloche
2021-04-26Make it easier to figure functions parameters' namesJulien Voisin
2021-04-26Add a configuration file for php8jvoisin
2021-03-26Add PHP8 for linux distributions on the CIJulien Voisin
2021-02-26Add php8.0-dev option for making a debian installcypherbits
2021-02-15Add a link to Debian's bug for packaging Snuffleupagusjvoisin
2021-02-11Allow failure for now on Alpine Linuxjvoisin
See https://bugs.archlinux.org/task/69563#comment196468 for details
2021-02-11Add a badge for repologyjvoisin
2021-01-30Improve a bit the typing of the parserjvoisin
Use enum members instead of their numbers directly.
2021-01-30Improve a bit type diversityjvoisin
2021-01-23Add an article to the propaganda sectionjvoisin