summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-11-30fixed test case for PHP 8.1.Ben Fuhrmannek
ini_set argument types changed with PHP 8.1, so the test is using ini_get now.
2021-11-30PHP 8.1 compatibility with streams/includes + fix for ticksBen Fuhrmannek
2021-11-30clarify control flowBen Fuhrmannek
2021-11-30fixed crash when parsing arguments with PHP 8.1Ben Fuhrmannek
2021-11-30added @log logging feature to config parserBen Fuhrmannek
2021-11-30php 8.1 compatibilityBen Fuhrmannek
2021-11-26PHP8 update parameters name in "move_uploaded_file" (#406)pfdutot
In the 8.0.8 and 8.1 version of PHP, the parameters name for move_uploaded_file are "from" and "to". This config file fail to apply the relevant rules unless the parameter names are updated using "to" instead of "destination".
2021-11-22docs fix: path in filename() must be absolute (#404)Jakub Onderka
2021-11-19added old php version checkBen Fuhrmannek
2021-11-19replaced call_user_func with C level callBen Fuhrmannek
2021-11-19fixed test skip conditionBen Fuhrmannek
2021-11-11more tests for xxe + optional xml supportBen Fuhrmannek
2021-11-11inverted logic. set xxe_protection.enable() instead of disable_xxe.disable()Ben Fuhrmannek
2021-11-11detect dummy or short encryption keyBen Fuhrmannek
2021-10-21added some array initialization, just in case.Ben Fuhrmannek
2021-10-21fix oob memory accessBen Fuhrmannek
2021-10-18stronger stack protector via compile flagBen Fuhrmannek
2021-09-23config is stack allocated now + some code improvements (see details)Ben Fuhrmannek
* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable
2021-09-23comments on lookup tableBen Fuhrmannek
2021-09-16ported sid min/max restriction from suhosinBen Fuhrmannek
2021-09-16ported server.strip and server.encode features from suhosinBen Fuhrmannek
2021-09-15implemented execution depth limitBen Fuhrmannek
2021-09-15changed version and version output in phpinfoBen Fuhrmannek
2021-09-03fixed testsBen Fuhrmannek
2021-09-03fixed session encryption in php8 + related test casesBen Fuhrmannek
2021-09-02fixed test cases where pcre error output changedBen Fuhrmannek
2021-09-02fixed more test casesBen Fuhrmannek
2021-09-02fixed compiler warnings + test casesBen Fuhrmannek
2021-09-01implemented proper operand precedence using the shunting yard algorithmBen Fuhrmannek
2021-08-31basic condition suuport for rules filesBen Fuhrmannek
2021-08-30fixed typoBen Fuhrmannek
2021-08-29updated documentation URLBen Fuhrmannek
2021-08-18documentation for the ini protection featureBen Fuhrmannek
2021-08-18document allowed linebreaks and sim() alias to simulation()Ben Fuhrmannek
2021-08-18ported Suhosin rules to Snuffleupagus rulesBen Fuhrmannek
2021-08-18updated documentation URLBen Fuhrmannek
2021-08-18start SP as late as possible. this allows us to hook functions of extensions ↵Ben Fuhrmannek
supposed to be loaded later
2021-08-17removed unused variablesBen Fuhrmannek
2021-08-17fixed broken tests for PHP7 after scanner/parser updateBen Fuhrmannek
2021-08-17added pregenerated scanner to relax re2c dependencyBen Fuhrmannek
2021-08-17require re2c >= 2.0Ben Fuhrmannek
2021-08-17php 7 compatibilityBen Fuhrmannek
2021-08-16config supports variables nowBen Fuhrmannek
2021-08-16fincy new scanner/parser for config rules + fixed a few bugs along the way + ↵Ben Fuhrmannek
fixed related unittests
2021-08-16Fix a few typos and inconsistencies in config filesGasper Vozel
2021-08-14debug log to dup'd stderr / php is closing stderr during shutdownBen Fuhrmannek
2021-08-14missing efree in sp_log_msgfBen Fuhrmannek
2021-08-14fixed mem leak in parserBen Fuhrmannek
2021-08-14fixed incorrect debug log invocationBen Fuhrmannek
2021-08-14fixed mem leak in get_paramBen Fuhrmannek