| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-06-12 | update snuffleupagus.h with new version | kka | |
| 2019-05-14 | Fix the cookie's handling for PHP7.3+ | jvoisin | |
| PHP 7.3+ added a new prototype for the cookie setting mechanism, breaking our ghetto samesite-injection, this commit takes care of it. | |||
| 2019-05-13 | Allow php > 7.4 to fail in the CI | jvoisin | |
| 2019-05-13 | Fix VLD-related issue in the CI | jvoisin | |
| VLD isn't yet available for PHP7.4, so don't install it on PHP > 7.3 | |||
| 2019-04-07 | Protect against a now-public open_basedir bypass | jvoisin | |
| 2019-02-23 | Try to unify the includes | jvoisin | |
| 2019-02-23 | Fix the testsuite on php8. | jvoisin | |
| In php8, it's non-trivial to hook strlen, since this function is usually optimized away by the compiler. | |||
| 2019-02-23 | Add php8 to travis and fix php7.4 | jvoisin | |
| - Use clang-format on the code - Improve portability wrt. php8 - Fix php7.4 compatibility. See https://dustri.org/b/fixing-snuffleupagus-sloppy-comparison-on-array_keys-for-php74.html for a detailed writeup | |||
| 2019-02-11 | Fix a warning on FreeBSD | avkarenow | |
| This should fix the following: ```C snuffleupagus/src/sp_config.c:193:10: warning: implicit declaration of function 'getline' is invalid in C99 [-Wimplicit-function-declaration] while (getline(&lineptr, &n, fd) > 0) { ^ 1 warning generated. ``` | |||
| 2019-01-22 | Fix typos and suggest more broad term for sysadmins | tomcodes | |
| 2019-01-21 | Document the point of having a black-list approach for eval | jvoisin | |
| 2019-01-19 | Fix typo in how Snuffleupagus is spelled in doc/source/config.rst | tomcodes | |
| 2019-01-16 | Improve a bit the default rules | jvoisin | |
| 2019-01-16 | Clean up a bit our .travis-ci.yml file | jvoisin | |
| Credit goes to @szepeviktor, this commit is a straight ripoff of https://github.com/nbs-system/snuffleupagus/pull/273 but without the bits that I'm not fond of, so we can move this forward while still being able to bikeshed around the bust the rest of it if we want to. | |||
| 2019-01-16 | Fix a compilation warning | jvoisin | |
| 2019-01-16 | Minor improvements of debian/rules | jvoisin | |
| 2019-01-14 | Reorganize the testsuite | jvoisin | |
| Splitting the testsuite in several components makes it easier to manage and comprehend. This was also needed some some tests aren't passing on Alpine Linux, but we still want to run as many of them as we can on this platform. | |||
| 2019-01-12 | We're not in alpha anymore \o/ | jvoisin | |
| 2019-01-12 | Fix missing symbol when there is no session support | jvoisin | |
| It's possible to build PHP with sessions as a module, or even without sessions at all. This commit make it possible to use Snuffleupagus on those platforms. | |||
| 2019-01-12 | Make compilation stop gracefully in the absence of PCRE | jvoisin | |
| 2019-01-12 | Add Alpine back to the CI, compile-only, no testsuite | jvoisin | |
| 2019-01-12 | Add a compile-only target to the Makefile | jvoisin | |
| 2019-01-09 | Add a note about PHP7.3+ SameSite support | jvoisin | |
| 2019-01-09 | Rename a documentation file | jvoisin | |
| 2019-01-07 | Depend on shlibs in Debian | Viktor Szépe | |
| This should fix the following lintian warning: > W: snuffleupagus: missing-depends-line | |||
| 2019-01-07 | Remove a terminal dot in the readme | Viktor Szépe | |
| 2019-01-05 | Don't build with clang | jvoisin | |
| This will dramatically lower the time required to run the CI. Clang isn't really supported by php on travis anyway, since it's using weird constructs that clang can't compile. | |||
| 2019-01-05 | Improve a bit the readme | jvoisin | |
| 2019-01-05 | Add ubuntu and a badge in the README | jvoisin | |
| 2019-01-03 | Add a gitlab-ci file, and a fix test on Fedora | jvoisin | |
| 2019-01-01 | Fix a harmless-but-invalid zend_string_release | jvoisin | |
| 2019-01-01 | Fix the build | jvoisin | |
| Snuffleupagus doesn't support php7.4 for now | |||
| 2018-12-31 | Fix spelling issue in features doc | Philip Keighley | |
| Changed 'passer' to 'passed' | |||
| 2018-12-26 | Document that it's not possible to hook builtins via regexp | jvoisin | |
| Also bump a bit the coverage | |||
| 2018-12-26 | Add two eval-related tests | jvoisin | |
| 2018-12-26 | Fix a typo | jvoisin | |
| 2018-12-26 | Fix the build for php7.0 | jvoisin | |
| We only want to prevent crash/infinite recursion, we don't really care about the error/warning messages. | |||
| 2018-12-26 | Fix the build for php7.0 and php7.1 | jvoisin | |
| 2018-12-26 | Bump a bit the coverage | jvoisin | |
| 2018-12-26 | Add a PHP5 guard | jvoisin | |
| 2018-12-26 | Remove an unnecessary guard against infinite recursion in session handling | jvoisin | |
| This used to be useful in the times of PHP5.4/Suhosin (https://github.com/sektioneins/suhosin/issues/60), but nowadays, php is handling this case on its own. | |||
| 2018-12-26 | Make the testsuite a bit more portable | jvoisin | |
| 2018-12-25 | Tighten a bit the command-injection prevention rule | jvoisin | |
| 2018-12-23 | Mention that SP is packaged in Fedora and FreeBSD | jvoisin | |
| 2018-12-23 | Fix a typo in the changelog | jvoisin | |
| Spotted by @PeeHaa | |||
| 2018-12-21 | bump the changelogv0.4.1 | kka | |
| 2018-12-15 | Document the previous commit | jvoisin | |
| 2018-12-15 | Provide a php script, to get rid of the python one for test suite | Remi Collet | |
| This commit adds a php version of the upload_validation.py script. | |||
| 2018-12-15 | Improve simulation mode for session cookies (#259) | jvoisin | |
| Since decrypt_zval doesn't provide a way to tell apart failed and successful decryption when used in simulation mode, we'll have to restore the original value if something goes wrong, because crypto_secretbox_open might modify the value. | |||
| 2018-12-07 | Add support for php7.3 | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |