| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-11-11 | inverted logic. set xxe_protection.enable() instead of disable_xxe.disable() | Ben Fuhrmannek | |
| 2021-08-18 | documentation for the ini protection feature | Ben Fuhrmannek | |
| 2021-08-18 | document allowed linebreaks and sim() alias to simulation() | Ben Fuhrmannek | |
| 2021-05-01 | Add a warning about the HMAC thingy for wordpress | jvoisin | |
| 2020-11-29 | Make the `>` operator skip over functions | jvoisin | |
| 2020-11-29 | Document the `>` operator | jvoisin | |
| 2020-06-09 | Improve the documentation wrt. "modifiers" | jvoisin | |
| 2020-03-04 | %s/nbs-system/jvoisin | jvoisin | |
| Since I'm the only one to maintain Snuffleupagus, let's adjust the links and contact addresses of my fork, to point to well… my fork. | |||
| 2019-08-31 | Support direct syslog logging | Thibault "bui" Koechlin | |
| Add the possibility to log directly into the syslog, instead of using php's log system. | |||
| 2019-02-23 | Fix the testsuite on php8. | jvoisin | |
| In php8, it's non-trivial to hook strlen, since this function is usually optimized away by the compiler. | |||
| 2019-01-19 | Fix typo in how Snuffleupagus is spelled in doc/source/config.rst | tomcodes | |
| 2018-12-26 | Document that it's not possible to hook builtins via regexp | jvoisin | |
| Also bump a bit the coverage | |||
| 2018-12-15 | Document the previous commit | jvoisin | |
| 2018-10-23 | Clarify a bit the documentation | jvoisin | |
| A user was a bit afraid that Snuffleupagus might damage their website permanently, so we rephrase the documentation to convey that this is not the case. | |||
| 2018-10-07 | Document the `.pos` filter | jvoisin | |
| 2018-08-30 | Change how we're handling invalid configurations | xXx-caillou-xXx | |
| Since our configuration format is a bit more complex than php's one, we have a `sp.allow_broken_configuration` parameter (`false` by default), that you can set to `true` if you want PHP to carry on if your Snuffleupagus' configuration contains syntax errors. You'll still get a big scary message in your logs of course. We do **not** recommend to use it of course, but sometimes it might be useful to be able to "debug in production" without breaking your website. | |||
| 2018-08-29 | Change how we're validating certificates | xXx-caillou-xXx | |
| 2018-08-29 | Verify certs (#223) | jvoisin | |
| Ensure that certificates are verified in curl should close #47 | |||
| 2018-08-27 | Add whitelist support for php's wrappers | xXx-caillou-xXx | |
| 2018-08-21 | Document our type-juggling-prevention system | jvoisin | |
| 2018-07-18 | Fix broken link in the config documentation | kka | |
| 2018-07-18 | Fix broken links in the documentation | kka | |
| 2018-07-13 | Document even more the `print`/`echo` situation | jvoisin | |
| 2018-07-13 | Document why `print` might look like `echo` in logs | jvoisin | |
| 2018-07-09 | Trying to fix sloppy comparison (#186) | jvoisin | |
| * Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode | |||
| 2018-05-29 | Support session encryption | kkadosh | |
| Implement session encryption. | |||
| 2018-03-29 | Clarify the documentation wrt. configuration files | jvoisin | |
| This should close #172 | |||
| 2018-03-13 | Fix the documentation wrt. misc examples of rules | jvoisin | |
| 2018-02-12 | Mention the script in the documentation | jvoisin | |
| 2018-02-09 | Clarify a bit the documentation | jvoisin | |
| 2018-01-18 | Document the glob feature | jvoisin | |
| 2018-01-17 | Our configuration files are ending in .rules, not .ini | jvoisin | |
| This commit fixes the documentation, our shipped configuration files, and the related tests. Thanks to @remicollet for the tip | |||
| 2018-01-15 | Add a note about session cookies handling. | jvoisin | |
| 2018-01-12 | Add an ugly hack to our parser to make the writing of configuration rules ↵ | jvoisin | |
| more obvious. | |||
| 2018-01-12 | Massive overhaul of the documentation | jvoisin | |
| 2018-01-12 | Improve a bit the documentation | jvoisin | |
| 2018-01-10 | Rework the priority of bl/wl in eval | jvoisin | |
| 2018-01-10 | Eval whitelist | jvoisin | |
| Implement whitelist in eval | |||
| 2018-01-04 | Eval blacklist | jvoisin | |
| Add support for eval filtering, only blacklist for now | |||
| 2017-12-21 | Fix a typo in the documentation | jvoisin | |
| 2017-12-21 | Improve a bit the documentation wrt. limitations | jvoisin | |
| 2017-12-20 | Better parsing of the rules | xXx-caillou-xXx | |
| Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules. | |||
| 2017-11-28 | Fix a link in the documentation | jvoisin | |
| 2017-11-24 | Add a small bla about user-agent and encryption | jvoisin | |
| This should close #70 | |||
| 2017-11-24 | Implement anti csrf measures | xXx-caillou-xXx | |
| This is done by using the "samesite" cookie attribute. | |||
| 2017-11-12 | Improve a bit the filter-related documentation | jvoisin | |
| 2017-10-23 | Implement the .line filter | jvoisin | |
| Close #48 | |||
| 2017-10-20 | Add support for multiple files in sp.configuration_file directive | blotus | |
| This should close (#45 | |||
| 2017-10-11 | s/disable_functions/disable_function/g | jvoisin | |
| This should close #36 and #30 | |||
| 2017-10-10 | Add a link to a new article, and fix a warn in the doc | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |