| Age | Commit message (Collapse) | Author |
|---|
|
When `upload_validation` is enabled, and when VLD isn't installed, an attacker
sending a multipart POST is able to get arbitrary PHP content executed.
Reported-By: thomas-chauchefoin-tob
|
|
PHP is breaking too many things on nightly, we'll only support releases from now on.
This should also make our vld-based file-upload checker more resilient: no more random warnings on stderr.
|
|
The Python script is using vld (https://derickrethans.nl/projects.html#vld) to check for malicious opcodes.
|
