summaryrefslogtreecommitdiff
path: root/src/sp_config_keywords.c (follow)
AgeCommit message (Collapse)Author
2021-12-20removed upload script x-bit check at load time, thus allowing root-user to ↵Ben Fuhrmannek
execute test cases
2021-11-19added old php version checkBen Fuhrmannek
2021-11-11detect dummy or short encryption keyBen Fuhrmannek
2021-09-23config is stack allocated now + some code improvements (see details)Ben Fuhrmannek
* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable
2021-09-16ported sid min/max restriction from suhosinBen Fuhrmannek
2021-09-16ported server.strip and server.encode features from suhosinBen Fuhrmannek
2021-09-15implemented execution depth limitBen Fuhrmannek
2021-09-02fixed compiler warnings + test casesBen Fuhrmannek
2021-08-17removed unused variablesBen Fuhrmannek
2021-08-16fincy new scanner/parser for config rules + fixed a few bugs along the way + ↵Ben Fuhrmannek
fixed related unittests
2021-08-10prevent option to be enabled and then disabledBen Fuhrmannek
2021-08-08fixed enable/disable logicBen Fuhrmannek
2021-08-07more ini protection featuresBen Fuhrmannek
2021-08-06implemented ini settings protectionBen Fuhrmannek
2021-08-03fixed mem leak in parse_disabled_functionsBen Fuhrmannek
2020-06-15Merge remote-tracking branch 'upstream/master'Ben Fuhrmannek
2020-06-15stricter config checksBen Fuhrmannek
2020-03-04%s/nbs-system/jvoisinjvoisin
Since I'm the only one to maintain Snuffleupagus, let's adjust the links and contact addresses of my fork, to point to well… my fork.
2019-08-31Support direct syslog loggingThibault "bui" Koechlin
Add the possibility to log directly into the syslog, instead of using php's log system.
2019-06-20Fix snufflepagus_globals linking issues and one mac compatibility issuebef
2019-06-19fix snufflepagus_globals linking issues and one mac compatibility issueBen Fuhrmannek
2019-02-23Try to unify the includesjvoisin
2019-02-23Add php8 to travis and fix php7.4jvoisin
- Use clang-format on the code - Improve portability wrt. php8 - Fix php7.4 compatibility. See https://dustri.org/b/fixing-snuffleupagus-sloppy-comparison-on-array_keys-for-php74.html for a detailed writeup
2019-01-12Fix missing symbol when there is no session supportjvoisin
It's possible to build PHP with sessions as a module, or even without sessions at all. This commit make it possible to use Snuffleupagus on those platforms.
2018-10-06Bump a bit the coveragejvoisin
* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-08-30Minor code cleanupxXx-caillou-xXx
2018-08-29Change how we're validating certificatesxXx-caillou-xXx
2018-08-29Verify certs (#223)jvoisin
Ensure that certificates are verified in curl should close #47
2018-08-28Fix some compilation warningsxXx-caillou-xXx
2018-08-28Use php's logging functionsxXx-caillou-xXx
This commit replace our usage of `php_log_err` with `zend_error`. This should allow administrators to display errors in the webpage, should they want to; and to properly manipulate the verbosity's level. This should close #217
2018-08-27Add whitelist support for php's wrappersxXx-caillou-xXx
2018-08-02fix #203 (#204)crKontrol
sp.disable_function.function().filename doesn't take phar:///
2018-07-13Fix hooking on `print`xXx-caillou-xXx
2018-07-13Massively optimize how rules are handledxXx-caillou-xXx
This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-07-09Trying to fix sloppy comparison (#186)jvoisin
* Trying to fix sloppy comparison https://github.com/nbs-system/snuffleupagus/issues/10 by modifying php's opcode
2018-06-28Better handling of filters for builtinskkadosh
2018-05-29Support session encryptionkkadosh
Implement session encryption.
2018-03-02Add .dump() for eval whitelist/blacklist + simulation mode for whitelistkkadosh
2018-03-02Implement dump() for execution of writable PHP fileskkadosh
2018-02-27Implements .dump() for unserialize and fix some related testskkadosh
2018-02-06Make our API consistentjvoisin
2018-02-05Massive simplification of functions hookingjvoisin
2018-02-05Compatibility layer for pcre2jvoisin
This should close #129
2018-01-17Remove useless "head" member in our linked lists implementationsimon MAGNIN-FEYSOT
This should close #85
2018-01-12do not prepend $ to the var name if there is one alreadySebastien Blot
2018-01-12Add an ugly hack to our parser to make the writing of configuration rules ↵jvoisin
more obvious.
2018-01-10Eval whitelistjvoisin
Implement whitelist in eval
2018-01-04Eval blacklistjvoisin
Add support for eval filtering, only blacklist for now
2017-12-28Clang-format passThibault "bui" Koechlin
- `clang-format --style="{BasedOnStyle: google, SortIncludes: false}" -i snuffleu*.c sp_*.c sp_*.h` - Update the documentation accordingly
2017-12-28re-integrate simulation token for cookiesbui