| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-01-11 | made xml a runtime requirement instead of compile time | Ben Fuhrmannek | |
| 2021-11-11 | more tests for xxe + optional xml support | Ben Fuhrmannek | |
| 2021-10-21 | added some array initialization, just in case. | Ben Fuhrmannek | |
| 2021-04-28 | A pass of clang-format | jvoisin | |
| 2021-04-28 | Add some logging for the XXE mitigation | jvoisin | |
| 2021-04-27 | Protect against XXE in php8 | jvoisin | |
| PHP8 disables external entities by default, but they can still be explicitly used (cf. https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/), which is badâ„¢. The right way to defend against XXE is now to set libxml_set_external_entity_loader to null. | |||
| 2020-11-29 | Fix some unused variables warnings introduced in ea7c76b | jvoisin | |
| 2020-11-29 | Don't call libxml_disable_entity_loader for php8+ | jvoisin | |
| This functions is deprecated, but since PHP8+ requires libxml 2.9.0 where XXE are disabled by default, there is no need to call it anymore. | |||
| 2019-06-20 | Fix snufflepagus_globals linking issues and one mac compatibility issue | bef | |
| 2018-02-05 | Massive simplification of functions hooking | jvoisin | |
| 2017-09-20 | Initial import | Sebastien Blot | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |