snuffleupagus - Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Age	Commit message (Collapse)	Author
2026-02-23	Simplify formatting	Christian Göttsche
	The members sid_min_length and sid_max_length are of type unsigned long, thus use %lu instead of %zu and a cast.
2026-02-22	Log session ID lengths on failure	Christian Göttsche

2024-06-06	Fix misc typos	Christian Göttsche

2024-06-06	Use strict prototypes	Christian Göttsche
	Use the special value void as parameter for functions taking nor argument.
2022-01-12	make session support a runtime check instead of compile time	Ben Fuhrmannek

2022-01-11	removed a few newlines	Ben Fuhrmannek

2021-09-23	config is stack allocated now + some code improvements (see details)	Ben Fuhrmannek
	* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable
2021-09-16	ported sid min/max restriction from suhosin	Ben Fuhrmannek

2021-09-03	fixed session encryption in php8 + related test cases	Ben Fuhrmannek

2021-08-14	fixed null pointer dereference	Ben Fuhrmannek

2021-08-03	fixed null pointer dereference	Ben Fuhrmannek

2019-06-20	Fix snufflepagus_globals linking issues and one mac compatibility issue	bef

2019-06-19	fix snufflepagus_globals linking issues and one mac compatibility issue	Ben Fuhrmannek

2019-02-23	Try to unify the includes	jvoisin

2019-02-23	Add php8 to travis and fix php7.4	jvoisin
	- Use clang-format on the code - Improve portability wrt. php8 - Fix php7.4 compatibility. See https://dustri.org/b/fixing-snuffleupagus-sloppy-comparison-on-array_keys-for-php74.html for a detailed writeup
2019-01-16	Fix a compilation warning	jvoisin

2019-01-12	Fix missing symbol when there is no session support	jvoisin
	It's possible to build PHP with sessions as a module, or even without sessions at all. This commit make it possible to use Snuffleupagus on those platforms.
2018-12-26	Fix the build for php7.0	jvoisin
	We only want to prevent crash/infinite recursion, we don't really care about the error/warning messages.
2018-12-26	Remove an unnecessary guard against infinite recursion in session handling	jvoisin
	This used to be useful in the times of PHP5.4/Suhosin (https://github.com/sektioneins/suhosin/issues/60), but nowadays, php is handling this case on its own.
2018-12-15	Improve simulation mode for session cookies (#259)	jvoisin
	Since decrypt_zval doesn't provide a way to tell apart failed and successful decryption when used in simulation mode, we'll have to restore the original value if something goes wrong, because crypto_secretbox_open might modify the value.
2018-10-06	Bump coverage again	jvoisin

2018-10-06	Bump a bit the coverage	jvoisin
	* `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable
2018-09-03	Add a const attribute, added in 7.3	Remi Collet

2018-08-30	Minor code cleanup	xXx-caillou-xXx

2018-08-28	Fix some compilation warnings	xXx-caillou-xXx

2018-07-18	Remove an useless check in session handling	kka

2018-07-13	Massively optimize how rules are handled	xXx-caillou-xXx
	This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`
2018-06-28	Better handling of filters for builtins	kkadosh

2018-05-29	Support session encryption	kkadosh
	Implement session encryption.