| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-06-12 | update snuffleupagus.h with new version | kka | |
| 2019-05-14 | Fix the cookie's handling for PHP7.3+ | jvoisin | |
| PHP 7.3+ added a new prototype for the cookie setting mechanism, breaking our ghetto samesite-injection, this commit takes care of it. | |||
| 2019-02-23 | Try to unify the includes | jvoisin | |
| 2019-02-23 | Fix the testsuite on php8. | jvoisin | |
| In php8, it's non-trivial to hook strlen, since this function is usually optimized away by the compiler. | |||
| 2019-02-23 | Add php8 to travis and fix php7.4 | jvoisin | |
| - Use clang-format on the code - Improve portability wrt. php8 - Fix php7.4 compatibility. See https://dustri.org/b/fixing-snuffleupagus-sloppy-comparison-on-array_keys-for-php74.html for a detailed writeup | |||
| 2019-02-11 | Fix a warning on FreeBSD | avkarenow | |
| This should fix the following: ```C snuffleupagus/src/sp_config.c:193:10: warning: implicit declaration of function 'getline' is invalid in C99 [-Wimplicit-function-declaration] while (getline(&lineptr, &n, fd) > 0) { ^ 1 warning generated. ``` | |||
| 2019-01-16 | Fix a compilation warning | jvoisin | |
| 2019-01-14 | Reorganize the testsuite | jvoisin | |
| Splitting the testsuite in several components makes it easier to manage and comprehend. This was also needed some some tests aren't passing on Alpine Linux, but we still want to run as many of them as we can on this platform. | |||
| 2019-01-12 | Fix missing symbol when there is no session support | jvoisin | |
| It's possible to build PHP with sessions as a module, or even without sessions at all. This commit make it possible to use Snuffleupagus on those platforms. | |||
| 2019-01-12 | Make compilation stop gracefully in the absence of PCRE | jvoisin | |
| 2019-01-03 | Add a gitlab-ci file, and a fix test on Fedora | jvoisin | |
| 2019-01-01 | Fix a harmless-but-invalid zend_string_release | jvoisin | |
| 2018-12-26 | Document that it's not possible to hook builtins via regexp | jvoisin | |
| Also bump a bit the coverage | |||
| 2018-12-26 | Add two eval-related tests | jvoisin | |
| 2018-12-26 | Fix the build for php7.0 | jvoisin | |
| We only want to prevent crash/infinite recursion, we don't really care about the error/warning messages. | |||
| 2018-12-26 | Fix the build for php7.0 and php7.1 | jvoisin | |
| 2018-12-26 | Bump a bit the coverage | jvoisin | |
| 2018-12-26 | Add a PHP5 guard | jvoisin | |
| 2018-12-26 | Remove an unnecessary guard against infinite recursion in session handling | jvoisin | |
| This used to be useful in the times of PHP5.4/Suhosin (https://github.com/sektioneins/suhosin/issues/60), but nowadays, php is handling this case on its own. | |||
| 2018-12-26 | Make the testsuite a bit more portable | jvoisin | |
| 2018-12-21 | bump the changelogv0.4.1 | kka | |
| 2018-12-15 | Provide a php script, to get rid of the python one for test suite | Remi Collet | |
| This commit adds a php version of the upload_validation.py script. | |||
| 2018-12-15 | Improve simulation mode for session cookies (#259) | jvoisin | |
| Since decrypt_zval doesn't provide a way to tell apart failed and successful decryption when used in simulation mode, we'll have to restore the original value if something goes wrong, because crypto_secretbox_open might modify the value. | |||
| 2018-11-18 | Minor code clarification | jvoisin | |
| 2018-10-25 | Minor formatting issue | jvoisin | |
| 2018-10-25 | Snuffleupagus should now compile on Windows | jvoisin | |
| 2018-10-09 | Bump again | jvoisin | |
| 2018-10-09 | Bump coverage | jvoisin | |
| 2018-10-09 | Bump the coverage a bit | jvoisin | |
| 2018-10-09 | Remove 3 useless lines | jvoisin | |
| 2018-10-09 | Don't check the return values of functions that might not return (#255) | jvoisin | |
| This is due to our modifications to the logging system | |||
| 2018-10-09 | Improve mb_string hooking logic | jvoisin | |
| 2018-10-08 | Add a test | jvoisin | |
| 2018-10-06 | Add a missing opcode in sp_execute_ex | jvoisin | |
| 2018-10-06 | Coverage++ | jvoisin | |
| 2018-10-06 | Bump coverage again | jvoisin | |
| 2018-10-06 | Bump coverage again | jvoisin | |
| 2018-10-06 | Fix the silly mistake for good | jvoisin | |
| 2018-10-06 | Fix a silly mistake | jvoisin | |
| 2018-10-06 | Add a test | jvoisin | |
| 2018-10-06 | Bump a bit the coverage | jvoisin | |
| * `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable | |||
| 2018-10-06 | Remove sp_terminate and bump a bit the coverage | jvoisin | |
| 2018-10-05 | Fix segfault array keys | kkadosh | |
| Many thanks to @xXx-caillou-xXx for finding the true root cause and fixing the issue ♥ | |||
| 2018-09-10 | Minor code simplification | jvoisin | |
| 2018-09-10 | Improve a bit the coverage | jvoisin | |
| 2018-09-10 | Bump the coverage | jvoisin | |
| 2018-09-03 | Add a const attribute, added in 7.3 | Remi Collet | |
| 2018-09-03 | Fix #241 segfault on 32-bit related to bad protype (#242) | Remi Collet | |
| This should close #241 | |||
| 2018-09-01 | Use php full path | Remi Collet | |
| Use the PHP_BINARY constant instead of "php". | |||
| 2018-08-31 | Bump the changelogv0.4.0 | jvoisin | |
 |
index : snuffleupagus | |
| Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! |
| summaryrefslogtreecommitdiff |