summaryrefslogtreecommitdiff
path: root/src (follow)
AgeCommit message (Collapse)Author
2021-08-07fixed doulbe hookBen Fuhrmannek
2021-08-07removed incorrect duplicate checkBen Fuhrmannek
2021-08-07fixed tests due to output changesBen Fuhrmannek
2021-08-07fixed cidr matching and test casesBen Fuhrmannek
2021-08-07fixed test caseBen Fuhrmannek
2021-08-07unit tests for ini protection featureBen Fuhrmannek
2021-08-07more ini protection featuresBen Fuhrmannek
2021-08-07prevent STDERR debug output based on SP_NODEBUG environment variableBen Fuhrmannek
2021-08-06implemented ini settings protectionBen Fuhrmannek
2021-08-06restructured function hooks, implemented unhookBen Fuhrmannek
2021-08-06fixed incorrect debug log invocationBen Fuhrmannek
2021-08-06removed useless assignmentBen Fuhrmannek
2021-08-06debug log to dup'd stderr / php is closing stderr during shutdownBen Fuhrmannek
2021-08-03fixed mem leak in parserBen Fuhrmannek
2021-08-03fixed incorrect use of free()/efree()Ben Fuhrmannek
2021-08-03fixed mem leak in get_paramBen Fuhrmannek
2021-08-03simplified string concatBen Fuhrmannek
2021-08-03fixed memleaks in zval encryption/decryption routinesBen Fuhrmannek
2021-08-03fixed mem leak in parse_disabled_functionsBen Fuhrmannek
2021-08-03fixed mem leak in cidr parser and multiple mem leaks triggered by duplicate ↵Ben Fuhrmannek
keywords
2021-08-03fixed null pointer dereferenceBen Fuhrmannek
2021-08-03removed unused variableBen Fuhrmannek
2021-08-02properly free memory on shutdownBen Fuhrmannek
2021-08-02Merge branch 'master' of https://github.com/jvoisin/snuffleupagusBen Fuhrmannek
2021-07-28Sprinkle even more `const`jvoisin
2021-07-25Replace an odd call to strtok_r().WhiteWinterWolf
2021-07-22Sprinkle some constjvoisin
2021-05-09Add some guard to prevent hooking recursionjvoisin
This shouldn't be necessary, but better safe than sorry.
2021-05-09strtok/strtok_r is a thing from the past, don't use it.jvoisin
2021-05-09Add some checks to prevent recursion upon config reloadingjvoisin
2021-05-09Fix disable function chmodWhiteWinterWolf
2021-05-09Fix the testsuite on php7.4jvoisin
2021-05-09Allow session-related things to fail on php8 for nowjvoisin
2021-05-09Fix the testsuite on fedorajvoisin
2021-05-09Fix compilation on non-pcre2 targetsjvoisin
2021-05-08Remove some memory-leaksjvoisin
2021-05-08Add a test for #390jvoisin
2021-05-08Fix a memory leak when using pcre2jvoisin
2021-05-08Handle a possible issue with regexpjvoisin
Gracefully handle the case where we can't get allocated memory when trying to match a regex.
2021-04-28A pass of clang-formatjvoisin
2021-04-28Simplify a bit get_ip()jvoisin
2021-04-28Add some logging for the XXE mitigationjvoisin
2021-04-27Protect against XXE in php8jvoisin
PHP8 disables external entities by default, but they can still be explicitly used (cf. https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/), which is bad™. The right way to defend against XXE is now to set libxml_set_external_entity_loader to null.
2021-04-27Fix SKIPIF output syntax errorTristan Deloche
2021-04-26Make it easier to figure functions parameters' namesJulien Voisin
2021-03-26Add PHP8 for linux distributions on the CIJulien Voisin
2021-02-18fix broken testsBen Fuhrmannek
2021-02-18rewrote parameter matching logic. breaks compatibility with previous versions.Ben Fuhrmannek
2021-02-18log forging protectionBen Fuhrmannek
2021-02-16fix broken testsBen Fuhrmannek