| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Splitting the testsuite in several components makes it easier to manage and comprehend.
This was also needed some some tests aren't passing on Alpine Linux, but we still want to run
as many of them as we can on this platform.
|
|
It's possible to build PHP with sessions as a
module, or even without sessions at all.
This commit make it possible to use Snuffleupagus
on those platforms.
|
|
|
|
|
|
|
|
Also bump a bit the coverage
|
|
|
|
We only want to prevent crash/infinite recursion,
we don't really care about the error/warning
messages.
|
|
|
|
|
|
|
|
This used to be useful in the times of PHP5.4/Suhosin
(https://github.com/sektioneins/suhosin/issues/60),
but nowadays, php is handling this case on its own.
|
|
|
|
|
|
This commit adds a php version of the upload_validation.py script.
|
|
Since decrypt_zval doesn't provide a way to tell apart failed and successful decryption when used in simulation mode, we'll have to restore the original value if something goes wrong, because crypto_secretbox_open might modify the value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is due to our modifications to the logging system
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* `setcookie` doesn't always return `true` anymore
* clang-format
* Cookies with invalid decryption are dropped, but the request isn't anymore
* faulty unserialize are now dumpable
|
|
|
|
Many thanks to @xXx-caillou-xXx for finding the true root cause and fixing the issue ♥
|
|
|
|
|
|
|
|
|
|
This should close #241
|
|
Use the PHP_BINARY constant instead of "php".
|
|
|
|
|
|
Since our configuration format is a bit more complex than php's one,
we have a `sp.allow_broken_configuration` parameter (`false` by default),
that you can set to `true` if you want PHP to carry on if your Snuffleupagus'
configuration contains syntax errors. You'll still get a big scary message in
your logs of course. We do **not** recommend to use it of course, but sometimes
it might be useful to be able to "debug in production" without breaking your
website.
|
|
This commit does two things:
- Implement matching on calltraces for ret
- Implement matching on ret of user functions if the return value is not used.
|
|
|
|
When calling glob() to get the configuration file location, the
GLOB_BRACE flag is used. This flag enables the parsing of '{a,b}', so
that '/path/{a,b}' represents '/path/a' and '/path/b'. Looking at
Snuffleupagus' documentation I saw nowhere this kind of path was
supported. Instead the documentation shows that glob() is used for paths
with wildcards.
The use of GLOB_BRACE is problematic as it is glibc specific and is not
supported by some other C libraries, such as Musl. Snuffleupagus cannot
be used in Apline for this reason.
Since the documentation does not give a valid usage of GLOB_BRACE this
patch removes it, which fixes the non-glibc support.
Signed-off-by: Antoine Tenart <antoine.tenart@ack.tf>
|
|
Ensure that certificates are verified in curl
should close #47
|
