From 0abc394a29248bba99d9590a49ba7301dfa6cd58 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Tue, 25 Dec 2018 20:36:09 +0100
Subject: Tighten a bit the command-injection prevention rule

---
 config/default.rules | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'config/default.rules')

diff --git a/config/default.rules b/config/default.rules
index 6fac367..f8fb1f8 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -27,10 +27,10 @@ sp.disable_function.function("require").drop()
 sp.disable_function.function("include").drop()
 
 # Prevent `system`-related injections
-sp.disable_function.function("system").param("command").value_r("[$|;&`\\n]").drop();
-sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n]").drop();
-sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n]").drop();
-sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
+sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
+sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
+sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 
 # Prevent runtime modification of interesting things
 sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();
-- 
cgit v1.3