From 7f5f00eaa6be38e4fe39e3eb6424c2be7fd40907 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sat, 25 Apr 2020 15:29:00 +0200
Subject: Fix and improve the previous commit

---
 config/default.rules | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'config/default.rules')

diff --git a/config/default.rules b/config/default.rules
index 9dfa68e..040a54b 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -46,7 +46,8 @@ sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
 sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
 
 # Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
-sp.disable_function.function("extract").param("array").value_r("^_").drop()
+sp.disable_function.function("extract").param("var_array").value_r("^_").drop()
+sp.disable_function.function("extract").param("extract_type").value("0").drop()
 
 # This is also burned:
 # ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
-- 
cgit v1.3