From cfb22fc95c6a9acab607dfd30cdfe9fe05cbb69d Mon Sep 17 00:00:00 2001
From: santii-git
Date: Tue, 30 Sep 2025 13:03:26 -0300
Subject: Make the default rules compatible via PHP8

---
 config/default.rules | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'config/default.rules')

diff --git a/config/default.rules b/config/default.rules
index 81c4072..c528191 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -61,11 +61,20 @@ sp.disable_function.function("mail").param("additional_params").value_r("\\-").d
 @end_condition;
 
 # This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80
-sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop();
+@condition PHP_VERSION_ID < 80000;
+    sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
+@condition PHP_VERSION_ID >= 80000;
+    sp.disable_function.function("putenv").param("assignment").value_r("GCONV_").drop()
+@end_condition;
 
 # Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
-sp.disable_function.function("extract").pos("0").value_r("^_").drop();
-sp.disable_function.function("extract").pos("1").value("0").drop();
+@condition PHP_VERSION_ID < 80000;
+sp.disable_function.function("extract").pos("0").value_r("^_").drop()
+sp.disable_function.function("extract").pos("1").value("0").drop()
+@condition PHP_VERSION_ID >= 80000;
+sp.disable_function.function("extract").param("array").value_r("^_").drop()
+sp.disable_function.function("extract").param("flags").value("0").drop()
+@end_condition;
 
 # This is also burned:
 # ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
@@ -88,12 +97,6 @@ sp.disable_function.function("include_once").drop();
 sp.disable_function.function("require").drop();
 sp.disable_function.function("include").drop();
 
-# Prevent `system`-related injections
-sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-sp.disable_function.function("shell_exec").pos("0").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
-
 # Prevent `system`-related injections
 sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
 @condition PHP_VERSION_ID < 80000;
-- 
cgit v1.3