prep for 0.9.37.1

sektioneins · Dec 12, 2014 · 81a1667 · 81a1667
1 parent 275a705
commit 81a1667
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/Changelog b/Changelog
@@ -1,3 +1,7 @@
+2014-12-12 - 0.9.37.1
+    - Changed version string to 0.9.37.1 (without -dev)
+    - Relaxed array index blacklist (removed '-') due to wordpress incompatibility
+
 2014-12-03 - 0.9.37
 
     - Added SQL injection protection for Mysqli and several test cases

diff --git a/php_suhosin.h b/php_suhosin.h
@@ -22,7 +22,7 @@
 #ifndef PHP_SUHOSIN_H
 #define PHP_SUHOSIN_H
 
-#define SUHOSIN_EXT_VERSION  "0.9.37"
+#define SUHOSIN_EXT_VERSION  "0.9.37.1"
 
 /*#define SUHOSIN_DEBUG*/
 #define SUHOSIN_LOG "/tmp/suhosin_log.txt"

diff --git a/suhosin.c b/suhosin.c
@@ -824,7 +824,7 @@ PHP_INI_BEGIN()
         STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
         STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
 		STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
-		STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+-<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
+		STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
         STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
         STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
 

diff --git a/suhosin.ini b/suhosin.ini
@@ -1210,11 +1210,14 @@
 ; suhosin.request.array_index_blacklist
 ; -------------------------------------
 ; * Type: String
-; * Default: "'\"+-<>;()"
+; * Default: "'\"+<>;()"
 ; 
 ; Defines a character blacklist for array indices not allowed in user input.
 ; 
-;suhosin.request.array_index_blacklist = "'\"+-<>;()"
+; Note: The default value also contained '-' in 0.9.37, which was removed in
+; 0.9.37.1 due to incompatibility issues.
+; 
+;suhosin.request.array_index_blacklist = "'\"+<>;()"
 ;
 
 ; suhosin.request.array_index_whitelist