diff --git a/Changelog b/Changelog index 6cd25c8..4ccb5b9 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,7 @@ +2014-12-12 - 0.9.37.1 + - Changed version string to 0.9.37.1 (without -dev) + - Relaxed array index blacklist (removed '-') due to wordpress incompatibility + 2014-12-03 - 0.9.37 - Added SQL injection protection for Mysqli and several test cases diff --git a/php_suhosin.h b/php_suhosin.h index 5987345..80c7675 100644 --- a/php_suhosin.h +++ b/php_suhosin.h @@ -22,7 +22,7 @@ #ifndef PHP_SUHOSIN_H #define PHP_SUHOSIN_H -#define SUHOSIN_EXT_VERSION "0.9.37" +#define SUHOSIN_EXT_VERSION "0.9.37.1" /*#define SUHOSIN_DEBUG*/ #define SUHOSIN_LOG "/tmp/suhosin_log.txt" diff --git a/suhosin.c b/suhosin.c index 8ce279d..5b24789 100644 --- a/suhosin.c +++ b/suhosin.c @@ -824,7 +824,7 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals) - STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+-<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) + STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals) STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals) diff --git a/suhosin.ini b/suhosin.ini index e739dff..d5a6b24 100644 --- a/suhosin.ini +++ b/suhosin.ini @@ -1210,11 +1210,14 @@ ; suhosin.request.array_index_blacklist ; ------------------------------------- ; * Type: String -; * Default: "'\"+-<>;()" +; * Default: "'\"+<>;()" ; ; Defines a character blacklist for array indices not allowed in user input. ; -;suhosin.request.array_index_blacklist = "'\"+-<>;()" +; Note: The default value also contained '-' in 0.9.37, which was removed in +; 0.9.37.1 due to incompatibility issues. +; +;suhosin.request.array_index_blacklist = "'\"+<>;()" ; ; suhosin.request.array_index_whitelist