Title: Snuffleupagus 0.2.0 - Elephant Rally Date: 2018-01-18 22:30 [![snuffleupagus logo]({static}/images/sp.png)](https://snuffleupagus.readthedocs.org) Yay, a [new version of Snuffleupagus](https://github.com/nbs-system/snuffleupagus/releases/tag/v0.2.0), the `0.2.0`, codename **Elephant Rally** (after a *famous* [motorcycle rally]( https://en.wikipedia.org/wiki/Elephant_Rally )). If you don't know what Snuffleupagus is, you might want to read the [post about its previous release]({filename}/php/snuffleupagus_first_release.md). ## Changelog: This release brings a lot of goodies: - [`glob`]( https://en.wikipedia.org/wiki/Glob_%28programming%29 ) is now supported in `sp.configuration_file`, allowing you to use several configuration files without having to name them one by one. - We implemented a whitelist/blacklist system for functions called from an [`eval`](https://secure.php.net/manual/en/function.eval.php), likely [Suhosin]( https://suhosin.org/stories/howtos.html#blocking-functions ), except that we're allowing you to authorize/block user-defined functions too, and not only builtin ones. This comes with a small performance hit compared to suhosin, but we think that it's worth it. - If you're current configuration is broken, snuffleupagus will tell you, in your `phpinfo`. It'll also display the paths to your configuration files. This is a minor information leak, but there are other variables containing paths too, so we're convinced that it's acceptable. Especially since this feature might help to keep the number of tickets entitled "Snuffleupagus isn't working :(" on our bugtracker. - Thanks to the stubbornness of [fr33tux]( https://fr33tux.org ), we fixed two crashes that appeared when using some ultra-dense php frameworks with convoluted OOP code. - Since Snuffleupagus is not a proof of concept anymore, we spent some time tracking every single dynamic memory allocation, to ensure that it was freed at some point. We took the opportunity to decrease a bit the memory consumption. - Thanks to [valgrind]( http://valgrind.org/ ), we spotted (and fixed) some minor off-by-one in the configuration parsing code. - Good news for our windows users, we're now correctly handling your fancy EOL in the configuration files. - It's now possible to virtual-patch return values of user-defined function. - The codebase as been cleaned up, and has been made more portable: we're now compiling on FreeBSD and RHEL-based Linuxes. - The [documentation](https://snuffleupagus.readthedocs.io/) is now way more consistent and complete ## Contributions: While snuffleupagus is mainly developed by [blotus](https://github.com/blotus) and me, we received three external contributions! 1. From [bui]( http://memze.ro/ ), implementing regexp for cookie names for our cookie-encryption feature 2. From [smagnin]( https://github.com/smagnin ), overhauling our ultra-ghetto linked-list implementation to something more elegant. 3. From [Remi Collet]( https://github.com/remicollet ), who opened issues, issued pull-requests, and [published Snuffleupagus packages]( https://twitter.com/RemiRepository/status/953987776944500736 ) on [his repositories]( https://rpms.remirepo.net/ ), so maybe soon in Fedora, CentOS and Red Hat via [EPEL]( https://fedoraproject.org/wiki/EPEL )! We don't have [many issues]( https://github.com/nbs-system/snuffleupagus/milestone/4 ) for the next release, so I guess we're close to being feature-complete. Odds are that we'll focus on stabilizing the codebase, and make Snuffleupagus even more reliable. We might start to publish some of our rules for popular CMS if people are interested. See you in your PHP stack!