Snuffleupagus 0.8.3 - Elephant Gambit
Sat 27 August 2022 — download

snuffleupagus logo

I just published a new release of Snuffleupagus, the hardening module for php7+ and php8+, the version 0.8.3, codename "Elephant Gambit", named after the chess opening.

This release is mostly a bugfix one, with a couple of novelties due to Laluka asking for them. Odds are that we might give a talk together in the future about them.

Changelog

New features

  • Add the ability to dump the parameter passed to eval
  • Add the ability to match on eval's parameter
  • Add optional extended checks for readonly_exec
  • Add config error for ini rules with identical key
  • Add disabled functions return type to config export

Breaking Changes

  • Mix the stacktrace in the sha256 for the filename of .dump()

Bug fixes

  • Make it actually possible to configure sloppy comparison on latests PHP7
  • Allow file:// prefix in include() with readonly_exec mode
  • Fix a possible crash when exporting function list
  • Fix a minor memory leak when parsing cookie-related configuration

As usual, if you want to help, we have some low hanging fruits

See you in your PHP stack!