github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,281 Commits 55 Branches 109 Tags
Commit Graph

71 Commits

Author SHA1 Message Date
Ervin Hegedus
e7e11d972f
Merge pull request #3202 from marcstern/v2/pr/assert 
Fixed assert() usage
 2024-08-18 22:58:06 +02:00
Ervin Hegedus
f27c85cf47
Check if the MP header contains invalid character 2024-08-13 11:07:18 +02:00
Marc Stern
7c379c8d59 Fixed assert() usage: 
- added some missing
 - removed some invalid
 - removed some that were not relevant in the context of the current function, when done in a called function
 2024-07-31 11:17:36 +02:00
Marc Stern
538ffa6baa Added some null pointer checks. 
Added a design doc.
 2024-04-04 15:45:55 +02:00
Marc Stern
91da5872c1 Many null pointer checks 2024-02-20 13:15:52 +01:00
Martin Vierula
8038a529c0
Copyright line updates 2022-12-21 07:07:14 -08:00
Martin Vierula
7a489bd07c
Multipart parsing fixes and new MULTIPART_PART_HEADERS collection 2022-09-07 11:09:47 -07:00
Martin Vierula
065dbe7e76
Multipart names may include single quote if double-quote enclosed 2021-12-22 10:37:03 -08:00
Allan Boll
7af8363fd4 Less strict multipart parsing 2018-11-21 12:47:56 -05:00
Felipe Zimmerle
61bce8d9a9
Cosmetics: moving declaration to the too of the block 2017-07-14 13:47:30 -03:00
Robert Paprocki
709042a472
Don't unnecessarily rename request body parts in cleanup 
When tmp_dir and upload_dir are identical, there's no reason to
rename multipart and request body parts, as this is a non-op. Let's
save the cycles and syscall.
 2016-10-10 10:06:38 -03:00
Felipe Zimmerle
1e63e49db4 Uses %zu to print size_t instead of %d. 
This will help to reduce the amount of warnings during the compilation
See #631 for further information.
 2014-03-31 16:22:11 -07:00
Breno Silva
aa18ec7f45 Updated copyright dates 2013-04-19 03:20:46 -04:00
Breno Silva
4db1f51f39 Added MULTIPART_NAME and MULTIPART_FILENAME variables 2013-03-04 11:54:13 -04:00
brenosilva
6335e5426c Added MULTIPART_INVALID_PART flag 2012-10-14 23:47:27 +00:00
brenosilva
592ec392d1 Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget* 2012-08-02 18:04:53 +00:00
brenosilva
1e8259b4a4 Avoid double close() for multipart file descriptors 2012-07-27 01:00:13 +00:00
brenosilva
3bb931e188 Fix warnings 2012-06-17 13:32:07 +00:00
brenosilva
e584123aba Fix quote validation in multipart code 2012-06-07 22:10:46 +00:00
brenosilva
988e78e9ab Fix quote validation in multipart code 2012-06-07 13:46:29 +00:00
brenosilva
d3ad05e9c9 MODSEC-312 2012-06-01 20:16:06 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
3a10f9fb8d Fix autoconf header and include path so trunk builds. 2010-08-31 18:35:55 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
b1v1r
b01f8190e4 Merged 2.5.x changes for 2.5.11 into trunk. 2009-11-06 18:38:15 +00:00
ivanr
8fe278e845 Change 'sanitise' to 'sanitize' everywhere, preserving the 'sanitise' action variants for backward compatibility. 2009-10-29 17:57:18 +00:00
b1v1r
826124b378 Merge 2.5.x changes to trunk. 2009-08-25 22:19:33 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
21f305095c Fixed warning for mixed CRLF/LF lines and LF lines in changeset:1070. See #504. 2008-06-05 18:03:20 +00:00
ivanr
81d98de283 Log strict multipart errors at level 4. 2008-06-05 13:52:30 +00:00
ivanr
043a5d6082 Handle the case when there isn't a new line after the final boundary in a multipart request. This fix takes care of the WordPress Flash file uploader problem. 2008-05-29 15:10:36 +00:00
brectanus
aa6be1614e Make sure all filehandles are closed at the end of a trasaction. See #464 and #465. 
Fixes a few typos in some error messages when we are over the limits.
 2008-03-28 20:00:37 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
f8adea949c Implemented SecUploadFileMode. See #448. 2008-01-24 22:10:37 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
ivanr
bbcf1d08fc Added an APR-Util variant of character encoding conversion. 2007-12-03 14:46:00 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
ivanr
cd2287a412 Fix for an evasion false positive. 2007-11-08 18:12:51 +00:00
ivanr
b0d514478f Fix blocking multipart FP, which affected Safari. 2007-10-15 18:05:12 +00:00
ivanr
d5f3b9ce52 Fix multipart parser blocking FP with Safari ( 
(#317).
 2007-10-15 17:27:51 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
ivanr
79ee3a6a79 Process debug log statements only if the debug log level is sufficiently high. 2007-09-21 19:46:53 +00:00
brectanus
8549546b5e Add a cast to unsigned char * to avoid warning. 2007-09-11 17:59:14 +00:00