github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
979 Commits 55 Branches 109 Tags
Commit Graph

57 Commits

Author SHA1 Message Date
brenosilva
6335e5426c Added MULTIPART_INVALID_PART flag 2012-10-14 23:47:27 +00:00
brenosilva
592ec392d1 Remove ctl:ruleUpdateTarget* and add ctl:ruleRemovetarget* 2012-08-02 18:04:53 +00:00
brenosilva
1e8259b4a4 Avoid double close() for multipart file descriptors 2012-07-27 01:00:13 +00:00
brenosilva
3bb931e188 Fix warnings 2012-06-17 13:32:07 +00:00
brenosilva
e584123aba Fix quote validation in multipart code 2012-06-07 22:10:46 +00:00
brenosilva
988e78e9ab Fix quote validation in multipart code 2012-06-07 13:46:29 +00:00
brenosilva
d3ad05e9c9 MODSEC-312 2012-06-01 20:16:06 +00:00
brenosilva
104f0de46e New License 2011-03-30 14:12:44 +00:00
brenosilva
49732256f6 Improvements, fixes and new features 2011-03-25 13:51:13 +00:00
brenosilva
549f059480 move 2.5.13 into trunk 2010-12-08 18:58:18 +00:00
b1v1r
3a10f9fb8d Fix autoconf header and include path so trunk builds. 2010-08-31 18:35:55 +00:00
b1v1r
08edc0c26f Merge 2.5.x (2.5.12) changes into trunk. 2010-02-05 19:05:20 +00:00
b1v1r
b01f8190e4 Merged 2.5.x changes for 2.5.11 into trunk. 2009-11-06 18:38:15 +00:00
ivanr
8fe278e845 Change 'sanitise' to 'sanitize' everywhere, preserving the 'sanitise' action variants for backward compatibility. 2009-10-29 17:57:18 +00:00
b1v1r
826124b378 Merge 2.5.x changes to trunk. 2009-08-25 22:19:33 +00:00
b1v1r
dc0a2161ac Merge 2.5.9 changes into trunk. 2009-03-12 15:31:10 +00:00
brectanus
10713fbd37 Sync up branches/2.5.x and trunk. 2008-07-31 22:36:24 +00:00
brectanus
21f305095c Fixed warning for mixed CRLF/LF lines and LF lines in changeset:1070. See #504. 2008-06-05 18:03:20 +00:00
ivanr
81d98de283 Log strict multipart errors at level 4. 2008-06-05 13:52:30 +00:00
ivanr
043a5d6082 Handle the case when there isn't a new line after the final boundary in a multipart request. This fix takes care of the WordPress Flash file uploader problem. 2008-05-29 15:10:36 +00:00
brectanus
aa6be1614e Make sure all filehandles are closed at the end of a trasaction. See #464 and #465. 
Fixes a few typos in some error messages when we are over the limits.
 2008-03-28 20:00:37 +00:00
brectanus
f428d37680 Cleanup - remove extraneous whitespace and tabs. 2008-02-07 21:45:05 +00:00
brectanus
f8adea949c Implemented SecUploadFileMode. See #448. 2008-01-24 22:10:37 +00:00
brectanus
9fb03d277d Fixing code based on review comments... 
Cleaned up what vars are cacheable.
Added parens around "*foo++" where it clarified the operation to be "*(foo++)".
Added " at VARNAME" to operator matches where needed.
Escaped var->name in the var generation (user-supplied data).
Marked a bunch of TODOs as ENHs instead.
Transformed some C++ style comments to C style.
Removed the %0-9 macros code which was commented out.
Optimized some ctl action code so that multiple ifs are else ifs.
Implemented some error messages marked as ENH.
Make commented out acmp debugging a configure-time option.
Cleanup GEO debug log messages.
Added relative filename support for geo dbs.
Added help text to Sec* directives.
 2008-01-18 00:47:30 +00:00
brectanus
b5033e6e29 It is 2008 now :) 2008-01-11 00:00:31 +00:00
ivanr
bbcf1d08fc Added an APR-Util variant of character encoding conversion. 2007-12-03 14:46:00 +00:00
ivanr
c25071b832 Initial experimental implementation of SecRequestEncoding. See #390 for more details. 2007-12-03 14:04:53 +00:00
ivanr
575e86388a Implemented SecRequestBodyNoFilesLimit (#103). 2007-11-29 11:41:48 +00:00
brectanus
e47fdeb420 Changed %p formatter to APRs %pp (wish that was documented). 
Marked msr_log() as a printf style function so GNU compiler can check formatting types.
Fixed a few other warnings with msr_log() formatters.
 2007-11-26 22:53:51 +00:00
brectanus
aff6900539 Initial full pass through code to fix issues with 64-bit/mismatch sign/mismatch size printf style formatters. 
Still need to look more into how we are handling time and convert to apr_time_t (or time_t) where appropriate.
Still need to look into our use of 'long' as windows is LLP64 where 'long' is still 32-bit.
 2007-11-15 19:09:14 +00:00
ivanr
cd2287a412 Fix for an evasion false positive. 2007-11-08 18:12:51 +00:00
ivanr
b0d514478f Fix blocking multipart FP, which affected Safari. 2007-10-15 18:05:12 +00:00
ivanr
d5f3b9ce52 Fix multipart parser blocking FP with Safari ( 
(#317).
 2007-10-15 17:27:51 +00:00
brectanus
63a47c370e Prefer %d string formatter to %i so we do not get warnings on some platforms. 2007-09-27 21:34:29 +00:00
ivanr
79ee3a6a79 Process debug log statements only if the debug log level is sufficiently high. 2007-09-21 19:46:53 +00:00
brectanus
8549546b5e Add a cast to unsigned char * to avoid warning. 2007-09-11 17:59:14 +00:00
ivanr
fa2b97ddb4 Tidy code. Small bug fixes. 2007-09-07 16:01:28 +00:00
ivanr
0769f2378c More multipart improvements. Added MULTIPART_MISSING_SEMICOLON. 2007-09-07 13:16:40 +00:00
ivanr
9301461b33 Allow multipart C-T header to be up to 1024 bytes long. Some code cleanup (really ;). 2007-08-20 16:09:48 +00:00
ivanr
608f7f2b44 Fix LF line detection, add MULTIPART_CRLF_LINE, MULTIPART_CRLF_LF_LINES. 2007-08-20 15:25:05 +00:00
ivanr
239fa00957 Fix silly errors, typos. 2007-08-17 16:01:24 +00:00
ivanr
baf6f59dff Multipart parsing improvements. 2007-08-17 15:47:33 +00:00
ivanr
28d44486e3 Fixed data corruption in the multipart parser. 2007-08-10 15:59:54 +00:00
ivanr
222f1f6f78 Cleanup. MULTIPART_STRICT_ERROR now returns 1 on parsing error too. 2007-08-10 15:04:42 +00:00
ivanr
323f9f81a0 Better discovery of partial quoting evasion. 2007-08-10 14:51:55 +00:00
ivanr
b1949b7ebc Another check for evasion through partial quoting of multipart boundary. 2007-08-10 14:40:22 +00:00
ivanr
d0ac05c3ea Add check for evasion using double quote inside multipart boundary. 2007-08-10 14:37:04 +00:00
ivanr
5898e9e116 Fixed a potential segmentation fault, introduced with recent changes. 2007-08-10 14:24:13 +00:00
ivanr
716d0fd419 Added a check for nul bytes in multipart part headers. 2007-08-10 10:17:36 +00:00
ivanr
c85773b343 Added MULTIPART_UNMATCHED_BOUNDARY. Not very reliable, as it detects anything that looks like a boundary, which means any line that begins with -- but we don't think it's a boundary. 2007-08-10 09:59:57 +00:00