Extend MD_JAIL with .user_ini proposals for restricting maximum inputs

This commit is contained in:
Joshua Ramon Enslin 2020-11-12 19:54:43 +01:00 committed by Stefan Rohde-Enslin
parent 5130477e4b
commit 95537fb60e
Signed by: jrenslin
GPG Key ID: 46016F84501B70AE

View File

@ -42,7 +42,7 @@ final class MD_JAIL {
* Static function providing an advisory on how to harden the php.ini or * Static function providing an advisory on how to harden the php.ini or
* .user.ini. * .user.ini.
* *
* @param array{shell_access_whitelist: string[], sys_function_whitelist: string[], file_function_whitelist: string[], file_uploads: bool, allow_url_fopen: bool, max_input_vars: integer, max_input_nesting_level: integer, curl: bool} $requested_resources Requested resources. * @param array{shell_access_whitelist: string[], sys_function_whitelist: string[], file_function_whitelist: string[], file_uploads: bool, allow_url_fopen: bool, max_input_vars: integer, max_input_nesting_level: integer, post_max_size: string, curl: bool} $requested_resources Requested resources.
* *
* @return string * @return string
*/ */
@ -96,13 +96,16 @@ final class MD_JAIL {
$output .= PHP_EOL . PHP_EOL . '## .user.ini' . PHP_EOL; $output .= PHP_EOL . PHP_EOL . '## .user.ini' . PHP_EOL;
if ($requested_resources['file_uploads'] === false) { if ($requested_resources['file_uploads'] === false) {
$output .= PHP_EOL . "php_value[upload_max_filesize] = 1"; $output .= PHP_EOL . "upload_max_filesize = 1";
} }
if ($requested_resources['max_input_vars'] != ini_get("max_input_vars")) { if ($requested_resources['max_input_vars'] != ini_get("max_input_vars")) {
$output .= PHP_EOL . "php_value[max_input_vars] = " . $requested_resources['max_input_vars']; $output .= PHP_EOL . "max_input_vars = " . $requested_resources['max_input_vars'];
} }
if ($requested_resources['max_input_nesting_level'] != ini_get("max_input_nesting_level")) { if ($requested_resources['max_input_nesting_level'] != ini_get("max_input_nesting_level")) {
$output .= PHP_EOL . "php_value[max_input_nesting_level] = " . $requested_resources['max_input_nesting_level']; $output .= PHP_EOL . "max_input_nesting_level = " . $requested_resources['max_input_nesting_level'];
}
if ($requested_resources['post_max_size'] != ini_get("post_max_size")) {
$output .= PHP_EOL . "post_max_size = " . $requested_resources['post_max_size'];
} }
$output .= PHP_EOL . PHP_EOL . '## PHPStan Directives' . PHP_EOL . PHP_EOL . " disallowedFunctionCalls:" . PHP_EOL; $output .= PHP_EOL . PHP_EOL . '## PHPStan Directives' . PHP_EOL . PHP_EOL . " disallowedFunctionCalls:" . PHP_EOL;