Details
-
Type:
Improvement
-
Status: Done/Fixed
-
Priority:
Important
-
Resolution: Fixed/Completed
-
Affects Version/s: 4.7.23
-
Fix Version/s: 4.7.24
-
Component/s: Core CiviCRM
-
Labels:
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:Developer Doc
-
Funding Source:Core Team Contract
-
Verified?:No
Description
Background
==========
PHPIDS scans all HTTP inputs and applies heuristics to identify malicious
submissions. It relies on a having configuration about the list of fields
we'll process.
Before
======
The function `createConfigFile()` produces the standard configuration as an
INI file. The configuration was represented as an unalterable string.
After
=====
* The configuration is represented as an array.
* The configuration is generated via `createStandardConfig()`
* The configuration file is no longer used.
Acceptance Criteria
===================
* PHPIDS still protects most page-requests.
* The pre-existing PHPIDS policies still apply.
* Individual inputs for individual pages – such as the `civicase_reload` involved with CRM-20924 – can be flagged as `html`, `json`, or other `exception`s to the PHPIDS heuristics.
Attachments
Issue Links
- supplements
-
CRM-20924 Creating a new activity fails for demo user
-
- Done/Fixed
-
- links to
1.
|
Allow `civicrm_menu` to store new data in generic column |
|
Open | Unassigned |
|