phpMussel Files

=== Version/Release 0.9.0 === MINOR RELEASE (Signatures 55+21062+9).

• [2015.10.28; NEW FEATURE; Maikuolan]: A plugin system has been built and integrated into phpMussel, so, as of now, phpMussel supports plugins! This means that it's now possible to add certain types of functionality to phpMussel without the need to edit the core script or any default files. Refer github.com/Maikuolan/phpMussel/issues/23 Refer spambotsecurity.com/forum/viewtopic.php?f=57&t=3648 Also, if you're interested in developing plugins for phpMussel, a plugin boilerplate including descriptions of the hooks that currently exist with instructions included for how to use them has been created and can be found and downloaded from github.com/Maikuolan/phpMussel-plugin-boilerplate

• [2015.11.04; Sub-minor code change; Maikuolan]: Added some additional hooks to the core script for the plugin system.

• [2015.11.04; NEW FEATURE; Maikuolan]: Added support for a new type of logfile for phpMussel scan results: Serialised scan results! So, as of now, phpMussel can record and store scan results in a serialised format (this may potentially become a requirement for some certain future plugins). Note, however, that although serialised logging seems to work correctly for normal file uploads, there are some problems with serialised logging in CLI mode at this time. I intend to resolve these problems very soon, but, serialised logging may seem a little weird at the moment if you use it in CLI mode. Refer github.com/Maikuolan/phpMussel/issues/54

• [2015.11.05; Bug-fix; Maikuolan]: Found and fixed a bug whereby the starting and finishing time of scans performed in CLI mode under Windows required "scan_log" to be enabled in order to display correctly.

• [2015.11.05; Sub-minor code change; Maikuolan]: Added "MD" to the list of file extensions ignored by the in-built PHP chameleon attack detection code in order to avoid false positives occurring as a result of scanning documentation and other similar such files.

• [2015.11.06; Sub-minor code change; Maikuolan]: Cleaned up some of the code of the core script [phpmussel.inc]; The order in which some certain variables were defined wasn't ideal, and has been rearranged accordingly; A number of internal variable names have changed (shouldn't affect compatibility in any way or affect any signatures and etc) in order to improve context (where, in some cases, it was lacking) and to make more sense than was previously the case; Some minor optimisation done where found to be possible; Dropped one of the language data entries due to no longer being required and added some new entries to allow non-ascii fullstops and exclamation marks (fullwidth, halfwidth, etc).

• [2015.11.11; Bug-fix; Maikuolan]: Corrected an issue where some $_POST variables were being manually defined (this should never happen!) by the loader [phpmussel.php], which caused some conflicts between phpMussel and certain CMS.

• [2015.11.14; Sub-minor code change; Maikuolan]: Added two new hooks for the plugin system to the loader file [phpmussel.php]; Modified the changelog header in preparation for switching to the SemVer versioning standard.

• [2015.11.15; Sub-minor code change; Maikuolan]: Added a new hook for the plugin system to the updater [update.inc].

• [2015.11.16; Bug-fix; Maikuolan]: Bug found by BugBuster1701 whereby "Array" would be cited as the original filename of files being uploaded (instead of the actual original filenames) and those files would be blocked from being uploaded, citing the reason of "Unauthorised file upload manipulation detected (Array)!", if those files were being uploaded using a webform whose file field (or fields) handled entries as arrays; Fixed. Refer github.com/Maikuolan/phpMussel/issues/74

• [2015.11.16-23; Signatures update; Maikuolan]: Multiple problematic false positives found by BugBuster1701 (thanks for finding these!); Fixed. Refer github.com/Maikuolan/phpMussel/issues/75 Refer github.com/Maikuolan/phpMussel/issues/76 Refer github.com/Maikuolan/phpMussel/issues/77

• [2015.11.27; Sub-minor code change; Maikuolan]: Added code to temporarily, during the execution of phpMussel, modify the default value of the "pcre.recursion_limit" directive. This, along with the already existing code to temporarily modify the default value of the "pcre.backtrack_limit" directive, should serve as a reinforcing measure to protect against the PCRE runaway backticking bug, originally mentioned during the release of "v0.3g". Additionally, some related (but non-critical) issues have been found with the current phpMussel code for normalising and decoding encoded data; In order to resolve these issues, further changes may be made in the near future. Refer spambotsecurity.com/forum/viewtopic.php?f=58&t=2794 Refer php.net/manual/en/pcre.configuration.php Also relates to the goal of improving data decoding procedures.

Maikuolan, 30th November 2015.