Christian Folini
Christian Folini
Status on the PR: We have a hard time with the review as we do not have an active CRS developer running NextCloud / OwnCloud with enough time at hand...
@Magicrafter13 : Part of the review is to prove your assumption is correct. Other than that a review also makes sure the whole thing fits into our policy, follows our...
@Magicrafter13 : Your hit on 920170 is troubling. I can not see a browser hitting this rule. If Nextcloud is provoking this in a consistent way, then this is highly...
@azurit I think we can talk about making this an official plugin, but there is no need to make sure it is in RC1. Plugins will have their own release...
#2480 did not carry the v4 milestone tag / label so far. So it has not really been considered. @lifeforms is the release manager and with the Monday meeting we...
If loginject does the lowercase itself, then there is maybe really no point in carrying it. Yet this is the workhorse of sqli detection, so this is a substantial risk...
Added "needs action" label so it really stands out in the PR overview.
I like your solutions and I agree that more is tough.
On the bright side, rule 931130 is being triggered by this payload. ``` $ curl localhost -d 'foo=more ${PATH:0:1}etc${PATH:0:1}passwd' ``` The minium to trigger 931130 is ``` $ curl localhost...
Issue covered in the [September issue chat](https://github.com/coreruleset/coreruleset/issues/2185#issuecomment-913804183). @lifeforms is in the best position to solve this. It's just that his plate is very full. So this may take some time...