53cd2a6e86
Changes:
- Added tab character ("\t") to dangerous characters list as token separator
- Removed redundant regex-based preg_match block (lines 147-152)
- Characters $(, ${, and backticks were already covered in $dangerousChars array
- Simplified function to rely solely on $dangerousChars loop
Security improvement:
- Tab characters can act as token separators in shell contexts
- Now explicitly blocked with descriptive error message
Tests:
- Added test for tab character blocking
- All 78 security tests pass (213 assertions)
- No regression in existing functionality
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| api.php | ||
| applications.php | ||
| constants.php | ||
| databases.php | ||
| docker.php | ||
| domains.php | ||
| github.php | ||
| notifications.php | ||
| parsers.php | ||
| proxy.php | ||
| remoteProcess.php | ||
| services.php | ||
| shared.php | ||
| socialite.php | ||
| subscriptions.php | ||
| sudo.php | ||
| timezone.php | ||