Gregor Klevze 037b176892 fix(scanner): avoid SVG/XML false positives; add allowlist and .gitignore ...

Relax payload scanner for XML/SVG by passing content-type into checks
Skip JS-style eval() detection when content-type is XML/SVG
Pass request Content-Type through sniff_file_for_php_payload() and raw-body checks
Add common XML/SVG content-types to allowlist.json
Add repository .gitignore (ignore logs, quarantine/, state/, env, vendor, IDE files)

2026-02-07 15:11:15 +01:00

33 KiB

Raw Blame History

View Raw