Skip to content

Release/v4.1.1 --> main#223

Merged
DanBezalelpx merged 7 commits into
masterfrom
release/v4.1.1
Jul 5, 2026
Merged

Release/v4.1.1 --> main#223
DanBezalelpx merged 7 commits into
masterfrom
release/v4.1.1

Conversation

@DanBezalelpx

Copy link
Copy Markdown
Contributor

No description provided.

DorAshkenaziHuman and others added 7 commits January 29, 2026 15:25
Align sensitive route matching with the cross-enforcer spec by supporting
regex-format string patterns alongside existing plain-string prefix matching.
Patterns like "/^\/api\/.*\/payment$/i" are now detected and matched using
preg_match, while plain strings continue to use prefix matching for backward
compatibility.

- Add PerimeterxRouteUtils with normalizePath, convertStringToRegex, and
  isPathInPatterns
- Update PerimeterxContext to use PerimeterxRouteUtils::isPathInPatterns
- Add comprehensive unit tests for all matching modes
- Fix PHP 8.5 compatibility (PerimeterxLogger signature, PerimeterxPayload
  dynamic properties)
- Add sample site for manual testing of sensitive route patterns
- Update README with regex pattern documentation and trailing-slash caveat
When the _pxvid cookie contains a value that fails UUID validation,
store the raw value in orig_cookie_vid on the context and include it
in all activity details (page_requested, block, additional_s2s) and
the risk API request. Also adds enforcer_vid_source to all activities
and fixes the unanchored UUID validation regex in the S2S validator.
Paths with '..' segments that traverse above the root (e.g. '/../login')
would lose the leading '/' and normalize to 'login' instead of '/login',
allowing traversal-style URIs to bypass sensitive route detection.

Prevent array_pop from removing the root segment by only popping when
the resolved array has more than one element.
…ility

The \Stringable|string union type and :void return type require PHP 8.0+,
but the SDK supports PHP >=7.2.5. Revert to the original untyped signature.
@DanBezalelpx DanBezalelpx merged commit 87933b9 into master Jul 5, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants