summaryrefslogtreecommitdiff
path: root/doc/source/config.rst
diff options
context:
space:
mode:
authorjvoisin2017-10-01 21:46:02 +0200
committerjvoisin2017-10-01 21:46:02 +0200
commit7418a0e1e9b02aef8535e33d30cfb8f082680f69 (patch)
tree28caaf2ecc25a5e2d4104ac7552176d9cf81c5d3 /doc/source/config.rst
parentb5628fcc599919711171a5154f37ad90bd6b5065 (diff)
Fix some typos (courtesy of @sabban) and mention tests in the CONTRIBUTING.md file
Diffstat (limited to 'doc/source/config.rst')
-rw-r--r--doc/source/config.rst16
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 84fc193..25a6b73 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -38,7 +38,7 @@ global_strict
38^^^^^^^^^^^^^ 38^^^^^^^^^^^^^
39`default: disabled` 39`default: disabled`
40 40
41``global_strict`` will enable the `strict <https://secure.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict>`_ mode globally, 41``global_strict`` will enable the `strict <https://secure.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict>`_ mode globally,
42forcing PHP to throw a `TypeError <https://secure.php.net/manual/en/class.typeerror.php>`_ 42forcing PHP to throw a `TypeError <https://secure.php.net/manual/en/class.typeerror.php>`_
43exception if an argument type being passed to a function does not match its corresponding declared parameter type. 43exception if an argument type being passed to a function does not match its corresponding declared parameter type.
44 44
@@ -53,7 +53,7 @@ harden_random
53^^^^^^^^^^^^^ 53^^^^^^^^^^^^^
54 * `default: enabled` 54 * `default: enabled`
55 * `more <features.html#weak-prng-via-rand-mt-rand>`__ 55 * `more <features.html#weak-prng-via-rand-mt-rand>`__
56 56
57``harden_random`` will silently replace the insecure `rand <https://secure.php.net/manual/en/function.rand.php>`_ 57``harden_random`` will silently replace the insecure `rand <https://secure.php.net/manual/en/function.rand.php>`_
58and `mt_rand <https://secure.php.net/manual/en/function.mt-rand.php>`_ functions with 58and `mt_rand <https://secure.php.net/manual/en/function.mt-rand.php>`_ functions with
59the secure PRNG `random_int <https://secure.php.net/manual/en/function.random-int.php>`_. 59the secure PRNG `random_int <https://secure.php.net/manual/en/function.random-int.php>`_.
@@ -85,7 +85,7 @@ unserialize_hmac
85^^^^^^^^^^^^^^^^ 85^^^^^^^^^^^^^^^^
86 * `default: disabled` 86 * `default: disabled`
87 * `more <features.html#unserialize-related-magic>`__ 87 * `more <features.html#unserialize-related-magic>`__
88 88
89``unserialize_hmac`` will add integrity check to ``unserialize`` calls, preventing 89``unserialize_hmac`` will add integrity check to ``unserialize`` calls, preventing
90abritrary code execution in their context. 90abritrary code execution in their context.
91 91
@@ -101,7 +101,7 @@ auto_cookie_secure
101^^^^^^^^^^^^^^^^^^ 101^^^^^^^^^^^^^^^^^^
102 * `default: disabled` 102 * `default: disabled`
103 * `more <features.html#session-cookie-stealing-via-xss>`__ 103 * `more <features.html#session-cookie-stealing-via-xss>`__
104 104
105``auto_cookie_secure`` will automatically mark cookies as `secure <https://en.wikipedia.org/wiki/HTTP_cookie#Secure_cookie>`_ 105``auto_cookie_secure`` will automatically mark cookies as `secure <https://en.wikipedia.org/wiki/HTTP_cookie#Secure_cookie>`_
106when the web page is requested over HTTPS. 106when the web page is requested over HTTPS.
107 107
@@ -116,7 +116,7 @@ cookie_encryption
116^^^^^^^^^^^^^^^^^ 116^^^^^^^^^^^^^^^^^
117 * `default: disabled` 117 * `default: disabled`
118 * `more <features.html#session-cookie-stealing-via-xss>`__ 118 * `more <features.html#session-cookie-stealing-via-xss>`__
119 119
120.. warning:: 120.. warning::
121 121
122 To use this feature, you **must** set the :ref:`global.secret_key <config_global>` variable. 122 To use this feature, you **must** set the :ref:`global.secret_key <config_global>` variable.
@@ -151,7 +151,7 @@ upload_validation
151 * `default: disabled` 151 * `default: disabled`
152 * `more <features.html#remote-code-execution-via-file-upload>`__ 152 * `more <features.html#remote-code-execution-via-file-upload>`__
153 153
154``upload_validation`` will call a given script upon a file upload, with the path 154``upload_validation`` will call a given script upon a file upload, with the path
155to the file being uploaded as argument, and various information about it in the environment: 155to the file being uploaded as argument, and various information about it in the environment:
156 156
157* ``SP_FILENAME``: the name of the uploaded file 157* ``SP_FILENAME``: the name of the uploaded file
@@ -192,8 +192,8 @@ Snuffleupagus provides virtual-patching, via the ``disable_functions`` directive
192Admitting you have a call to ``system()`` that lacks proper user-input validation, thus leading to an **RCE**, this might be the right tool. 192Admitting you have a call to ``system()`` that lacks proper user-input validation, thus leading to an **RCE**, this might be the right tool.
193 193
194:: 194::
195 195
196 # Allow `id.php` to restrict system() calls to `id` 196 # Restrict calls to `system` to `id` in the `id.php` file
197 sp.disable_functions.function("system").filename("id.php").param("cmd").value("id").allow(); 197 sp.disable_functions.function("system").filename("id.php").param("cmd").value("id").allow();
198 sp.disable_functions.function("system").filename("id.php").drop() 198 sp.disable_functions.function("system").filename("id.php").drop()
199 199