Fix some typos (courtesy of @sabban) and mention tests in the CONTRIBUTING.md file

2 files changed, 13 insertions, 13 deletions

diff --git a/doc/source/config.rst b/doc/source/config.rst
index 84fc193..25a6b73 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -38,7 +38,7 @@ global_strict
 ^^^^^^^^^^^^^
 `default: disabled`
 
-``global_strict`` will enable the `strict <https://secure.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict>`_ mode globally, 
+``global_strict`` will enable the `strict <https://secure.php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict>`_ mode globally,
 forcing PHP to throw a `TypeError <https://secure.php.net/manual/en/class.typeerror.php>`_
 exception if an argument type being passed to a function does not match its corresponding declared parameter type.
 
@@ -53,7 +53,7 @@ harden_random
 ^^^^^^^^^^^^^
  * `default: enabled`
  * `more <features.html#weak-prng-via-rand-mt-rand>`__
- 
+
 ``harden_random`` will silently replace the insecure `rand <https://secure.php.net/manual/en/function.rand.php>`_
 and `mt_rand <https://secure.php.net/manual/en/function.mt-rand.php>`_ functions with
 the secure PRNG `random_int <https://secure.php.net/manual/en/function.random-int.php>`_.
@@ -85,7 +85,7 @@ unserialize_hmac
 ^^^^^^^^^^^^^^^^
  * `default: disabled`
  * `more <features.html#unserialize-related-magic>`__
- 
+
 ``unserialize_hmac`` will add integrity check to ``unserialize`` calls, preventing
 abritrary code execution in their context.
 
@@ -101,7 +101,7 @@ auto_cookie_secure
 ^^^^^^^^^^^^^^^^^^
  * `default: disabled`
  * `more <features.html#session-cookie-stealing-via-xss>`__
- 
+
 ``auto_cookie_secure`` will automatically mark cookies as `secure <https://en.wikipedia.org/wiki/HTTP_cookie#Secure_cookie>`_
 when the web page is requested over HTTPS.
 
@@ -116,7 +116,7 @@ cookie_encryption
 ^^^^^^^^^^^^^^^^^
  * `default: disabled`
  * `more <features.html#session-cookie-stealing-via-xss>`__
-   
+
 .. warning::
 
   To use this feature, you **must** set the :ref:`global.secret_key <config_global>` variable.
@@ -151,7 +151,7 @@ upload_validation
  * `default: disabled`
  * `more <features.html#remote-code-execution-via-file-upload>`__
 
-``upload_validation`` will call a given script upon a file upload, with the path 
+``upload_validation`` will call a given script upon a file upload, with the path
 to the file being uploaded as argument, and various information about it in the environment:
 
 * ``SP_FILENAME``: the name of the uploaded file
@@ -192,8 +192,8 @@ Snuffleupagus provides virtual-patching, via the ``disable_functions`` directive
 Admitting you have a call to ``system()`` that lacks proper user-input validation, thus leading to an **RCE**, this might be the right tool.
 
 ::
-   
-  # Allow `id.php` to restrict system() calls to `id`
+
+  # Restrict calls to `system` to `id` in the `id.php` file
   sp.disable_functions.function("system").filename("id.php").param("cmd").value("id").allow();
   sp.disable_functions.function("system").filename("id.php").drop()
 
diff --git a/doc/source/features.rst b/doc/source/features.rst
index bf535e1..fbb2a64 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -3,7 +3,7 @@ Features
 
 Snuffleupagus has a lot of features that can be divided in two main categories: bug-classes
 killers and virtual-patching. The first category provides primitives to kill various
-bug families (like arbitrary code execution via ``unserialize`` for example) or rise the 
+bug families (like arbitrary code execution via ``unserialize`` for example) or rise the
 cost of exploitation, the second one is a highly configurable system to patch functions in php itself.
 
 Bug classes killed or mitigated
@@ -171,7 +171,7 @@ It's worth noting that the PHP documentation contains the following warning:
 
   ``min`` ``max`` range must be within the range ``getrandmax()``. i.e. ``(max - min) <= getrandmax()``.
   Otherwise, ``rand()`` may return poor-quality random numbers.
-  
+
   --- `The PHP documentation about rand <https://secure.php.net/manual/en/function.rand.php>`_
 
 This is of course addressed as well by the ``harden_rand`` feature.
@@ -279,7 +279,7 @@ PHP7 introduced a **strict mode**, in which variables won't be coerced anymore,
 and a `TypeError <https://php.net/manual/en/class.typeerror.php>`_ exception will
 be raised if the types aren't matching.
 `Scalar type declarations <https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations>`_
-are optional, but you don't have to used them in your code to benefit from them,
+are optional, but you don't have to use them in your code to benefit from them,
 since every internal function from php has them.
 
 This option provide a switch to globally activate this strict mode,
@@ -307,7 +307,7 @@ and using this feature to lock this up.
 Dumping capabilities
 ^^^^^^^^^^^^^^^^^^^^
 It's possible to apply the ``dump()`` filter to any virtual-patching rule,
-to dump the complete web request, along with the filename and the corresponding 
+to dump the complete web request, along with the filename and the corresponding
 line number. By using the *right* set of restrictive rules (or by using the
 *overly* restrictives ones in ``simulation`` mode), you might be able
 to gather interesting vulnerabilities used against your website.
@@ -332,7 +332,7 @@ or ``is_callable`` with *suspicious* parameters.
 ``chmod`` hardening
 """""""""""""""""""
 
-Some PHP applications are using broad rights when using the ``chmod`` function, 
+Some PHP applications are using broad rights when using the ``chmod`` function,
 like the infamous ``chmod(777)`` command, effectively making the file writable by everyone.
 Snuffleupagus is preventing this kind of behaviour by restricting the parameters
 than can be passer to ``chmod``.