2 files changed, 5 insertions, 5 deletions
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 09cb244..0f70c17 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -222,8 +222,8 @@ Contact `NBS System <https://nbs-system.com>`_.
 Unimplemented mitigations and abandoned ideas
 ---------------------------------------------
-Contant time comparisons
+Constant time comparisons
-""""""""""""""""""""""""
+"""""""""""""""""""""""""
 We didn't manage to perform time-based side-channel attacks on strings 
 against real world PHP application, and the results that we gathered on
 tailored test cases weren't concluding: for simplicity's sake, we chose
diff --git a/doc/source/features.rst b/doc/source/features.rst
index 076e4e4..bf535e1 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -6,8 +6,8 @@ killers and virtual-patching. The first category provides primitives to kill var
 bug families (like arbitrary code execution via ``unserialize`` for example) or rise the 
 cost of exploitation, the second one is a highly configurable system to patch functions in php itself.
-Bug classes killed
+Bug classes killed or mitigated
------------------
+-------------------------------
 ``system`` injections
 ^^^^^^^^^^^^^^^^^^^^^
@@ -22,7 +22,7 @@ Unfortunately, passing user-controlled parameters to it often leads to an arbitr
  --- `The PHP documentation about system <https://secure.php.net/manual/en/function.system.php>`_
-We're kind of killing it by filtering the ``$``, ``|``, ``;``, ````` and ``&`` chars in our 
+We're mitigating it by filtering the ``$``, ``|``, ``;``, `````, ``\n`` and ``&`` chars in our
 default configuration, making it a lot harder for an attacker to inject arbitrary commands.
 This family of vulnerabilities lead to various CVE, like:

diff --git a/doc/source/faq.rst b/doc/source/faq.rst index 09cb244..0f70c17 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst
@@ -222,8 +222,8 @@ Contact `NBS System <https://nbs-system.com>`_.
222	Unimplemented mitigations and abandoned ideas	222	Unimplemented mitigations and abandoned ideas
223	---------------------------------------------	223	---------------------------------------------
224		224
225	Contant time comparisons	225	Constant time comparisons
226	""""""""""""""""""""""""	226	"""""""""""""""""""""""""
227	We didn't manage to perform time-based side-channel attacks on strings	227	We didn't manage to perform time-based side-channel attacks on strings
228	against real world PHP application, and the results that we gathered on	228	against real world PHP application, and the results that we gathered on
229	tailored test cases weren't concluding: for simplicity's sake, we chose	229	tailored test cases weren't concluding: for simplicity's sake, we chose


diff --git a/doc/source/features.rst b/doc/source/features.rst index 076e4e4..bf535e1 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst
@@ -6,8 +6,8 @@ killers and virtual-patching. The first category provides primitives to kill var
6	bug families (like arbitrary code execution via ``unserialize`` for example) or rise the	6	bug families (like arbitrary code execution via ``unserialize`` for example) or rise the
7	cost of exploitation, the second one is a highly configurable system to patch functions in php itself.	7	cost of exploitation, the second one is a highly configurable system to patch functions in php itself.
8		8
9	Bug classes killed	9	Bug classes killed or mitigated
10	------------------	10	-------------------------------
11		11
12	``system`` injections	12	``system`` injections
13	^^^^^^^^^^^^^^^^^^^^^	13	^^^^^^^^^^^^^^^^^^^^^
@@ -22,7 +22,7 @@ Unfortunately, passing user-controlled parameters to it often leads to an arbitr
22		22
23	--- `The PHP documentation about system <https://secure.php.net/manual/en/function.system.php>`_	23	--- `The PHP documentation about system <https://secure.php.net/manual/en/function.system.php>`_
24		24
25	We're kind of killing it by filtering the ``$``, ``\|``, ``;``, ````` and ``&`` chars in our	25	We're mitigating it by filtering the ``$``, ``\|``, ``;``, `````, ``\n`` and ``&`` chars in our
26	default configuration, making it a lot harder for an attacker to inject arbitrary commands.	26	default configuration, making it a lot harder for an attacker to inject arbitrary commands.
27		27
28	This family of vulnerabilities lead to various CVE, like:	28	This family of vulnerabilities lead to various CVE, like: