1 files changed, 15 insertions, 1 deletions
diff --git a/doc/source/features.rst b/doc/source/features.rst
index d7f6f7f..3855f2a 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -381,7 +381,7 @@ and using this feature to lock this up.
 Whitelist of stream-wrappers
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Php comes with a `lot of different <https://secure.php.net/manual/en/wrappers.php>`__
+PHP comes with a `lot of different <https://secure.php.net/manual/en/wrappers.php>`__
 `stream wrapper <https://secure.php.net/manual/en/intro.stream.php>`__, and most of them
 are enabled by default.
@@ -397,6 +397,20 @@ Examples of related vulnerabilities
 - `Data exfiltration via stream wrapper <https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/>`__
 - `Inclusion via zip/phar <https://lightless.me/archives/include-file-from-zip-or-phar.html>`__
+.. _php-stream-wrapper-allowlist-feature:
+Allowlist of php stream-wrapper
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+The builtin `"php" stream wrapper <https://www.php.net/manual/en/wrappers.php.php>`__
+has support for common streams, like ``stdin``, ``stdout`` or ``stderr``, but
+also for the dangerous ``filter`` one.
+Examples of related vulnerability
+"""""""""""""""""""""""""""""""""
+- `CNEXT exploits <https://github.com/ambionics/cnext-exploits/>`__
 .. _eval-feature:
 White and blacklist in ``eval``

diff --git a/doc/source/features.rst b/doc/source/features.rst index d7f6f7f..3855f2a 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst
@@ -381,7 +381,7 @@ and using this feature to lock this up.
381	Whitelist of stream-wrappers	381	Whitelist of stream-wrappers
382	^^^^^^^^^^^^^^^^^^^^^^^^^^^^	382	^^^^^^^^^^^^^^^^^^^^^^^^^^^^
383		383
384	Php comes with a `lot of different <https://secure.php.net/manual/en/wrappers.php>`__	384	PHP comes with a `lot of different <https://secure.php.net/manual/en/wrappers.php>`__
385	`stream wrapper <https://secure.php.net/manual/en/intro.stream.php>`__, and most of them	385	`stream wrapper <https://secure.php.net/manual/en/intro.stream.php>`__, and most of them
386	are enabled by default.	386	are enabled by default.
387		387
@@ -397,6 +397,20 @@ Examples of related vulnerabilities
397	- `Data exfiltration via stream wrapper <https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/>`__	397	- `Data exfiltration via stream wrapper <https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/>`__
398	- `Inclusion via zip/phar <https://lightless.me/archives/include-file-from-zip-or-phar.html>`__	398	- `Inclusion via zip/phar <https://lightless.me/archives/include-file-from-zip-or-phar.html>`__
399		399
		400	.. _php-stream-wrapper-allowlist-feature:
		401
		402	Allowlist of php stream-wrapper
		403	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		404
		405	The builtin `"php" stream wrapper <https://www.php.net/manual/en/wrappers.php.php>`__
		406	has support for common streams, like ``stdin``, ``stdout`` or ``stderr``, but
		407	also for the dangerous ``filter`` one.
		408
		409	Examples of related vulnerability
		410	"""""""""""""""""""""""""""""""""
		411
		412	- `CNEXT exploits <https://github.com/ambionics/cnext-exploits/>`__
		413
400	.. _eval-feature:	414	.. _eval-feature:
401		415
402	White and blacklist in ``eval``	416	White and blacklist in ``eval``