245 files changed, 7307 insertions, 0 deletions

diff --git a/src/bench/bench.php b/src/bench/bench.php
new file mode 100644
index 0000000..5f77180
--- /dev/null
+++ b/src/bench/bench.php
@@ -0,0 +1,422 @@
+<?php
+if (function_exists("date_default_timezone_set")) {
+        date_default_timezone_set("UTC");
+}
+
+function simple() {
+  $a = 0;
+  for ($i = 0; $i < 1000000; $i++) 
+    $a++;
+
+  $thisisanotherlongname = 0;
+  for ($thisisalongname = 0; $thisisalongname < 1000000; $thisisalongname++) 
+    $thisisanotherlongname++;
+}
+
+/****/
+
+function simplecall() {
+  for ($i = 0; $i < 1000000; $i++) 
+    strlen("hallo");
+}
+
+/****/
+
+function hallo($a) {
+}
+
+function simpleucall() {
+  for ($i = 0; $i < 1000000; $i++) 
+    hallo("hallo");
+}
+
+/****/
+
+function simpleudcall() {
+  for ($i = 0; $i < 1000000; $i++) 
+    hallo2("hallo");
+}
+
+function hallo2($a) {
+}
+
+/****/
+
+function mandel() {
+  $w1=50;
+  $h1=150;
+  $recen=-.45;
+  $imcen=0.0;
+  $r=0.7;
+  $s=0;  $rec=0;  $imc=0;  $re=0;  $im=0;  $re2=0;  $im2=0;
+  $x=0;  $y=0;  $w2=0;  $h2=0;  $color=0;
+  $s=2*$r/$w1;
+  $w2=40;
+  $h2=12;
+  for ($y=0 ; $y<=$w1; $y=$y+1) {
+    $imc=$s*($y-$h2)+$imcen;
+    for ($x=0 ; $x<=$h1; $x=$x+1) {
+      $rec=$s*($x-$w2)+$recen;
+      $re=$rec;
+      $im=$imc;
+      $color=1000;
+      $re2=$re*$re;
+      $im2=$im*$im;
+      while( ((($re2+$im2)<1000000) && $color>0)) {
+        $im=$re*$im*2+$imc;
+        $re=$re2-$im2+$rec;
+        $re2=$re*$re;
+        $im2=$im*$im;
+        $color=$color-1;
+      }
+      if ( $color==0 ) {
+        print "_";
+      } else {
+        print "#";
+      }
+    }
+    print "<br>";
+    flush();
+  }
+}
+
+/****/
+
+function mandel2() {
+  $b = " .:,;!/>)|&IH%*#";
+  //float r, i, z, Z, t, c, C;
+  for ($y=30; printf("\n"), $C = $y*0.1 - 1.5, $y--;){
+    for ($x=0; $c = $x*0.04 - 2, $z=0, $Z=0, $x++ < 75;){
+      for ($r=$c, $i=$C, $k=0; $t = $z*$z - $Z*$Z + $r, $Z = 2*$z*$Z + $i, $z=$t, $k<5000; $k++)
+        if ($z*$z + $Z*$Z > 500000) break;
+      echo $b[$k%16];
+    }
+  }
+}
+
+/****/
+
+function Ack($m, $n){
+  if($m == 0) return $n+1;
+  if($n == 0) return Ack($m-1, 1);
+  return Ack($m - 1, Ack($m, ($n - 1)));
+}
+
+function ackermann($n) {
+  $r = Ack(3,$n);
+  print "Ack(3,$n): $r\n";
+}
+
+/****/
+
+function ary($n) {
+  for ($i=0; $i<$n; $i++) {
+    $X[$i] = $i;
+  }
+  for ($i=$n-1; $i>=0; $i--) {
+    $Y[$i] = $X[$i];
+  }
+  $last = $n-1;
+  print "$Y[$last]\n";
+}
+
+/****/
+
+function ary2($n) {
+  for ($i=0; $i<$n;) {
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+    $X[$i] = $i; ++$i;
+  }
+  for ($i=$n-1; $i>=0;) {
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+    $Y[$i] = $X[$i]; --$i;
+  }
+  $last = $n-1;
+  print "$Y[$last]\n";
+}
+
+/****/
+
+function ary3($n) {
+  for ($i=0; $i<$n; $i++) {
+    $X[$i] = $i + 1;
+    $Y[$i] = 0;
+  }
+  for ($k=0; $k<1000; $k++) {
+    for ($i=$n-1; $i>=0; $i--) {
+      $Y[$i] += $X[$i];
+    }
+  }
+  $last = $n-1;
+  print "$Y[0] $Y[$last]\n";
+}
+
+/****/
+
+function fibo_r($n){
+    return(($n < 2) ? 1 : fibo_r($n - 2) + fibo_r($n - 1));
+}
+
+function fibo($n) {
+  $r = fibo_r($n);
+  print "$r\n";
+}
+
+/****/
+
+function hash1($n) {
+  for ($i = 1; $i <= $n; $i++) {
+    $X[dechex($i)] = $i;
+  }
+  $c = 0;
+  for ($i = $n; $i > 0; $i--) {
+    if ($X[dechex($i)]) { $c++; }
+  }
+  print "$c\n";
+}
+
+/****/
+
+function hash2($n) {
+  for ($i = 0; $i < $n; $i++) {
+    $hash1["foo_$i"] = $i;
+    $hash2["foo_$i"] = 0;
+  }
+  for ($i = $n; $i > 0; $i--) {
+    foreach($hash1 as $key => $value) $hash2[$key] += $value;
+  }
+  $first = "foo_0";
+  $last  = "foo_".($n-1);
+  print "$hash1[$first] $hash1[$last] $hash2[$first] $hash2[$last]\n";
+}
+
+/****/
+
+function gen_random ($n) {
+    global $LAST;
+    return( ($n * ($LAST = ($LAST * IA + IC) % IM)) / IM );
+}
+
+function heapsort_r($n, &$ra) {
+    $l = ($n >> 1) + 1;
+    $ir = $n;
+
+    while (1) {
+        if ($l > 1) {
+            $rra = $ra[--$l];
+        } else {
+            $rra = $ra[$ir];
+            $ra[$ir] = $ra[1];
+            if (--$ir == 1) {
+                $ra[1] = $rra;
+                return;
+            }
+        }
+        $i = $l;
+        $j = $l << 1;
+        while ($j <= $ir) {
+            if (($j < $ir) && ($ra[$j] < $ra[$j+1])) {
+                $j++;
+            }
+            if ($rra < $ra[$j]) {
+                $ra[$i] = $ra[$j];
+                $j += ($i = $j);
+            } else {
+                $j = $ir + 1;
+            }
+        }
+        $ra[$i] = $rra;
+    }
+}
+
+function heapsort($N) {
+  global $LAST;
+
+  define("IM", 139968);
+  define("IA", 3877);
+  define("IC", 29573);
+
+  $LAST = 42;
+  for ($i=1; $i<=$N; $i++) {
+    $ary[$i] = gen_random(1);
+  }
+  heapsort_r($N, $ary);
+  printf("%.10f\n", $ary[$N]);
+}
+
+/****/
+
+function mkmatrix ($rows, $cols) {
+    $count = 1;
+    $mx = array();
+    for ($i=0; $i<$rows; $i++) {
+        for ($j=0; $j<$cols; $j++) {
+            $mx[$i][$j] = $count++;
+        }
+    }
+    return($mx);
+}
+
+function mmult ($rows, $cols, $m1, $m2) {
+    $m3 = array();
+    for ($i=0; $i<$rows; $i++) {
+        for ($j=0; $j<$cols; $j++) {
+            $x = 0;
+            for ($k=0; $k<$cols; $k++) {
+                $x += $m1[$i][$k] * $m2[$k][$j];
+            }
+            $m3[$i][$j] = $x;
+        }
+    }
+    return($m3);
+}
+
+function matrix($n) {
+  $SIZE = 30;
+  $m1 = mkmatrix($SIZE, $SIZE);
+  $m2 = mkmatrix($SIZE, $SIZE);
+  while ($n--) {
+    $mm = mmult($SIZE, $SIZE, $m1, $m2);
+  }
+  print "{$mm[0][0]} {$mm[2][3]} {$mm[3][2]} {$mm[4][4]}\n";
+}
+
+/****/
+
+function nestedloop($n) {
+  $x = 0;
+  for ($a=0; $a<$n; $a++)
+    for ($b=0; $b<$n; $b++)
+      for ($c=0; $c<$n; $c++)
+        for ($d=0; $d<$n; $d++)
+          for ($e=0; $e<$n; $e++)
+            for ($f=0; $f<$n; $f++)
+             $x++;
+  print "$x\n";
+}
+
+/****/
+
+function sieve($n) {
+  $count = 0;
+  while ($n-- > 0) {
+    $count = 0;
+    $flags = range (0,8192);
+    for ($i=2; $i<8193; $i++) {
+      if ($flags[$i] > 0) {
+        for ($k=$i+$i; $k <= 8192; $k+=$i) {
+          $flags[$k] = 0;
+        }
+        $count++;
+      }
+    }
+  }
+  print "Count: $count\n";
+}
+
+/****/
+
+function strcat($n) {
+  $str = "";
+  while ($n-- > 0) {
+    $str .= "hello\n";
+  }
+  $len = strlen($str);
+  print "$len\n";
+}
+
+/*****/
+
+function getmicrotime()
+{
+  $t = gettimeofday();
+  return ($t['sec'] + $t['usec'] / 1000000);
+}
+
+function start_test()
+{
+        ob_start();
+  return getmicrotime();
+}
+
+function end_test($start, $name)
+{
+  global $total;
+  $end = getmicrotime();
+  ob_end_clean();
+  $total += $end-$start;
+  $num = number_format($end-$start,3);
+  $pad = str_repeat(" ", 24-strlen($name)-strlen($num));
+
+  echo $name.$pad.$num."\n";
+        ob_start();
+  return getmicrotime();
+}
+
+function total()
+{
+  global $total;
+  $pad = str_repeat("-", 24);
+  echo $pad."\n";
+  $num = number_format($total,3);
+  $pad = str_repeat(" ", 24-strlen("Total")-strlen($num));
+  echo "Total".$pad.$num."\n";
+}
+
+$t0 = $t = start_test();
+simple();
+$t = end_test($t, "simple");
+simplecall();
+$t = end_test($t, "simplecall");
+simpleucall();
+$t = end_test($t, "simpleucall");
+simpleudcall();
+$t = end_test($t, "simpleudcall");
+mandel();
+$t = end_test($t, "mandel");
+mandel2();
+$t = end_test($t, "mandel2");
+ackermann(7);
+$t = end_test($t, "ackermann(7)");
+ary(50000);
+$t = end_test($t, "ary(50000)");
+ary2(50000);
+$t = end_test($t, "ary2(50000)");
+ary3(2000);
+$t = end_test($t, "ary3(2000)");
+fibo(30);
+$t = end_test($t, "fibo(30)");
+hash1(50000);
+$t = end_test($t, "hash1(50000)");
+hash2(500);
+$t = end_test($t, "hash2(500)");
+heapsort(20000);
+$t = end_test($t, "heapsort(20000)");
+matrix(20);
+$t = end_test($t, "matrix(20)");
+nestedloop(12);
+$t = end_test($t, "nestedloop(12)");
+sieve(30);
+$t = end_test($t, "sieve(30)");
+strcat(200000);
+$t = end_test($t, "strcat(200000)");
+total($t0, "Total");
+?>
diff --git a/src/bench/micro_bench.php b/src/bench/micro_bench.php
new file mode 100644
index 0000000..7052588
--- /dev/null
+++ b/src/bench/micro_bench.php
@@ -0,0 +1,358 @@
+<?php
+
+function hallo() {
+}
+
+function simpleucall($n) {
+  for ($i = 0; $i < $n; $i++) 
+    hallo();
+}
+
+function simpleudcall($n) {
+  for ($i = 0; $i < $n; $i++) 
+    hallo2();
+}
+
+function hallo2() {
+}
+
+function simpleicall($n) {
+  for ($i = 0; $i < $n; $i++) 
+    func_num_args();
+}
+
+class Foo {
+        static $a = 0;
+        public $b = 0;
+        const TEST = 0;
+
+        static function read_static($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $x = self::$a;
+                }
+        }
+
+        static function write_static($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        self::$a = 0;
+                }
+        }
+
+        static function isset_static($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $x = isset(self::$a);
+                }
+        }
+
+        static function empty_static($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $x = empty(self::$a);
+                }
+        }
+
+        static function f() {
+        }
+
+        static function call_static($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        self::f();
+                }
+        }
+
+        function read_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $x = $this->b;
+                }
+        }
+
+        function write_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $this->b = 0;
+                }
+        }
+
+        function assign_add_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $this->b += 2;
+                }
+        }
+
+        function pre_inc_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        ++$this->b;
+                }
+        }
+
+        function pre_dec_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        --$this->b;
+                }
+        }
+
+        function post_inc_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $this->b++;
+                }
+        }
+
+        function post_dec_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $this->b--;
+                }
+        }
+
+        function isset_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $x = isset($this->b);
+                }
+        }
+
+        function empty_prop($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $x = empty($this->b);
+                }
+        }
+
+        function g() {
+        }
+
+        function call($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $this->g();
+                }
+        }
+
+        function read_const($n) {
+                for ($i = 0; $i < $n; ++$i) {
+                        $x = $this::TEST;
+                }
+        }
+
+}
+
+function read_static($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                $x = Foo::$a;
+        }
+}
+
+function write_static($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                Foo::$a = 0;
+        }
+}
+
+function isset_static($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                $x = isset(Foo::$a);
+        }
+}
+
+function empty_static($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                $x = empty(Foo::$a);
+        }
+}
+
+function call_static($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                Foo::f();
+        }
+}
+
+function create_object($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                $x = new Foo();
+        }
+}
+
+define('TEST', null);
+
+function read_const($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                $x = TEST;
+        }
+}
+
+function read_auto_global($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $_GET;
+        }
+}
+
+$g_var = 0;
+
+function read_global_var($n) {
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $GLOBALS['g_var'];
+        }
+}
+
+function read_hash($n) {
+        $hash = array('test' => 0);
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $hash['test'];
+        }
+}
+
+function read_str_offset($n) {
+        $str = "test";
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $str[1];
+        }
+}
+
+function issetor($n) {
+        $val = array(0,1,2,3,4,5,6,7,8,9);
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $val ?: null;
+        }
+}
+
+function issetor2($n) {
+        $f = false; $j = 0;
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $f ?: $j + 1;
+        }
+}
+
+function ternary($n) {
+        $val = array(0,1,2,3,4,5,6,7,8,9);
+        $f = false;
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $f ? null : $val;
+        }
+}
+
+function ternary2($n) {
+        $f = false; $j = 0;
+        for ($i = 0; $i < $n; ++$i) {
+                $x = $f ? $f : $j + 1;
+        }
+}
+
+/*****/
+
+function empty_loop($n) {
+        for ($i = 0; $i < $n; ++$i) {
+        }
+}
+
+function getmicrotime()
+{
+  $t = gettimeofday();
+  return ($t['sec'] + $t['usec'] / 1000000);
+}
+
+function start_test()
+{
+  ob_start();
+  return getmicrotime();
+}
+
+function end_test($start, $name, $overhead = null)
+{
+  global $total;
+  global $last_time;
+  $end = getmicrotime();
+  ob_end_clean();
+  $last_time = $end-$start;
+  $total += $last_time;
+  $num = number_format($last_time,3);
+  $pad = str_repeat(" ", 24-strlen($name)-strlen($num));
+  if (is_null($overhead)) {
+    echo $name.$pad.$num."\n";
+  } else {
+    $num2 = number_format($last_time - $overhead,3);
+    echo $name.$pad.$num."    ".$num2."\n";
+  }
+  ob_start();
+  return getmicrotime();
+}
+
+function total()
+{
+  global $total;
+  $pad = str_repeat("-", 24);
+  echo $pad."\n";
+  $num = number_format($total,3);
+  $pad = str_repeat(" ", 24-strlen("Total")-strlen($num));
+  echo "Total".$pad.$num."\n";
+}
+
+const N = 5000000;
+
+$t0 = $t = start_test();
+empty_loop(N);
+$t = end_test($t, 'empty_loop');
+$overhead = $last_time;
+simpleucall(N);
+$t = end_test($t, 'func()', $overhead);
+simpleudcall(N);
+$t = end_test($t, 'undef_func()', $overhead);
+simpleicall(N);
+$t = end_test($t, 'int_func()', $overhead);
+Foo::read_static(N);
+$t = end_test($t, '$x = self::$x', $overhead);
+Foo::write_static(N);
+$t = end_test($t, 'self::$x = 0', $overhead);
+Foo::isset_static(N);
+$t = end_test($t, 'isset(self::$x)', $overhead);
+Foo::empty_static(N);
+$t = end_test($t, 'empty(self::$x)', $overhead);
+read_static(N);
+$t = end_test($t, '$x = Foo::$x', $overhead);
+write_static(N);
+$t = end_test($t, 'Foo::$x = 0', $overhead);
+isset_static(N);
+$t = end_test($t, 'isset(Foo::$x)', $overhead);
+empty_static(N);
+$t = end_test($t, 'empty(Foo::$x)', $overhead);
+Foo::call_static(N);
+$t = end_test($t, 'self::f()', $overhead);
+call_static(N);
+$t = end_test($t, 'Foo::f()', $overhead);
+$x = new Foo();
+$x->read_prop(N);
+$t = end_test($t, '$x = $this->x', $overhead);
+$x->write_prop(N);
+$t = end_test($t, '$this->x = 0', $overhead);
+$x->assign_add_prop(N);
+$t = end_test($t, '$this->x += 2', $overhead);
+$x->pre_inc_prop(N);
+$t = end_test($t, '++$this->x', $overhead);
+$x->pre_dec_prop(N);
+$t = end_test($t, '--$this->x', $overhead);
+$x->post_inc_prop(N);
+$t = end_test($t, '$this->x++', $overhead);
+$x->post_dec_prop(N);
+$t = end_test($t, '$this->x--', $overhead);
+$x->isset_prop(N);
+$t = end_test($t, 'isset($this->x)', $overhead);
+$x->empty_prop(N);
+$t = end_test($t, 'empty($this->x)', $overhead);
+$x->call(N);
+$t = end_test($t, '$this->f()', $overhead);
+$x->read_const(N);
+$t = end_test($t, '$x = Foo::TEST', $overhead);
+create_object(N);
+$t = end_test($t, 'new Foo()', $overhead);
+read_const(N);
+$t = end_test($t, '$x = TEST', $overhead);
+read_auto_global(N);
+$t = end_test($t, '$x = $_GET', $overhead);
+read_global_var(N);
+$t = end_test($t, '$x = $GLOBALS[\'v\']', $overhead);
+read_hash(N);
+$t = end_test($t, '$x = $hash[\'v\']', $overhead);
+read_str_offset(N);
+$t = end_test($t, '$x = $str[0]', $overhead);
+issetor(N);
+$t = end_test($t, '$x = $a ?: null', $overhead);
+issetor2(N);
+$t = end_test($t, '$x = $f ?: tmp', $overhead);
+ternary(N);
+$t = end_test($t, '$x = $f ? $f : $a', $overhead);
+ternary2(N);
+$t = end_test($t, '$x = $f ? $f : tmp', $overhead);
+total($t0, "Total");
diff --git a/src/config.m4 b/src/config.m4
new file mode 100644
index 0000000..aba355c
--- /dev/null
+++ b/src/config.m4
@@ -0,0 +1,35 @@
+dnl $Id$
+dnl config.m4 for extension snuffleupagus
+
+sources="snuffleupagus.c sp_config.c sp_config_utils.c sp_harden_rand.c"
+sources="$sources sp_unserialize.c sp_utils.c sp_disable_xxe.c sp_list.c"
+sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c"
+sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c"
+sources="$sources sp_config_keywords.c sp_compile.c"
+
+PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support,
+[  --enable-snuffleupagus           Enable snuffleupagus support])
+
+PHP_ARG_ENABLE(coverage, whether to enable coverage support,
+[  --enable-coverage           Enable coverage support])
+
+PHP_ARG_ENABLE(debug, whether to enable debug messages,
+[  --enable-debug           Enable debug messages])
+
+CFLAGS="$CFLAGS -lpcre"
+CFLAGS="$CFLAGS -D_DEFAULT_SOURCE=1 -std=c99"
+CFLAGS="$CFLAGS -Wall -Wextra -Wno-unused-parameter"
+
+if test "$PHP_DEBUG" = "yes"; then
+        AC_DEFINE(SP_DEBUG, 1, [Wether you want to enable debug messages])
+fi
+
+if test "$PHP_SNUFFLEUPAGUS" != "no"; then
+   if test "$PHP_COVERAGE" != "no"; then
+      CFLAGS="$CFLAGS --coverage -fprofile-arcs -ftest-coverage"
+      LDFLAGS="$LDFLAGS --coverage"
+      PHP_NEW_EXTENSION(snuffleupagus, $sources, $ext_shared,-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -g -fprofile-arcs -ftest-coverage -lgcov)
+   else
+      PHP_NEW_EXTENSION(snuffleupagus, $sources, $ext_shared,-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1)
+   fi
+fi
diff --git a/src/config.w32 b/src/config.w32
new file mode 100644
index 0000000..a0197c1
--- /dev/null
+++ b/src/config.w32
@@ -0,0 +1,13 @@
+// $Id$
+// vim:ft=javascript
+
+// If your extension references something external, use ARG_WITH
+// ARG_WITH("snuffleupagus", "for snuffleupagus support", "no");
+
+// Otherwise, use ARG_ENABLE
+// ARG_ENABLE("snuffleupagus", "enable snuffleupagus support", "no");
+
+if (PHP_SNUFFLEUPAGUS != "no") {
+        EXTENSION("snuffleupagus", "snuffleupagus.c", PHP_EXTNAME_SHARED, "/DZEND_ENABLE_STATIC_TSRMLS_CACHE=1");
+}
+
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
new file mode 100644
index 0000000..e7a3d59
--- /dev/null
+++ b/src/php_snuffleupagus.h
@@ -0,0 +1,71 @@
+#ifndef PHP_SNUFFLEUPAGUS_H
+#define PHP_SNUFFLEUPAGUS_H
+
+#define PHP_SNUFFLEUPAGUS_VERSION "0.1"
+#define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus"
+#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System"
+#define PHP_SNUFFLEUPAGUS_URL "https://github.com/nbs-system/snuffleupagus"
+#define PHP_SNUFFLEUPAGUS_COPYRIGHT "LGPLv2"
+
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <pcre.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include "SAPI.h"
+#include "ext/standard/info.h"
+#include "php.h"
+#include "php_ini.h"
+#include "zend_hash.h"
+#include "zend_string.h"
+#include "zend_extensions.h"
+
+#include "sp_list.h"
+#include "sp_compile.h"
+#include "sp_config.h"
+#include "sp_config_utils.h"
+#include "sp_config_keywords.h"
+#include "sp_cookie_encryption.h"
+#include "sp_disable_xxe.h"
+#include "sp_disabled_functions.h"
+#include "sp_execute.h"
+#include "sp_harden_rand.h"
+#include "sp_network_utils.h"
+#include "sp_unserialize.h"
+#include "sp_upload_validation.h"
+#include "sp_utils.h"
+
+extern zend_module_entry snuffleupagus_module_entry;
+#define phpext_snuffleupagus_ptr &snuffleupagus_module_entry
+
+#ifdef PHP_WIN32
+#define PHP_SNUFFLEUPAGUS_API __declspec(dllexport)
+#elif defined(__GNUC__) && __GNUC__ >= 4
+#define PHP_SNUFFLEUPAGUS_API __attribute__((visibility("default")))
+#else
+#define PHP_SNUFFLEUPAGUS_API
+#endif
+
+#ifdef ZTS
+#include "TSRM.h"
+#endif
+
+ZEND_BEGIN_MODULE_GLOBALS(snuffleupagus)
+sp_config config;
+HashTable *disabled_functions_hook;
+HashTable *sp_internal_functions_hook;
+ZEND_END_MODULE_GLOBALS(snuffleupagus)
+
+#define SNUFFLEUPAGUS_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(snuffleupagus, v)
+
+#if defined(ZTS) && defined(COMPILE_DL_SNUFFLEUPAGUS)
+ZEND_TSRMLS_CACHE_EXTERN()
+#endif
+
+PHP_FUNCTION(check_disabled_function);
+
+static inline void sp_terminate() { zend_bailout(); }
+
+#endif /* PHP_SNUFFLEUPAGUS_H */
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c
new file mode 100644
index 0000000..52b975e
--- /dev/null
+++ b/src/snuffleupagus.c
@@ -0,0 +1,222 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "php_snuffleupagus.h"
+
+#ifndef ZEND_EXT_API
+#define ZEND_EXT_API ZEND_DLEXPORT
+#endif
+
+static PHP_INI_MH(OnUpdateConfiguration);
+static inline int zend_auto_start(zend_extension *extension);
+static inline void sp_op_array_handler(zend_op_array *op);
+
+ZEND_EXTENSION();
+
+ZEND_DLEXPORT int sp_zend_startup(zend_extension *extension) {
+  return zend_startup_module(&snuffleupagus_module_entry);
+}
+
+static inline void sp_op_array_handler(zend_op_array *op) {
+  if (NULL == op->filename) {
+    return;
+  } else {
+    op->fn_flags |= ZEND_ACC_STRICT_TYPES;
+  }
+}
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+PHP_INI_BEGIN()
+PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM,
+  OnUpdateConfiguration)
+PHP_INI_END()
+
+ZEND_DLEXPORT zend_extension zend_extension_entry = {
+    PHP_SNUFFLEUPAGUS_EXTNAME,
+    PHP_SNUFFLEUPAGUS_VERSION,
+    PHP_SNUFFLEUPAGUS_AUTHOR,
+    PHP_SNUFFLEUPAGUS_URL,
+    PHP_SNUFFLEUPAGUS_COPYRIGHT,
+    sp_zend_startup,
+    NULL,
+    NULL,               /* activate_func_t */
+    NULL,               /* deactivate_func_t */
+    NULL,               /* message_handler_func_t */
+    sp_op_array_handler,//zend_global_strict, /* op_array_handler_func_t */
+    NULL,               /* statement_handler_func_t */
+    NULL,               /* fcall_begin_handler_func_t */
+    NULL,               /* fcall_end_handler_func_t */
+    NULL,               /* op_array_ctor_func_t */
+    NULL,               /* op_array_dtor_func_t */
+    STANDARD_ZEND_EXTENSION_PROPERTIES};
+
+/* Uncomment this function if you have INI entries
+static void php_snuffleupagus_init_globals(zend_snuffleupagus_globals
+*snuffleupagus_globals)
+{
+        snuffleupagus_globals->global_value = 0;
+        snuffleupagus_globals->global_string = NULL;
+}
+*/
+
+PHP_GINIT_FUNCTION(snuffleupagus) {
+#define SP_INIT(F) F = pecalloc(sizeof(*F), 1, 1);
+#define SP_INIT_HT(F) \
+        F = pemalloc(sizeof(*F), 1); \
+        zend_hash_init(F, 10, NULL, NULL, 1);
+
+  SP_INIT_HT(snuffleupagus_globals->disabled_functions_hook);
+  SP_INIT_HT(snuffleupagus_globals->sp_internal_functions_hook);
+
+  SP_INIT(snuffleupagus_globals->config.config_unserialize);
+  SP_INIT(snuffleupagus_globals->config.config_random);
+  SP_INIT(snuffleupagus_globals->config.config_readonly_exec);
+  SP_INIT(snuffleupagus_globals->config.config_global_strict);
+  SP_INIT(snuffleupagus_globals->config.config_auto_cookie_secure);
+  SP_INIT(snuffleupagus_globals->config.config_snuffleupagus);
+  SP_INIT(snuffleupagus_globals->config.config_disable_xxe);
+  SP_INIT(snuffleupagus_globals->config.config_upload_validation);
+  SP_INIT(snuffleupagus_globals->config.config_disabled_functions);
+  SP_INIT(snuffleupagus_globals->config.config_disabled_functions_ret);
+  SP_INIT(snuffleupagus_globals->config.config_cookie_encryption);
+  SP_INIT(snuffleupagus_globals->config.config_regexp_inclusion);
+
+  snuffleupagus_globals->config.config_regexp_inclusion->regexp_inclusion = sp_new_list();
+  snuffleupagus_globals->config.config_disabled_functions->disabled_functions = sp_new_list();
+  snuffleupagus_globals->config.config_disabled_functions_ret->disabled_functions = sp_new_list();
+
+  SP_INIT_HT(snuffleupagus_globals->config.config_cookie_encryption->names);
+
+#undef SP_INIT
+#undef SP_INIT_HT
+}
+
+PHP_MINIT_FUNCTION(snuffleupagus) {
+  REGISTER_INI_ENTRIES();
+
+  return SUCCESS;
+}
+
+PHP_MSHUTDOWN_FUNCTION(snuffleupagus) {
+#define FREE_HT(F) \
+  zend_hash_destroy(SNUFFLEUPAGUS_G(F)); \
+  pefree(SNUFFLEUPAGUS_G(F), 1);
+
+  FREE_HT(disabled_functions_hook);
+  FREE_HT(config.config_cookie_encryption->names);
+
+#undef FREE_HT
+
+  pefree(SNUFFLEUPAGUS_G(config.config_unserialize), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_random), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_readonly_exec), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_global_strict), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_auto_cookie_secure), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_snuffleupagus), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_upload_validation), 1);
+  pefree(SNUFFLEUPAGUS_G(config.config_cookie_encryption), 1);
+
+  sp_list_free(SNUFFLEUPAGUS_G(config.config_disabled_functions->disabled_functions));
+  pefree(SNUFFLEUPAGUS_G(config.config_disabled_functions), 1);
+  sp_list_free(SNUFFLEUPAGUS_G(config.config_disabled_functions_ret->disabled_functions));
+  pefree(SNUFFLEUPAGUS_G(config.config_disabled_functions_ret), 1);
+
+  UNREGISTER_INI_ENTRIES();
+
+  return SUCCESS;
+}
+
+PHP_RINIT_FUNCTION(snuffleupagus) {
+#if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS)
+  ZEND_TSRMLS_CACHE_UPDATE();
+#endif
+  if (NULL != SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) {
+    if (NULL != SNUFFLEUPAGUS_G(config).config_cookie_encryption->names) {
+      zend_hash_apply_with_arguments(
+          Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]), decrypt_cookie, 0);
+    }
+  }
+  return SUCCESS;
+}
+
+PHP_RSHUTDOWN_FUNCTION(snuffleupagus) { return SUCCESS; }
+
+PHP_MINFO_FUNCTION(snuffleupagus) {
+  php_info_print_table_start();
+  php_info_print_table_header(2, "snuffleupagus support", "enabled");
+  php_info_print_table_end();
+
+  /* Remove comments if you have entries in php.ini
+  DISPLAY_INI_ENTRIES();
+  */
+}
+
+static PHP_INI_MH(OnUpdateConfiguration) {
+  TSRMLS_FETCH();
+
+  if (!new_value || !new_value->len) {
+    return FAILURE;
+  }
+
+  if (sp_parse_config(new_value->val) != SUCCESS) {
+    return FAILURE;
+  }
+
+  if (SNUFFLEUPAGUS_G(config).config_random->enable) {
+    hook_rand();
+  }
+  if (SNUFFLEUPAGUS_G(config).config_upload_validation->enable) {
+    hook_upload();
+  }
+  if (SNUFFLEUPAGUS_G(config).config_disable_xxe->enable == 0) {
+    hook_libxml_disable_entity_loader();
+  }
+  hook_disabled_functions();
+  hook_execute();
+
+  if (NULL != SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) {
+    if (SNUFFLEUPAGUS_G(config).config_unserialize->enable) {
+      hook_serialize();
+    }
+    hook_cookies();
+  }
+
+  if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) {
+    if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) {
+      zend_extension_entry.startup = NULL;
+      zend_register_extension(&zend_extension_entry, NULL);
+    }
+    // This is needed to implement the global strict mode
+    CG(compiler_options) |= ZEND_COMPILE_HANDLE_OP_ARRAY;
+  }
+
+  return SUCCESS;
+}
+
+const zend_function_entry snuffleupagus_functions[] = {PHP_FE_END};
+
+zend_module_entry snuffleupagus_module_entry =
+    {STANDARD_MODULE_HEADER,
+     PHP_SNUFFLEUPAGUS_EXTNAME,
+     snuffleupagus_functions,
+     PHP_MINIT(snuffleupagus),
+     PHP_MSHUTDOWN(snuffleupagus),
+     PHP_RINIT(snuffleupagus),
+     PHP_RSHUTDOWN(snuffleupagus),
+     PHP_MINFO(snuffleupagus),
+     PHP_SNUFFLEUPAGUS_VERSION,
+     PHP_MODULE_GLOBALS(snuffleupagus),
+     PHP_GINIT(snuffleupagus),
+     NULL,
+     NULL,
+     STANDARD_MODULE_PROPERTIES_EX};
+
+#ifdef COMPILE_DL_SNUFFLEUPAGUS
+#ifdef ZTS
+ZEND_TSRMLS_CACHE_DEFINE()
+#endif
+ZEND_GET_MODULE(snuffleupagus)
+#endif
diff --git a/src/snuffleupagus.php b/src/snuffleupagus.php
new file mode 100644
index 0000000..b373a53
--- /dev/null
+++ b/src/snuffleupagus.php
@@ -0,0 +1,21 @@
+<?php
+$br = (php_sapi_name() == "cli")? "":"<br>";
+
+if(!extension_loaded('snuffleupagus')) {
+        dl('snuffleupagus.' . PHP_SHLIB_SUFFIX);
+}
+$module = 'snuffleupagus';
+$functions = get_extension_funcs($module);
+echo "Functions available in the test extension:$br\n";
+foreach($functions as $func) {
+    echo $func."$br\n";
+}
+echo "$br\n";
+$function = 'confirm_' . $module . '_compiled';
+if (extension_loaded($module)) {
+        $str = $function($module);
+} else {
+        $str = "Module $module is not compiled into PHP";
+}
+echo "$str\n";
+?>
diff --git a/src/sp_compile.c b/src/sp_compile.c
new file mode 100644
index 0000000..2902377
--- /dev/null
+++ b/src/sp_compile.c
@@ -0,0 +1,53 @@
+#include "php_snuffleupagus.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus);
+
+static zend_op_array *(*orig_compile_file)(zend_file_handle *, int);
+static zend_op_array *(*orig_compile_string)(zval *, char *);
+
+zend_op_array *sp_compile_file(zend_file_handle *file_handle, int type) {
+  zend_op_array *ret = orig_compile_file(file_handle, type);
+  
+  const sp_node_t* config = SNUFFLEUPAGUS_G(config).config_disabled_functions->disabled_functions;
+
+  while (config && config->data) {
+    const char* function_name = ((sp_disabled_function*)config->data)->function;
+    const pcre* function_name_regexp = ((sp_disabled_function*)config->data)->r_function;
+
+    sp_log_err("checking for %s", function_name);
+    //  EG(function_table)->arData[count - 1].val.value.func->internal_function.handler = PHP_FN(check_disabled_function);
+    
+    if (function_name) {
+      if (HOOK_FUNCTION(function_name, disabled_functions_hook, PHP_FN(check_disabled_function), true) == SUCCESS) {
+          sp_log_err("Successfully hooked %s", function_name);
+      }
+      break;
+    } else if (function_name_regexp) {
+      sp_log_err("error", "We'll hook regard later.");
+    }
+    config = config->next;
+  }
+  
+  return ret;
+}
+
+zend_op_array *sp_compile_string(zval *source_string, char *filename) {
+  zend_op_array *ret = orig_compile_string(source_string, filename);
+  sp_log_err("in compile_string : filename is :%s", filename);
+  return ret;
+}
+
+
+int hook_compile(void) {
+  TSRMLS_FETCH();
+
+  /* zend_compile_file is used to compile php file */
+  orig_compile_file = zend_compile_file;
+  zend_compile_file = sp_compile_file;
+
+  /* zend_compile_string is used to compile php string */
+  orig_compile_string = zend_compile_string;
+  zend_compile_string = sp_compile_string;
+
+  return SUCCESS;
+}
\ No newline at end of file
diff --git a/src/sp_compile.h b/src/sp_compile.h
new file mode 100644
index 0000000..538ff52
--- /dev/null
+++ b/src/sp_compile.h
@@ -0,0 +1,6 @@
+#ifndef SP_COMPILE_H
+#define SP_COMPILE_H
+
+int hook_compile(void);
+
+#endif /* SP_COMPILE_H */
\ No newline at end of file
diff --git a/src/sp_config.c b/src/sp_config.c
new file mode 100644
index 0000000..f73347d
--- /dev/null
+++ b/src/sp_config.c
@@ -0,0 +1,193 @@
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "php_snuffleupagus.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+sp_config_tokens const sp_func[] = {
+    {.func = parse_unserialize, .token = SP_TOKEN_UNSERIALIZE_HMAC},
+    {.func = parse_random, .token = SP_TOKEN_HARDEN_RANDOM},
+    {.func = parse_disabled_functions, .token = SP_TOKEN_DISABLE_FUNC},
+    {.func = parse_readonly_exec, .token = SP_TOKEN_READONLY_EXEC},
+    {.func = parse_global_strict, .token = SP_TOKEN_GLOBAL_STRICT},
+    {.func = parse_upload_validation, .token = SP_TOKEN_UPLOAD_VALIDATION},
+    {.func = parse_cookie_encryption, .token = SP_TOKEN_COOKIE_ENCRYPTION},
+    {.func = parse_global, .token = SP_TOKEN_GLOBAL},
+    {.func = parse_auto_cookie_secure, .token = SP_TOKEN_AUTO_COOKIE_SECURE},
+    {.func = parse_disable_xxe, .token = SP_TOKEN_DISABLE_XXE},
+    {NULL, NULL}};
+
+/* Top level keyword parsing */
+
+static int parse_line(char *line) {
+  char *ptr = line;
+
+  while (*ptr == ' ' || *ptr == '\t') {
+    ++ptr;
+  }
+
+  if (!*ptr || *ptr == '#' || *ptr == ';') {
+    return 0;
+  }
+
+  if (strncmp(ptr, SP_TOKEN_BASE, strlen(SP_TOKEN_BASE))) {
+    sp_log_err("config", "Invalid configuration prefix for '%s'.", line);
+    return -1;
+  }
+  ptr += strlen(SP_TOKEN_BASE);
+
+  for (size_t i = 0; sp_func[i].func; i++) {
+    if (!strncmp(sp_func[i].token, ptr, strlen(sp_func[i].token))) {
+      return sp_func[i].func(ptr + strlen(sp_func[i].token));
+    }
+  }
+  sp_log_err("config", "Invalid configuration section '%s'.", line);
+  return -1;
+}
+
+/* keyword parsing */
+int parse_empty(char *restrict line, char *restrict keyword, void *retval) {
+  *(bool *)retval = true;
+  return 0;
+}
+
+int parse_int(char *restrict line, char *restrict keyword, void *retval) {
+  size_t consumed = 0;
+  char *value = get_param(&consumed, line, SP_TYPE_INT, keyword);
+  if (value) {
+    sscanf(value, "%ud", (uint32_t *)retval);
+    pefree(value, 1);
+    return consumed;
+  } else {
+    sp_log_err("error", "%s) is expecting a valid integer.", keyword);
+    return -1;
+  }
+}
+
+int parse_php_type(char *restrict line, char *restrict keyword, void *retval) {
+  size_t consumed = 0;
+  char *value = get_param(&consumed, line, SP_TYPE_STR, keyword);
+  if (value) {
+    if (0 == strcasecmp("undef", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_UNDEF;
+    } else if (0 == strcasecmp("null", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_NULL;
+    } else if (0 == strcasecmp("true", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_TRUE;
+    } else if (0 == strcasecmp("false", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_FALSE;
+    } else if (0 == strcasecmp("long", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_LONG;
+    } else if (0 == strcasecmp("double", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_DOUBLE;
+    } else if (0 == strcasecmp("string", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_STRING;
+    } else if (0 == strcasecmp("array", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_ARRAY;
+    } else  if (0 == strcasecmp("object", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_OBJECT;
+    } else if (0 == strcasecmp("resource", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_RESOURCE;
+    } else if (0 == strcasecmp("reference", value)) {
+      *(sp_php_type*)retval = SP_PHP_TYPE_REFERENCE;
+    } else {
+      pefree(value, 1);
+      sp_log_err("error", "%s) is expecting a valid php type ('false', 'true',"
+        " 'array'. 'object', 'long', 'double', 'null', 'resource', 'reference',"
+        " 'undef').", keyword);
+      return -1;
+    }
+    pefree(value, 1);
+    return consumed;
+  } else {
+    return -1;
+  }
+}
+
+int parse_str(char *restrict line, char *restrict keyword, void *retval) {
+  char *value = NULL;
+
+  size_t consumed = 0;
+  value = get_param(&consumed, line, SP_TYPE_STR, keyword);
+  if (value) {
+    *(char **)retval = value;
+    return consumed;
+  }
+  return -1;
+}
+
+int parse_cidr(char *restrict line, char *restrict keyword, void *retval) {
+  size_t consumed = 0;
+  char *value = get_param(&consumed, line, SP_TYPE_STR, keyword);
+  sp_cidr *cidr = pecalloc(sizeof(sp_cidr), 1, 1);
+
+  if (value) {
+    if (-1 == get_ip_and_cidr(value, cidr)) {
+      return -1;
+    }
+    *(sp_cidr **)retval = cidr;
+    return consumed;
+  } else {
+    sp_log_err("config", "%s doesn't contain a valid cidr.", line);
+    return -1;
+  }
+}
+
+int parse_regexp(char *restrict line, char *restrict keyword, void *retval) {
+  /* TODO: Do we want to use pcre_study?
+   * (http://www.pcre.org/original/doc/html/pcre_study.html)
+   * maybe not: http://sljit.sourceforge.net/pcre.html*/
+  size_t consumed = 0;
+  char *value = get_param(&consumed, line, SP_TYPE_STR, keyword);
+
+  if (value) {
+    const char *pcre_error;
+    int pcre_error_offset;
+    pcre *compiled_re = pcre_compile(value, PCRE_CASELESS, &pcre_error,
+                                     &pcre_error_offset, NULL);
+    if (NULL == compiled_re) {
+      sp_log_err("config", "Failed to compile '%s': %s.", value, pcre_error);
+    } else {
+      *(pcre **)retval = compiled_re;
+      return consumed;
+    }
+  }
+  char *closing_paren = strchr(line, ')');
+  if (NULL != closing_paren) {
+    closing_paren[0] = '\0';
+  }
+  sp_log_err("config", "'%s)' is expecting a valid regexp, and not '%s'.",
+             keyword, line);
+  return -1;
+}
+
+int sp_parse_config(const char *conf_file) {
+  FILE *fd = fopen(conf_file, "r");
+  char *lineptr = NULL;
+  size_t n = 0;
+
+  if (fd == NULL) {
+    sp_log_err("config", "Could not open configuration file %s : %s", conf_file,
+               strerror(errno));
+    return FAILURE;
+  }
+
+  while (getline(&lineptr, &n, fd) > 0) {
+    /* We trash the terminal `\n`. This simplify the display of logs. */
+    if (lineptr[strlen(lineptr) - 1] == '\n') {
+      lineptr[strlen(lineptr) - 1] = '\0';
+    }
+    if (parse_line(lineptr) == -1) {
+      fclose(fd);
+      free(lineptr);
+      return FAILURE;
+    }
+    free(lineptr);
+    lineptr = NULL;
+    n = 0;
+  }
+  fclose(fd);
+  return SUCCESS;
+}
diff --git a/src/sp_config.h b/src/sp_config.h
new file mode 100644
index 0000000..54ec2cc
--- /dev/null
+++ b/src/sp_config.h
@@ -0,0 +1,206 @@
+#ifndef SP_CONFIG_H
+#define SP_CONFIG_H
+
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+
+typedef enum {
+  SP_TYPE_STR = 0,
+  SP_TYPE_REGEXP,
+  SP_TYPE_INT,
+  SP_TYPE_EMPTY
+} sp_type;
+
+typedef enum {
+  SP_PHP_TYPE_UNDEF = IS_UNDEF, 
+  SP_PHP_TYPE_NULL = IS_NULL, 
+  SP_PHP_TYPE_FALSE = IS_FALSE, 
+  SP_PHP_TYPE_TRUE = IS_TRUE, 
+  SP_PHP_TYPE_LONG = IS_LONG, 
+  SP_PHP_TYPE_DOUBLE = IS_DOUBLE, 
+  SP_PHP_TYPE_STRING = IS_STRING, 
+  SP_PHP_TYPE_ARRAY = IS_ARRAY, 
+  SP_PHP_TYPE_OBJECT = IS_OBJECT, 
+  SP_PHP_TYPE_RESOURCE = IS_RESOURCE, 
+  SP_PHP_TYPE_REFERENCE = IS_REFERENCE
+} sp_php_type;
+
+typedef struct {
+  int ip_version;
+  union {
+    struct in_addr ipv4;
+    struct in6_addr ipv6;
+  } ip;
+  uint8_t mask;
+} sp_cidr;
+
+typedef struct { char *encryption_key; } sp_config_encryption_key;
+
+typedef struct {
+        bool enable;
+        bool simulation;
+} sp_config_readonly_exec;
+
+typedef struct { bool enable; } sp_config_global_strict;
+
+typedef struct { bool enable; } sp_config_random;
+
+typedef struct { bool enable; } sp_config_auto_cookie_secure;
+
+typedef struct { bool enable; } sp_config_disable_xxe;
+
+typedef struct {
+  HashTable *names;
+  uint32_t mask_ipv4;
+  uint32_t mask_ipv6;
+} sp_config_cookie_encryption;
+
+typedef struct {
+  bool enable;
+  bool simulation;
+} sp_config_unserialize;
+
+typedef struct {
+  char *filename;
+  pcre *r_filename;
+
+  char *function;
+  pcre *r_function;
+
+  char *hash;
+  int simulation;
+  bool enable;
+
+  char *param;
+  pcre *r_param;
+  sp_php_type param_type;
+
+  char *ret;
+  pcre *r_ret;
+  sp_php_type ret_type;
+  
+  pcre *regexp;
+  char *value;
+
+  char *dump;
+  char *alias;
+  bool param_is_array;
+  bool var_is_array;
+  sp_node_t *param_array_keys;
+  sp_node_t *var_array_keys;
+
+  bool allow;
+  bool drop;
+
+  char *var;
+
+  sp_cidr *cidr;
+} sp_disabled_function;
+
+typedef struct {
+  sp_node_t *disabled_functions;  // list of sp_disabled_function
+} sp_config_disabled_functions;
+
+typedef struct {
+  sp_node_t *regexp_inclusion;  // list of regexp for inclusion
+} sp_config_regexp_inclusion;
+
+typedef struct {
+  char *script;
+  bool simulation;
+  bool enable;
+} sp_config_upload_validation;
+
+typedef struct {
+  sp_config_random *config_random;
+  sp_config_unserialize *config_unserialize;
+  sp_config_disabled_functions *config_disabled_functions;
+  sp_config_disabled_functions *config_disabled_functions_ret;
+  sp_config_readonly_exec *config_readonly_exec;
+  sp_config_upload_validation *config_upload_validation;
+  sp_config_cookie_encryption *config_cookie_encryption;
+  sp_config_encryption_key *config_snuffleupagus;
+  sp_config_auto_cookie_secure *config_auto_cookie_secure;
+  sp_config_global_strict *config_global_strict;
+  sp_config_disable_xxe *config_disable_xxe;
+  sp_config_regexp_inclusion *config_regexp_inclusion;
+} sp_config;
+
+typedef struct {
+  int (*func)(char *, char *, void *);
+  char *token;
+  void *retval;
+} sp_config_functions;
+
+typedef struct {
+  int (*func)(char *);
+  char *token;
+} sp_config_tokens;
+
+#define SP_TOKEN_BASE "sp"
+
+#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure"
+#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie_encryption"
+#define SP_TOKEN_DISABLE_FUNC ".disable_functions"
+#define SP_TOKEN_GLOBAL ".global"
+#define SP_TOKEN_GLOBAL_STRICT ".global_strict"
+#define SP_TOKEN_HARDEN_RANDOM ".harden_random"
+#define SP_TOKEN_READONLY_EXEC ".readonly_exec"
+#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac"
+#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation"
+#define SP_TOKEN_DISABLE_XXE ".disable_xxe"
+
+// common tokens
+#define SP_TOKEN_ENABLE ".enable("
+#define SP_TOKEN_DISABLE ".disable("
+#define SP_TOKEN_SIMULATION ".simulation("
+#define SP_TOKEN_TRUE "1"
+#define SP_TOKEN_FALSE "0"
+#define SP_TOKEN_DUMP ".dump("
+#define SP_TOKEN_ALIAS ".alias("
+#define SP_TOKEN_ALLOW ".allow("
+#define SP_TOKEN_DROP ".drop("
+
+#define SP_TOKEN_END_PARAM ')'
+
+// disable_function
+#define SP_TOKEN_CIDR ".cidr("
+#define SP_TOKEN_FILENAME ".filename("
+#define SP_TOKEN_FILENAME_REGEXP ".filename_r("
+#define SP_TOKEN_FUNCTION ".function("
+#define SP_TOKEN_FUNCTION_REGEXP ".function_r("
+#define SP_TOKEN_HASH ".hash("
+#define SP_TOKEN_LOCAL_VAR ".var("
+#define SP_TOKEN_PARAM ".param("
+#define SP_TOKEN_PARAM_REGEXP ".param_r("
+#define SP_TOKEN_PARAM_TYPE ".param_type("
+#define SP_TOKEN_RET ".ret("
+#define SP_TOKEN_RET_REGEXP ".ret_r("
+#define SP_TOKEN_RET_TYPE ".ret_type("
+#define SP_TOKEN_VALUE ".value("
+#define SP_TOKEN_VALUE_REGEXP ".value_r("
+
+// cookies encryption
+#define SP_TOKEN_NAME ".cookie("
+#define SP_TOKEN_MASK_IPV4 ".mask_ipv4("
+#define SP_TOKEN_MASK_IPV6 ".mask_ipv6("
+
+// Global configuration options
+#define SP_TOKEN_ENCRYPTION_KEY ".secret_key("
+
+// upload_validator
+#define SP_TOKEN_UPLOAD_SCRIPT ".script("
+
+int sp_parse_config(const char *);
+int parse_array(sp_disabled_function *);
+
+int parse_str(char *restrict, char *restrict, void *);
+int parse_regexp(char *restrict, char *restrict, void *);
+int parse_empty(char *restrict, char *restrict, void *);
+int parse_int(char *restrict, char *restrict, void *);
+int parse_cidr(char *restrict, char *restrict, void *);
+int parse_php_type(char *restrict, char *restrict, void *);
+
+
+#endif /* SP_CONFIG_H */
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
new file mode 100644
index 0000000..4a6dd3a
--- /dev/null
+++ b/src/sp_config_keywords.c
@@ -0,0 +1,268 @@
+#include "php_snuffleupagus.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+static int parse_enable(char *line, bool * restrict retval, bool * restrict simulation) {
+  bool enable = false, disable = false;
+  sp_config_functions sp_config_funcs[] = {
+    {parse_empty, SP_TOKEN_ENABLE, &(enable)},
+    {parse_empty, SP_TOKEN_DISABLE, &(disable)},
+    {parse_empty, SP_TOKEN_SIMULATION, simulation},
+    {0}};
+
+  int ret = parse_keywords(sp_config_funcs, line);
+
+  if (0 != ret) {
+    return ret;
+  }
+
+  if (!(enable ^ disable)) {
+    sp_log_err("config", "A rule can't be enabled and disabled.");
+    return -1;
+  } 
+
+  *retval = enable;
+  
+  return ret;
+}
+
+int parse_random(char *line) {
+  return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_random->enable), NULL);
+}
+
+int parse_disable_xxe(char *line) {
+  return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_disable_xxe->enable), NULL);
+}
+
+int parse_auto_cookie_secure(char *line) {
+  return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_auto_cookie_secure->enable), NULL);
+}
+
+int parse_global_strict(char *line) {
+  return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable), NULL);
+}
+
+int parse_unserialize(char *line) {
+  return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_unserialize->enable), &(SNUFFLEUPAGUS_G(config).config_unserialize->simulation));
+}
+
+int parse_readonly_exec(char *line) {
+  return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_readonly_exec->enable), &(SNUFFLEUPAGUS_G(config).config_readonly_exec->simulation));
+}
+
+int parse_global(char *line) {
+  sp_config_functions sp_config_funcs_encryption_key[] = {
+      {parse_str, SP_TOKEN_ENCRYPTION_KEY,
+       &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)},
+      {0}};
+  return parse_keywords(sp_config_funcs_encryption_key, line);
+}
+
+int parse_cookie_encryption(char *line) {
+  int ret = 0;
+  char *name = NULL;
+
+  sp_config_functions sp_config_funcs_cookie_encryption[] = {
+      {parse_str, SP_TOKEN_NAME, &name},
+      {parse_int, SP_TOKEN_MASK_IPV4,
+       &(SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv4)},
+      {parse_int, SP_TOKEN_MASK_IPV6,
+       &(SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv6)},
+      {0}};
+
+  ret = parse_keywords(sp_config_funcs_cookie_encryption, line);
+  if (0 != ret) {
+    return ret;
+  }
+
+  if (32 < SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv4) {
+    SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv4 = 32;
+  }
+  if (128 < SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv6) {
+    SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv6 = 128;
+  }
+
+  if (name) {
+    zend_hash_str_add_empty_element(
+        SNUFFLEUPAGUS_G(config).config_cookie_encryption->names, name,
+        strlen(name));
+  }
+  return SUCCESS;
+}
+
+int parse_disabled_functions(char *line) {
+  int ret = 0;
+  bool enable = true, disable = false;
+  sp_disabled_function *df = pecalloc(sizeof(*df), 1, 1);
+
+  sp_config_functions sp_config_funcs_disabled_functions[] = {
+      {parse_empty, SP_TOKEN_ENABLE, &(enable)},
+      {parse_empty, SP_TOKEN_DISABLE, &(disable)},
+      {parse_str, SP_TOKEN_ALIAS, &(df->alias)},
+      {parse_empty, SP_TOKEN_SIMULATION, &(df->simulation)},
+      {parse_str, SP_TOKEN_FILENAME, &(df->filename)},
+      {parse_regexp, SP_TOKEN_FILENAME_REGEXP, &(df->r_filename)},
+      {parse_str, SP_TOKEN_FUNCTION, &(df->function)},
+      {parse_regexp, SP_TOKEN_FUNCTION_REGEXP, &(df->r_function)},
+      {parse_str, SP_TOKEN_DUMP, &(df->dump)},
+      {parse_empty, SP_TOKEN_ALLOW, &(df->allow)},
+      {parse_empty, SP_TOKEN_DROP, &(df->drop)},
+      {parse_str, SP_TOKEN_HASH, &(df->hash)},
+      {parse_str, SP_TOKEN_PARAM, &(df->param)},
+      {parse_regexp, SP_TOKEN_VALUE_REGEXP, &(df->regexp)},
+      {parse_str, SP_TOKEN_VALUE, &(df->value)},
+      {parse_regexp, SP_TOKEN_PARAM_REGEXP, &(df->r_param)},
+      {parse_php_type, SP_TOKEN_PARAM_TYPE, &(df->param_type)},
+      {parse_str, SP_TOKEN_RET, &(df->ret)},
+      {parse_cidr, SP_TOKEN_CIDR, &(df->cidr)},
+      {parse_regexp, SP_TOKEN_RET_REGEXP, &(df->r_ret)},
+      {parse_php_type, SP_TOKEN_RET_TYPE, &(df->ret_type)},
+      {parse_str, SP_TOKEN_LOCAL_VAR, &(df->var)},
+      {0}};
+
+  ret = parse_keywords(sp_config_funcs_disabled_functions, line);
+
+  if (0 != ret) {
+    return ret;
+  }
+
+  if (true == disable){
+    df->enable = false;
+  } else {
+    df->enable = true;
+  }
+
+  if (df->value && df->regexp) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s':"
+               "'.value' and '.regexp' are mutually exclusives.",
+               line);
+    return -1;
+  } else if (df->r_function && df->function) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s': "
+               "'.r_function' and '.function' are mutually exclusive.",
+               line);
+    return -1;
+  } else if (df->r_filename && df->filename) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s':"
+               "'.r_filename' and '.filename' are mutually exclusive.",
+               line);
+    return -1;
+  } else if (df->r_param && df->param) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s':"
+               "'.r_param' and '.param' are mutually exclusive.",
+               line);
+    return -1;
+  } else if (df->r_ret && df->ret) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s':"
+               "'.r_ret' and '.ret' are mutually exclusive.",
+               line);
+    return -1;
+  } else if ((df->r_ret || df->ret) && (df->r_param || df->param)) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s':"
+               "`ret` and `param` are mutually exclusives.",
+               line);
+    return -1;
+  } else if (!(df->r_function || df->function)) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s':"
+               " must take a function name.",
+               line);
+    return -1;
+  } else if (!(df->allow ^ df->drop)) {
+    sp_log_err("config",
+               "Invalid configuration line: 'sp.disabled_functions%s': The "
+               "rule must either be a `drop` or and `allow` one.",
+               line);
+    return -1;
+  }
+
+  if (df->param && strchr(df->param, '[')) {  // assume that this is an array
+    df->param_array_keys = sp_new_list();
+    if (0 != array_to_list(&df->param, &df->param_array_keys)) {
+      pefree(df->param_array_keys, 1);
+      return -1;
+    }
+    df->param_is_array = 1;
+  }
+  
+  if (df->var && strchr(df->var, '[')) {  // assume that this is an array
+    df->var_array_keys = sp_new_list();
+    if (0 != array_to_list(&df->var, &df->var_array_keys)) {
+      pefree(df->var_array_keys, 1);
+      return -1;
+    }
+    df->var_is_array = 1;
+  }
+
+  bool match = false;
+  const char *key[4] = {"include", "include_once", "require", "require_once"};
+  for (size_t i = 0; i < 4; i++) {
+    if (df->r_function && true == is_regexp_matching(df->r_function, key[i])) {
+      match = true;
+      break;
+    } else if (df->function && 0 == strcmp(df->function, key[i])) {
+      match = true;
+      break;
+    }
+  }
+  if (true == match && df->regexp) {
+    sp_list_insert(
+        SNUFFLEUPAGUS_G(config).config_regexp_inclusion->regexp_inclusion,
+        df->regexp);
+  } else if (df->ret || df->r_ret || df->ret_type) {
+    sp_list_insert(
+        SNUFFLEUPAGUS_G(config).config_disabled_functions_ret->disabled_functions,
+        df);
+  } else {
+    sp_list_insert(
+        SNUFFLEUPAGUS_G(config).config_disabled_functions->disabled_functions,
+        df);
+  }
+  return ret;
+}
+
+int parse_upload_validation(char *line) {
+  bool disable = false, enable = false;
+  sp_config_functions sp_config_funcs_upload_validation[] = {
+      {parse_str, SP_TOKEN_UPLOAD_SCRIPT,
+       &(SNUFFLEUPAGUS_G(config).config_upload_validation->script)},
+      {parse_empty, SP_TOKEN_SIMULATION,
+       &(SNUFFLEUPAGUS_G(config).config_upload_validation->simulation)},
+      {parse_empty, SP_TOKEN_ENABLE, &(enable)},
+      {parse_empty, SP_TOKEN_DISABLE, &(disable)},
+      {0}};
+
+  int ret = parse_keywords(sp_config_funcs_upload_validation, line);
+
+  if (0 != ret) {
+    return ret;
+  }
+
+  if (!(enable ^ disable)) {
+    sp_log_err("config", "A rule can't be enabled and disabled.");
+    return -1;
+  } 
+  SNUFFLEUPAGUS_G(config).config_upload_validation->enable = enable;
+
+  char const *script = SNUFFLEUPAGUS_G(config).config_upload_validation->script;
+
+  if (!script) {
+    sp_log_err("config", "The `script` directive is mandatory in %s",
+      line);
+    return -1;
+  } else if (-1 == access(script, F_OK)) {
+    sp_log_err("config", "The `script` (%s) doesn't exist.", script);
+    return -1;
+  } else if (-1 == access(script, X_OK)) {
+    sp_log_err("config", "The `script` (%s) isn't executable.", script);
+    return -1;
+  }
+  
+  return ret;
+}
diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h
new file mode 100644
index 0000000..40fac47
--- /dev/null
+++ b/src/sp_config_keywords.h
@@ -0,0 +1,16 @@
+#ifndef SP_CONFIG_KEYWORDS_H
+#define SP_CONFIG_KEYWORDS_H
+#include "php_snuffleupagus.h"
+
+int parse_random(char *line);
+int parse_disable_xxe(char *line);
+int parse_auto_cookie_secure(char *line);
+int parse_global_strict(char *line);
+int parse_global(char *line) ;
+int parse_cookie_encryption(char *line);
+int parse_unserialize(char *line) ;
+int parse_readonly_exec(char *line);
+int parse_disabled_functions(char *line) ;
+int parse_upload_validation(char *line);
+
+#endif // __SP_CONFIG_KEYWORDS_H
\ No newline at end of file
diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c
new file mode 100644
index 0000000..e05e95e
--- /dev/null
+++ b/src/sp_config_utils.c
@@ -0,0 +1,211 @@
+#include "php_snuffleupagus.h"
+
+static int validate_int(const char *value);
+static int validate_str(const char *value);
+
+static sp_pure int validate_int(const char *value) {
+  for (size_t i = 0; i < strlen(value); i++) {
+    if (!isdigit(value[i])) {
+      return -1;
+    }
+  }
+  return 0;
+}
+
+static sp_pure int validate_str(const char *value) {
+  int balance = 0;  // ghetto [] validation
+
+  if (!strchr(value, '[')) {
+    return 0;
+  }
+
+  for (size_t i = 0; i < strlen(value); i++) {
+    if (value[i] == '[') {
+      balance++;
+    } else if (value[i] == ']') {
+      balance--;
+    }
+    if (balance < 0) {
+      return -1;
+    }
+  }
+  return balance != 0;
+}
+
+int parse_keywords(sp_config_functions *funcs, char *line) {
+  int value_len = 0;
+  const char *original_line = line;
+  for (size_t i = 0; funcs[i].func; i++) {
+    if (!strncmp(funcs[i].token, line, strlen(funcs[i].token))) {
+      line += strlen(funcs[i].token);
+      value_len = funcs[i].func(line, funcs[i].token, funcs[i].retval) + 1;
+      if (value_len == 0) {  // bad parameter
+        return -1;
+      }
+      line += value_len;
+      i = -1;  // we start the loop again
+    }
+  }
+  while (*line == ';' || *line == '\t' || *line == ' ') {
+    line++;
+  }
+
+  if (*line == '#') {
+    return 0;
+  }
+
+  if (*line) {
+    sp_log_err("config", "Trailing chars '%s' at the end of '%s'.", line,
+               original_line);
+    return -1;
+  }
+  return 0;
+}
+
+static char *get_string(size_t *consumed, char *restrict line,
+                        const char *restrict keyword) {
+  enum { IN_ESCAPE, NONE } state = NONE;
+  char *original_line = line;
+  size_t j = 0;
+
+  char *ret = NULL;
+  if (NULL == line) {
+    goto err;
+  }
+
+  ret = pecalloc(sizeof(char), strlen(original_line) + 1, 1);
+
+  /* The first char of a string is always '"', since they MUST be quoted. */
+  if ('"' == *line) {
+    line++;
+  } else {
+    goto err;
+  }
+
+  for (size_t i = 0; line[i] && j < strlen(original_line) - 2; i++) {
+    switch (line[i]) {
+      case '"':
+        /* A double quote at this point is either:
+          - at the very end of the string.
+          - escaped
+          */
+        if ((state == NONE) && (line[i + 1] == SP_TOKEN_END_PARAM)) {
+          /* The `+2` if for
+           1. the terminal double-quote
+           2. the SP_TOKEN_END_PARAM
+           */
+          *consumed = i + 2;
+          return ret;
+        } else if (state == IN_ESCAPE) {
+          break;  // we're on an escped double quote
+        } else {
+          goto err;
+        }
+      case '\\':
+        if (state == NONE) {
+          state = IN_ESCAPE;
+          continue;
+        }
+      default:
+        break;
+    }
+    if (state == IN_ESCAPE) {
+      state = NONE;
+    }
+    ret[j++] = line[i];
+  }
+err:
+  sp_log_err("error",
+             "There is an issue with the parsing of '%s': it doesn't look like a valid string.",
+             original_line ? original_line : "NULL");
+  line = NULL;
+  return NULL;
+}
+
+static char *get_misc(char *restrict line, const char *restrict keyword) {
+  size_t i = 0;
+  char *ret = pecalloc(sizeof(char), 1024, 1);
+
+  while (i < 1024 - 1 && line[i] && line[i] != SP_TOKEN_END_PARAM) {
+    ret[i] = line[i];
+    i++;
+  }
+
+  if (line[i] != SP_TOKEN_END_PARAM) {
+    if (i >= 1024 - 1) {
+      sp_log_err("config", "The following line is too long: %s.", line);
+                } else {
+      sp_log_err("config", "Missing closing %c in line %s.", SP_TOKEN_END_PARAM,
+                 line);
+                }
+    return NULL;
+  } else if (i == 0) {
+    sp_log_err("config", "The keyword %s%c is expecting a parameter.",
+     keyword, SP_TOKEN_END_PARAM);
+    return NULL;
+  }
+  return ret;
+}
+
+char *get_param(size_t *consumed, char *restrict line, sp_type type,
+                const char *restrict keyword) {
+  char *retval = NULL;
+  if (type == SP_TYPE_STR) {
+    retval = get_string(consumed, line, keyword);
+  } else {
+    retval = get_misc(line, keyword);
+    *consumed = retval ? strlen(retval) : 0;
+  }
+
+  if (retval) {
+    if (type == SP_TYPE_STR && 0 == validate_str(retval)) {
+      return retval;
+    } else if (type == SP_TYPE_INT && 0 == validate_int(retval)) {
+      return retval;
+    }
+  }
+  return NULL;
+}
+
+// FIXME this is leaking like hell @blotus
+int array_to_list(char **name_ptr, sp_node_t **keys) {
+  int in_key = 0;
+  size_t i = 0;
+  char *name = *name_ptr;
+  char *key_name = ecalloc(strlen(name) + 1, 1);  // im way too lazy for
+                                                       // now
+  char *tmp = ecalloc(strlen(name) + 1, 1);
+
+  for (i = 0; name[i] != '['; i++) {
+    tmp[i] = name[i];
+  }
+  tmp[i] = 0;
+
+  for (size_t j = 0; name[i]; i++) {
+    const char c = name[i];
+    if (c == '[') {
+      if (in_key == 0) {
+        in_key = 1;
+      } else {
+        efree(key_name);
+        return -1;
+      }
+    } else if (c == ']') {
+      if (in_key == 0) {
+        efree(key_name);
+        return -1;
+      } else {
+        in_key = 0;
+        j = 0;
+        sp_list_insert(*keys, pestrdup(key_name, 1));
+        memset(key_name, 0, strlen(name) + 1);
+      }
+    } else if (in_key == 1) {
+      key_name[j] = c;
+      j++;
+    }
+  }
+  efree(key_name);
+  *name_ptr = pestrdup(tmp, 1);
+  return in_key;
+}
diff --git a/src/sp_config_utils.h b/src/sp_config_utils.h
new file mode 100644
index 0000000..f2f8fce
--- /dev/null
+++ b/src/sp_config_utils.h
@@ -0,0 +1,8 @@
+#ifndef SP_CONFIG_UTILS
+#define SP_CONFIG_UTILS
+
+int parse_keywords(sp_config_functions *, char *);
+char *get_param(size_t *, char *restrict, sp_type, const char *restrict);
+int array_to_list(char **, sp_node_t **);
+
+#endif /* SP_CONFIG_UTILS */
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
new file mode 100644
index 0000000..5248486
--- /dev/null
+++ b/src/sp_cookie_encryption.c
@@ -0,0 +1,216 @@
+#include "php_snuffleupagus.h"
+
+#include "ext/standard/url.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+static unsigned int nonce_d = 0;
+
+static inline void generate_key(unsigned char *key) {
+  PHP_SHA256_CTX ctx;
+  const char *user_agent = sp_getenv("HTTP_USER_AGENT");
+  const char *remote_addr = sp_getenv("REMOTE_ADDR");
+  const char *encryption_key =
+      SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key;
+
+  /* 32 is the size of a SHA256. */
+  assert(32 == crypto_secretbox_KEYBYTES);
+
+  PHP_SHA256Init(&ctx);
+
+  if (user_agent) {
+    PHP_SHA256Update(&ctx, (unsigned char *)user_agent, strlen(user_agent));
+  }
+
+  if (remote_addr) {
+    char out[128];
+          apply_mask_on_ip(out, remote_addr);
+    PHP_SHA256Update(&ctx, (unsigned char*)out, sizeof(out));
+  }
+
+  if (encryption_key) {
+    PHP_SHA256Update(&ctx, (const unsigned char *)encryption_key,
+                     strlen(encryption_key));
+  }
+
+  PHP_SHA256Final((unsigned char *)key, &ctx);
+}
+
+int decrypt_cookie(zval *pDest, int num_args, va_list args,
+                   zend_hash_key *hash_key) {
+  unsigned char key[crypto_secretbox_KEYBYTES] = {0};
+  size_t value_len;
+  zend_string *debase64;
+  unsigned char *decrypted;
+  int ret = 0;
+
+  /* If the cookie isn't in the conf, it shouldn't be encrypted. */
+  if (0 ==
+      zend_hash_exists(SNUFFLEUPAGUS_G(config).config_cookie_encryption->names,
+                       hash_key->key)) {
+    return ZEND_HASH_APPLY_KEEP;
+  }
+
+  generate_key(key);
+
+  value_len = php_url_decode(Z_STRVAL_P(pDest), Z_STRLEN_P(pDest));
+
+  if (value_len == 0) {
+    return ZEND_HASH_APPLY_KEEP;
+  }
+
+  debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), value_len);
+
+  if (value_len <
+      crypto_secretbox_NONCEBYTES + crypto_secretbox_ZEROBYTES) {
+    sp_log_msg("cookie_encryption", LOG_DROP,
+        "Buffer underflow tentative detected in cookie encryption handling.");
+    return ZEND_HASH_APPLY_REMOVE;
+  }
+
+  decrypted = pecalloc(value_len, 1, 0);
+
+  ret = crypto_secretbox_open(
+      decrypted,
+      (unsigned char *)(ZSTR_VAL(debase64) + crypto_secretbox_NONCEBYTES),
+      ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES,
+      (unsigned char *)ZSTR_VAL(debase64), key);
+
+  if (ret == -1) {
+    sp_log_msg("cookie_encryption", LOG_DROP,
+      "Something went wrong with the decryption of %s.",
+               ZSTR_VAL(hash_key->key));
+    return ZEND_HASH_APPLY_REMOVE;
+  }
+
+  ZVAL_STRINGL(pDest, (char *)(decrypted + crypto_secretbox_ZEROBYTES),
+               ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES - 1 -
+                   crypto_secretbox_ZEROBYTES);
+
+  return ZEND_HASH_APPLY_KEEP;
+}
+
+/**
+  This function will return the `data` of length `data_len` encrypted in the
+  form
+  base64(nonce | encrypted_data) (with `|` being the concatenation
+  operation).
+
+  The `nonce` is time-based.
+*/
+static zend_string *encrypt_data(char *data, unsigned long long data_len) {
+  const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1;
+  const size_t emsg_and_nonce_len = encrypted_msg_len + crypto_secretbox_NONCEBYTES;
+
+  unsigned char key[crypto_secretbox_KEYBYTES] = {0};
+  unsigned char nonce[crypto_secretbox_NONCEBYTES] = {0};
+  unsigned char *data_to_encrypt = pecalloc(encrypted_msg_len, 1, 0);
+  unsigned char *encrypted_data = pecalloc(emsg_and_nonce_len, 1, 1);
+
+  generate_key(key);
+
+  /* tweetnacl's API requires the message to be padded with
+  crypto_secretbox_ZEROBYTES zeroes. */
+  memcpy(data_to_encrypt + crypto_secretbox_ZEROBYTES, data, data_len);
+
+  assert(sizeof(size_t) <= crypto_secretbox_NONCEBYTES);
+
+  nonce_d++;
+  sscanf((char*)nonce, "%ud", &nonce_d); 
+
+  memcpy(encrypted_data, nonce, crypto_secretbox_NONCEBYTES);
+  crypto_secretbox(encrypted_data + crypto_secretbox_NONCEBYTES,
+                   data_to_encrypt, encrypted_msg_len, nonce, key);
+
+  zend_string *z = php_base64_encode(encrypted_data, emsg_and_nonce_len);
+  sp_log_debug("cookie_encryption", "Cookie value:%s:", z->val);
+  return z;
+}
+
+PHP_FUNCTION(sp_setcookie) {
+  zval params[7] = { 0 };
+  zend_string *name = NULL, *value = NULL, *path = NULL, *domain = NULL;
+  zend_long expires = 0;
+  zend_bool secure = 0, httponly = 0;
+  zval ret_val;
+  zval func_name;
+
+  ZEND_PARSE_PARAMETERS_START(1, 7)
+  Z_PARAM_STR(name)
+  Z_PARAM_OPTIONAL
+  Z_PARAM_STR(value)
+  Z_PARAM_LONG(expires)
+  Z_PARAM_STR(path)
+  Z_PARAM_STR(domain)
+  Z_PARAM_BOOL(secure)
+  Z_PARAM_BOOL(httponly)
+  ZEND_PARSE_PARAMETERS_END();
+
+  /* If the request was issued over HTTPS, the cookie should be "secure" */
+  if (SNUFFLEUPAGUS_G(config).config_auto_cookie_secure) {
+    const zval server_vars = PG(http_globals)[TRACK_VARS_SERVER];
+    if (Z_TYPE(server_vars) == IS_ARRAY) {
+      const zval *is_https =
+          zend_hash_str_find(Z_ARRVAL(server_vars), "HTTPS", strlen("HTTPS"));
+      if (NULL != is_https) {
+        secure = 1;
+      }
+    }
+  }
+
+  /* If the cookie's value is encrypted, it won't be usable by
+   * javascript anyway.
+   */
+  if (zend_hash_exists(SNUFFLEUPAGUS_G(config).config_cookie_encryption->names,
+                       name) > 0) {
+    httponly = 1;
+  }
+
+  /* Shall we encrypt the cookie's value? */
+  if (zend_hash_exists(SNUFFLEUPAGUS_G(config).config_cookie_encryption->names,
+                       name) > 0 && value) {
+    zend_string *encrypted_data = encrypt_data(value->val, value->len);
+    ZVAL_STR_COPY(&params[1], encrypted_data);
+    zend_string_release(encrypted_data);
+  } else if (value) {
+    ZVAL_STR_COPY(&params[1], value);
+  }
+
+  ZVAL_STRING(&func_name, "setcookie");
+  ZVAL_STR_COPY(&params[0], name);
+  ZVAL_LONG(&params[2], expires);
+  if (path) {
+    ZVAL_STR_COPY(&params[3], path);
+  }
+  if (domain) {
+    ZVAL_STR_COPY(&params[4], domain);
+  }
+  if (secure) {
+    ZVAL_LONG(&params[5], secure);
+  }
+  if (httponly) {
+    ZVAL_LONG(&params[6], httponly);
+  }
+
+  /* This is the _fun_ part: because PHP is utterly idiotic and nonsensical,
+  the `call_user_function` macro will __discard__ (yes) its first argument
+  (the hashtable), effectively calling functions from `CG(function_table)`.
+  This is why were replacing our hook with the original function, calling
+  the function, and then re-hooking it. */
+  void (*handler)(INTERNAL_FUNCTION_PARAMETERS);
+  handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), "setcookie",
+                                   strlen("setcookie"));
+  zend_internal_function *func = zend_hash_str_find_ptr(
+      CG(function_table), "setcookie", strlen("setcookie"));
+  func->handler = handler;
+
+  call_user_function(CG(function_table), NULL, &func_name, &ret_val, 7, params);
+
+  func->handler = PHP_FN(sp_setcookie);
+}
+
+int hook_cookies() {
+  HOOK_FUNCTION("setcookie", sp_internal_functions_hook, PHP_FN(sp_setcookie), false);
+
+  return SUCCESS;
+}
diff --git a/src/sp_cookie_encryption.h b/src/sp_cookie_encryption.h
new file mode 100644
index 0000000..9904738
--- /dev/null
+++ b/src/sp_cookie_encryption.h
@@ -0,0 +1,17 @@
+
+#ifndef __SP_COOKIE_ENCRYPTION
+#define __SP_COOKIE_ENCRYPTION
+
+#include "SAPI.h"
+#include "tweetnacl.h"
+
+#include "sp_utils.h"
+
+#include "ext/hash/php_hash.h"
+#include "ext/hash/php_hash_sha.h"
+#include "ext/standard/base64.h"
+
+int hook_cookies();
+int decrypt_cookie(zval *pDest, int num_args, va_list args, zend_hash_key *hash_key);
+
+#endif /* __SP_COOKIE_ENCRYPTION */
diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
new file mode 100644
index 0000000..d11b3d0
--- /dev/null
+++ b/src/sp_disable_xxe.c
@@ -0,0 +1,25 @@
+#include "php_snuffleupagus.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+PHP_FUNCTION(sp_libxml_disable_entity_loader) { RETURN_TRUE; }
+
+int hook_libxml_disable_entity_loader() {
+  zval func_name;
+  zval hmac;
+  zval params[1];
+
+  TSRMLS_FETCH();
+
+  /* Call the php function here instead of re-implementing it is a bit
+   * ugly, but we do not want to introduce compile-time dependencies against
+   * libxml. */
+  ZVAL_STRING(&func_name, "libxml_disable_entity_loader");
+  ZVAL_STRING(&params[0], "true");
+  call_user_function(CG(function_table), NULL, &func_name, &hmac, 1, params);
+
+  HOOK_FUNCTION("libxml_disable_entity_loader", sp_internal_functions_hook,
+                PHP_FN(sp_libxml_disable_entity_loader), false);
+
+  return SUCCESS;
+}
diff --git a/src/sp_disable_xxe.h b/src/sp_disable_xxe.h
new file mode 100644
index 0000000..274c169
--- /dev/null
+++ b/src/sp_disable_xxe.h
@@ -0,0 +1,6 @@
+#ifndef __SP_DISABLE_XXE_H
+#define __SP_DISABLE_XXE_H
+
+int hook_libxml_disable_entity_loader();
+
+#endif /* __SP_DISABLE_XXE_H */
diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
new file mode 100644
index 0000000..55d782b
--- /dev/null
+++ b/src/sp_disabled_functions.c
@@ -0,0 +1,356 @@
+#include "php_snuffleupagus.h"
+
+#include "zend_execute.h"
+#include "zend_hash.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus);
+
+ZEND_COLD static zend_always_inline bool is_hash_matching(
+    const char* current_filename,
+    sp_disabled_function const* const config_node) {
+  char current_file_hash[SHA256_SIZE * 2];
+  compute_hash(current_filename, current_file_hash);
+  return (0 == strncmp(current_file_hash, config_node->hash, SHA256_SIZE));
+}
+
+static zend_always_inline char* get_complete_function_path(
+    zend_execute_data const* const execute_data) {
+  char const* class_name;
+  char const* const function_name =
+      ZSTR_VAL(execute_data->func->common.function_name);
+  char* complete_path_function = NULL;
+
+  class_name = get_active_class_name(NULL);
+  if (*class_name) {
+    const size_t len = strlen(class_name) + 2 + strlen(function_name) + 1;
+    complete_path_function = emalloc(len);
+    snprintf(complete_path_function, len, "%s::%s", class_name, function_name);
+  } else {
+    complete_path_function = estrdup(function_name);
+  }
+  return complete_path_function;
+}
+
+static bool is_local_var_matching(zend_execute_data *execute_data, const sp_disabled_function *const config_node) {
+  zend_execute_data *orig_execute_data = execute_data;
+  
+  /*because execute_data points to hooked function data,
+   which we dont care about */
+  zend_execute_data *current = execute_data->prev_execute_data;
+  zval *value = NULL;
+  
+  while (current) {
+    zend_string *key = NULL;
+    EG(current_execute_data) = current;
+    zend_array *symtable = zend_rebuild_symbol_table();
+    ZEND_HASH_FOREACH_STR_KEY_VAL(symtable, key, value) {
+      if (0 == strcmp(config_node->var, key->val)) { // is the var name right?
+        if (Z_TYPE_P(value) == IS_INDIRECT) {
+          value = Z_INDIRECT_P(value);
+        }
+        if (Z_TYPE_P(value) != IS_ARRAY) {
+          char *var_value_str = sp_convert_to_string(value);
+          if (true == sp_match_value(var_value_str, config_node->value, config_node->regexp)) {
+            efree(var_value_str);
+            EG(current_execute_data) = orig_execute_data;
+            return true;
+          }
+          efree(var_value_str);
+        }
+        else {
+          EG(current_execute_data) = orig_execute_data;
+          return sp_match_array_key_recurse(value, config_node->var_array_keys, config_node->value, NULL);
+        }
+      }
+    }
+    ZEND_HASH_FOREACH_END();
+    current = current->prev_execute_data;
+  }
+
+  EG(current_execute_data) = orig_execute_data;
+  return false;
+}
+
+bool should_disable(zend_execute_data* execute_data) {
+  const char* current_filename = zend_get_executed_filename(TSRMLS_C);
+  const sp_node_t* config =
+      SNUFFLEUPAGUS_G(config).config_disabled_functions->disabled_functions;
+  const char* function_name =
+      ZSTR_VAL(execute_data->func->common.function_name);
+  char* complete_path_function;
+  char const* client_ip = sp_getenv("REMOTE_ADDR");
+
+  if (!function_name) {
+    return false;
+  }
+
+  if (!config || !config->data) {
+    return false;
+  }
+
+  complete_path_function = get_complete_function_path(execute_data);
+
+  while (config) {
+    sp_disabled_function const* const config_node =
+        (sp_disabled_function*)(config->data);
+    const char* arg_name = NULL;
+    const char* arg_value_str = NULL;
+
+    if (false == config_node->enable) {
+      goto next;
+    }
+
+    if (config_node->function) { /* Litteral match against the function name. */
+      if (0 != strcmp(config_node->function, complete_path_function)) {
+        goto next;
+      }
+    } else if (config_node->r_function) {
+      if (false ==
+          is_regexp_matching(config_node->r_function, complete_path_function)) {
+        goto next;
+      }
+    }
+    if (config_node->var) {
+      if (false == is_local_var_matching(execute_data, config_node)) {
+        goto next;
+      }
+    }
+
+    if (config_node->filename) { /* Check the current file name. */
+      if (0 != strcmp(current_filename, config_node->filename)) {
+        goto next;
+      }
+    } else if (config_node->r_filename) {
+      if (false ==
+          is_regexp_matching(config_node->r_filename, current_filename)) {
+        goto next;
+      }
+    }
+
+    if (config_node->hash) {
+      if (false == is_hash_matching(current_filename, config_node)) {
+        goto next;
+      }
+    }
+
+    if (client_ip && config_node->cidr &&
+        (false == cidr_match(client_ip, config_node->cidr))) {
+      goto next;
+    }
+
+    /* Check if we filter on parameter value*/
+    if (config_node->param || config_node->r_param) {
+      const unsigned int nb_param = execute_data->func->common.num_args;
+      bool arg_matched = false;
+
+      for (unsigned int i = 0; i < nb_param; i++) {
+        arg_matched = false;
+        if (ZEND_USER_CODE(execute_data->func->type)) {  // yay consistency
+          arg_name = ZSTR_VAL(execute_data->func->common.arg_info[i].name);
+        } else {
+          arg_name = execute_data->func->internal_function.arg_info[i].name;
+        }
+
+        const bool arg_matching =
+            config_node->param && (0 == strcmp(arg_name, config_node->param));
+        const bool pcre_matching =
+            config_node->r_param &&
+            (true == is_regexp_matching(config_node->r_param, arg_name));
+
+        /* This is the parameter name we're looking for. */
+        if (true == arg_matching || true == pcre_matching) {
+          zval* arg_value = ZEND_CALL_VAR_NUM(execute_data, i);
+
+          if (config_node->param_type) {  // Are we matching on the `type`?
+            if (config_node->param_type == Z_TYPE_P(arg_value)) {
+              arg_matched = true;
+              break;
+            }
+          } else if (Z_TYPE_P(arg_value) == IS_ARRAY) {
+            arg_value_str = estrdup("Array");
+            // match on arr -> match on all key content, if a key is an array,
+            // ignore it
+            // match on arr[foo] -> match only on key foo, if the key is an
+            // array, match on all keys content
+            if (config_node->param_is_array == true) {
+              if (true == sp_match_array_key_recurse(
+                              arg_value, config_node->param_array_keys,
+                              config_node->value, config_node->regexp)) {
+                arg_matched = true;
+                break;
+              }
+            } else {  // match on all keys, but don't go into subarray
+              if (true == sp_match_array_key(arg_value, config_node->value,
+                                             config_node->regexp)) {
+                arg_matched = true;
+                break;
+              }
+            }
+          } else {
+            arg_value_str = sp_convert_to_string(arg_value);
+            if (true == sp_match_value(arg_value_str, config_node->value,
+                                       config_node->regexp)) {
+              arg_matched = true;
+              break;
+            }
+          }
+        }
+      }
+      if (false == arg_matched) {
+        goto next;
+      }
+    }
+
+    /* Everything matched.*/
+
+    if (true == config_node->allow) {
+      goto allow;
+    }
+
+    sp_log_disable(complete_path_function, arg_name, arg_value_str,
+                   config_node);
+    if (true == config_node->simulation) {
+      goto next;
+    } else {  // We've got a match, the function won't be executed
+      efree(complete_path_function);
+      return true;
+    }
+next:
+config = config->next;
+  }
+allow:
+  efree(complete_path_function);
+  return false;
+}
+
+static bool should_drop_on_ret(zval* return_value,
+                               const zend_execute_data* const execute_data) {
+  const sp_node_t* config =
+      SNUFFLEUPAGUS_G(config).config_disabled_functions_ret->disabled_functions;
+  char* complete_path_function = get_complete_function_path(execute_data);
+  const char* current_filename = zend_get_executed_filename(TSRMLS_C);
+
+  if (!config || !config->data) {
+    return false;
+  }
+
+  while (config) {
+    char* ret_value_str = NULL;
+    sp_disabled_function const* const config_node =
+        (sp_disabled_function*)(config->data);
+
+    if (false == config_node->enable) {
+      goto next;
+    }
+
+    if (config_node->function) {
+      if (0 != strcmp(config_node->function, complete_path_function)) {
+        goto next;
+      }
+    } else if (config_node->r_function) {
+      if (false ==
+          is_regexp_matching(config_node->r_function, complete_path_function)) {
+        goto next;
+      }
+    }
+
+    if (config_node->filename) { /* Check the current file name. */
+      if (0 != strcmp(current_filename, config_node->filename)) {
+        goto next;
+      }
+    } else if (config_node->r_filename) {
+      if (false ==
+          is_regexp_matching(config_node->r_filename, current_filename)) {
+        goto next;
+      }
+    }
+
+    if (config_node->hash) {
+      if (false == is_hash_matching(current_filename, config_node)) {
+        goto next;
+      }
+    }
+
+    ret_value_str = sp_convert_to_string(return_value);  // FIXME memleak
+
+    bool match_type = (config_node->ret_type) &&
+                      (config_node->ret_type == Z_TYPE_P(return_value));
+    bool match_value = (config_node->ret || config_node->r_ret) &&
+                       (true == sp_match_value(ret_value_str, config_node->ret,
+                                               config_node->r_ret));
+
+    if (true == match_type || match_value) {
+      if (true == config_node->allow) {
+        efree(complete_path_function);
+        return false;
+      }
+      sp_log_disable_ret(complete_path_function, ret_value_str, config_node);
+      if (false == config_node->simulation) {
+        efree(complete_path_function);
+        return true;
+      }
+    }
+  next:
+    config = config->next;
+  }
+  efree(complete_path_function);
+  return false;
+}
+
+ZEND_FUNCTION(check_disabled_function) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+  const char* current_function_name = get_active_function_name(TSRMLS_C);
+
+  if (true == should_disable(execute_data)) {
+    return;
+  }
+
+  if ((orig_handler = zend_hash_str_find_ptr(
+           SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name,
+           strlen(current_function_name)))) {
+    orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+    if (true == should_drop_on_ret(return_value, execute_data)) {
+      zend_bailout();
+    }
+  } else {
+    sp_log_err(
+        "disabled_functions",
+        "Unable to find the pointer to the original function '%s' in the "
+        "hashtable.\n",
+        current_function_name);
+  }
+}
+
+static int hook_functions(const sp_node_t* config) {
+  while (config && config->data) {
+    const char* function_name = ((sp_disabled_function*)config->data)->function;
+    const pcre* function_name_regexp =
+        ((sp_disabled_function*)config->data)->r_function;
+
+    if (NULL != function_name) {  // hook function by name
+      HOOK_FUNCTION(function_name, disabled_functions_hook,
+                    PHP_FN(check_disabled_function), false);
+    } else if (NULL != function_name_regexp) {  // hook function by regexp
+      HOOK_FUNCTION_BY_REGEXP(function_name_regexp, disabled_functions_hook,
+                              PHP_FN(check_disabled_function), false);
+    } else {
+      return FAILURE;
+    }
+
+    config = config->next;
+  }
+  return SUCCESS;
+}
+
+int hook_disabled_functions(void) {
+  TSRMLS_FETCH();
+
+  int ret = SUCCESS;
+
+  ret |= hook_functions(
+      SNUFFLEUPAGUS_G(config).config_disabled_functions->disabled_functions);
+  ret |= hook_functions(SNUFFLEUPAGUS_G(config)
+                            .config_disabled_functions_ret->disabled_functions);
+
+  return ret;
+}
diff --git a/src/sp_disabled_functions.h b/src/sp_disabled_functions.h
new file mode 100644
index 0000000..680eabb
--- /dev/null
+++ b/src/sp_disabled_functions.h
@@ -0,0 +1,11 @@
+#ifndef __SP_DISABLE_FUNCTIONS_H
+#define __SP_DISABLE_FUNCTIONS_H
+
+#include "ext/hash/php_hash.h"
+#include "ext/hash/php_hash_sha.h"
+#include "ext/standard/md5.h"
+
+int hook_disabled_functions();
+bool should_disable(zend_execute_data* function_name);
+
+#endif /* __SP_DISABLE_FUNCTIONS_H */
diff --git a/src/sp_execute.c b/src/sp_execute.c
new file mode 100644
index 0000000..faf126c
--- /dev/null
+++ b/src/sp_execute.c
@@ -0,0 +1,100 @@
+#include "php_snuffleupagus.h"
+
+#include <errno.h>
+#include <string.h>
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus);
+
+static void (*orig_execute_ex)(zend_execute_data *execute_data);
+static int (*orig_zend_stream_open)(const char *filename,
+                                             zend_file_handle *handle);
+
+// FIXME handle symlink
+ZEND_COLD static inline void terminate_if_writable(const char *filename) {
+  if (0 == access(filename, W_OK)) {
+    if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->simulation) {
+      sp_log_msg("readonly_exec", LOG_NOTICE,
+        "Attempted execution of a writable file (%s).", filename);
+    } else {
+      sp_log_msg("readonly_exec", LOG_DROP,
+        "Attempted execution of a writable file (%s).", filename);
+      sp_terminate();
+    }
+  } else {
+    if (EACCES != errno) {
+      sp_log_err("Writable execution", "Error while accessing %s: %s", filename,
+        strerror(errno));
+    }
+  }
+}
+
+static void check_inclusion_regexp(const char * const filename) {
+  if (SNUFFLEUPAGUS_G(config).config_regexp_inclusion->regexp_inclusion) {
+    const sp_node_t* config = SNUFFLEUPAGUS_G(config).config_regexp_inclusion->regexp_inclusion;
+    if (!config || !config->data) {
+      return;
+    }
+    while (config) {
+      pcre *config_node = (pcre*)(config->data);
+      if (false == is_regexp_matching(config_node, filename)) {
+        sp_log_msg("include", LOG_DROP, "Inclusion of a forbidden file (%s).", filename);
+        sp_terminate();
+      }
+      config = config->next;
+    }
+  }
+}
+
+static void sp_execute_ex(zend_execute_data *execute_data) {
+  if (NULL == execute_data->func->common.function_name) {
+    goto execute;
+  }
+
+  if (true == should_disable(execute_data)) {
+    return;
+  }
+
+  if (execute_data->func->op_array.type == ZEND_EVAL_CODE) {
+    sp_log_debug("Currently in an eval\n");
+  }
+
+  if (NULL != execute_data->func->op_array.filename) {
+    if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) {
+      terminate_if_writable(ZSTR_VAL(execute_data->func->op_array.filename));
+    }
+}
+
+execute:
+  orig_execute_ex(execute_data);
+}
+
+static int sp_stream_open(const char *filename,
+                                   zend_file_handle *handle) {
+  const zend_execute_data *data = EG(current_execute_data);
+
+  if ((NULL != data) && (NULL != data->opline) && 
+      (ZEND_INCLUDE_OR_EVAL == data->opline->opcode)) {
+    if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) {
+      terminate_if_writable(filename);
+    }
+    check_inclusion_regexp(filename);
+  }
+  return orig_zend_stream_open(filename, handle);
+}
+
+int hook_execute(void) {
+  TSRMLS_FETCH();
+
+  /* zend_execute_ex is used for "classic" function calls */
+  orig_execute_ex = zend_execute_ex;
+  zend_execute_ex = sp_execute_ex;
+
+  /* zend_stream_open_function is used FIXME */
+  orig_zend_stream_open = zend_stream_open_function;
+  zend_stream_open_function = sp_stream_open;
+
+  /* zend_execute_internal is used for "indirect" functions call,
+   * like array_map or call_user_func. */
+
+  return SUCCESS;
+}
diff --git a/src/sp_execute.h b/src/sp_execute.h
new file mode 100644
index 0000000..8345736
--- /dev/null
+++ b/src/sp_execute.h
@@ -0,0 +1,6 @@
+#ifndef SP_EXECUTE_H
+#define SP_EXECUTE_H
+
+int hook_execute(void);
+
+#endif /* SP_EXECUTE_H */
diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c
new file mode 100644
index 0000000..e0e35ff
--- /dev/null
+++ b/src/sp_harden_rand.c
@@ -0,0 +1,77 @@
+#include "php_snuffleupagus.h"
+
+extern ZEND_API zend_class_entry *zend_ce_error;
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+/* This function is needed because `rand` and `mt_rand` parameters
+ * are optional, while the ones from `random_int` aren't. */
+static void random_int_wrapper(INTERNAL_FUNCTION_PARAMETERS) {
+  zend_long min, max, result;
+
+  switch (EX_NUM_ARGS()) {
+  case 0:
+    min = 0;
+    max = PHP_MT_RAND_MAX;
+    break;
+  case 1:
+    ZEND_PARSE_PARAMETERS_START_EX(ZEND_PARSE_PARAMS_QUIET, 1, 1);
+    Z_PARAM_LONG(min);
+    ZEND_PARSE_PARAMETERS_END();
+    max = PHP_MT_RAND_MAX;
+    break;
+  case 2:
+  default:
+    ZEND_PARSE_PARAMETERS_START_EX(ZEND_PARSE_PARAMS_QUIET, 0, 2);
+    Z_PARAM_LONG(min);
+    Z_PARAM_LONG(max);
+    ZEND_PARSE_PARAMETERS_END();
+  }
+
+  if (min > max) {
+    if (php_random_int_throw(max, min, &result) == FAILURE) {
+      return;
+    }
+  } else {
+    if (php_random_int_throw(min, max, &result) == FAILURE) {
+      return;
+    }
+  }
+
+  RETURN_LONG(result);
+}
+
+PHP_FUNCTION(sp_rand) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+
+  if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), "rand",
+                                             strlen("rand")))) {
+    /* call the original `rand` function,
+     * since we might no be the only ones to hook it*/
+    orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+  }
+
+  random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+}
+
+PHP_FUNCTION(sp_mt_rand) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+
+  if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                                             "mt_rand", strlen("mt_rand")))) {
+    /* call the original `mt_rand` function,
+     * since we might no be the only ones to hook it*/
+    orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+  }
+
+  random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+}
+
+int hook_rand() {
+  TSRMLS_FETCH();
+
+  HOOK_FUNCTION("rand", sp_internal_functions_hook, PHP_FN(sp_rand), false);
+  HOOK_FUNCTION("mt_rand", sp_internal_functions_hook, PHP_FN(sp_mt_rand), false);
+
+  return SUCCESS;
+}
diff --git a/src/sp_harden_rand.h b/src/sp_harden_rand.h
new file mode 100644
index 0000000..53ebdd0
--- /dev/null
+++ b/src/sp_harden_rand.h
@@ -0,0 +1,10 @@
+#ifndef __SP_HARDEN_RAND_H
+#define __SP_HARDEN_RAND_H
+
+#include "ext/standard/php_rand.h"
+#include "ext/standard/php_random.h"
+#include "zend_exceptions.h"
+
+int hook_rand();
+
+#endif /* __SP_HARDEN_RAND_H */
diff --git a/src/sp_list.c b/src/sp_list.c
new file mode 100644
index 0000000..04154b7
--- /dev/null
+++ b/src/sp_list.c
@@ -0,0 +1,37 @@
+#include "sp_list.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "php_snuffleupagus.h"
+
+void sp_list_free(sp_node_t *node) {
+  while(node) {
+    sp_node_t *tmp = node->next;
+    pefree(node, 1);
+    node = tmp;
+  }
+}
+
+sp_node_t *sp_new_list() {
+  sp_node_t *new = pecalloc(sizeof(*new), 1, 1);
+  new->next = new->data = new->head = NULL;
+  return new;
+}
+
+void sp_list_insert(sp_node_t *list, void *data) {
+  if (list->head == NULL) {
+    list->data = data;
+    list->next = NULL;
+    list->head = list;
+  } else {
+    sp_node_t *new = pecalloc(sizeof(*new), 1, 1);
+
+    new->data = data;
+    new->next = NULL;
+    new->head = list;
+
+    while (list->next) {
+      list = list->next;
+    }
+    list->next = new;
+  }
+}
diff --git a/src/sp_list.h b/src/sp_list.h
new file mode 100644
index 0000000..48b11f6
--- /dev/null
+++ b/src/sp_list.h
@@ -0,0 +1,15 @@
+#ifndef SP_LIST_H
+#define SP_LIST_H
+
+typedef struct sp_node_s {
+  struct sp_node_s *next;
+  struct sp_node_s *head;
+  void *data;
+
+} sp_node_t;
+
+sp_node_t *sp_new_list();
+void sp_list_insert(sp_node_t *, void *);
+void sp_list_free(sp_node_t *);
+
+#endif
diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c
new file mode 100644
index 0000000..28bc324
--- /dev/null
+++ b/src/sp_network_utils.c
@@ -0,0 +1,159 @@
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+
+#include "php_snuffleupagus.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+static inline bool cidr4_match(const struct in_addr addr,
+                               const struct in_addr net, uint8_t bits);
+static inline bool cidr6_match(const struct in6_addr address,
+                               const struct in6_addr network, uint8_t bits);
+static inline int get_ip_version(const char *ip);
+
+void apply_mask_on_ip(char *out, const char *const remote_addr) {
+  uint8_t mask4 = SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv4;
+  uint8_t mask6 = SNUFFLEUPAGUS_G(config).config_cookie_encryption->mask_ipv6;
+  const int ip_version = get_ip_version(remote_addr);
+
+  memset(out, 0, 128);
+
+  if (ip_version == AF_INET) {
+    struct in_addr out4;
+    inet_pton(AF_INET, remote_addr, &out4);
+    const long n = out4.s_addr & htonl(0xFFFFFFFFu << (32 - mask4));
+    out[0] = (n >> 24) & 0xFF;
+    out[1] = (n >> 16) & 0xFF;
+    out[2] = (n >> 8) & 0xFF;
+    out[3] = (n >> 0) & 0xFF;
+  } else if (ip_version == AF_INET6) {
+    inet_pton(AF_INET6, remote_addr, out);
+    uint32_t *p_ip = (uint32_t *)out;
+    while (32 < mask6) {
+      *p_ip = 0xFFFFFFFFu;
+      p_ip++;
+      mask6 -= 32;
+    }
+    if (0 != mask6) {
+      *p_ip = htonl(0xFFFFFFFFu << (32 - mask6));
+    }
+  } else {
+    sp_log_err("ip_mask", "It seems that %s isn't a valid ip.", remote_addr);
+  }
+}
+
+/* http://fxr.watson.org/fxr/source/include/net/xfrm.h?v=linux-2.6#L840 */
+static inline bool cidr4_match(const struct in_addr addr,
+                               const struct in_addr net, uint8_t bits) {
+  if (bits == 0) {  // C99 6.5.7 (3): u32 << 32 is undefined behaviour
+    return true;
+  }
+  return !((addr.s_addr ^ net.s_addr) & htonl(0xFFFFFFFFu << (32 - bits)));
+}
+
+static inline bool cidr6_match(const struct in6_addr address,
+                               const struct in6_addr network, uint8_t bits) {
+  //#ifdef LINUX
+  const uint32_t *a = address.s6_addr32;
+  const uint32_t *n = network.s6_addr32;
+  /*
+#else
+  const uint32_t *a = address.__u6_addr.__u6_addr32;
+  const uint32_t *n = network.__u6_addr.__u6_addr32;
+#endif
+*/
+  int bits_whole, bits_incomplete;
+  bits_whole = bits >> 5;         // number of whole u32
+  bits_incomplete = bits & 0x1F;  // number of bits in incomplete u32
+  if (bits_whole) {
+    if (memcmp(a, n, bits_whole << 2)) {
+      return false;
+    }
+  }
+  if (bits_incomplete) {
+    uint32_t mask = htonl((0xFFFFFFFFu) << (32 - bits_incomplete));
+    if ((a[bits_whole] ^ n[bits_whole]) & mask) {
+      return false;
+    }
+  }
+  return true;
+}
+
+static inline int get_ip_version(const char *ip) {
+  struct in_addr out4;
+  struct in6_addr out6;
+  int res = inet_pton(AF_INET, ip, &out4);
+  if (0 == res) {
+    if (1 == inet_pton(AF_INET6, ip, &out6)) {
+      return AF_INET6;
+    } else {
+      return -1;
+    }
+  } else if (1 == res) {
+    return AF_INET;
+  } else {
+    return -1;
+  }
+}
+
+// TODO factorise a bit this function
+bool cidr_match(const char *ip, const sp_cidr *cidr) {
+  struct in_addr out4;
+  struct in6_addr out6;
+
+  switch (get_ip_version(ip)) {
+    case AF_INET:
+      if (AF_INET != cidr->ip_version) {
+        return false;
+      }
+      inet_pton(AF_INET, ip, &out4);
+      return cidr4_match(out4, cidr->ip.ipv4, cidr->mask);
+    case AF_INET6:
+      if (AF_INET6 != cidr->ip_version) {
+        return false;
+      }
+      inet_pton(AF_INET6, ip, &out6);
+      return cidr6_match(out6, cidr->ip.ipv6, cidr->mask);
+    default:
+      sp_log_err("cidr_match", "Weird ip (%s) family", ip);
+      break;
+  }
+  return false;
+}
+
+int get_ip_and_cidr(char *ip, sp_cidr *cidr) {
+  errno = 0;
+  char *mask = strchr(ip, '/');
+
+  if (NULL == mask) {
+    sp_log_err("config",
+                        "'%s' isn't a valid network mask, it seems that you forgot a '/'.",
+            ip);
+    return -1;
+  }
+
+  if (sscanf(mask + 1, "%hhu", &(cidr->mask)) != 1) {
+    sp_log_err("config", "'%s' isn't a valid network mask.", mask + 1);
+    return -1;
+  }
+
+  ip[mask - ip] = '\0';  // NULL the '/' char
+
+  cidr->ip_version = get_ip_version(ip);
+
+  if (AF_INET == cidr->ip_version) {
+    if (cidr->mask > 32) {
+      sp_log_err("config", "'%d' isn't a valid ipv4 mask.", cidr->mask);
+      return -1;
+    }
+    inet_pton(AF_INET, ip, &(cidr->ip.ipv4));
+  } else if (AF_INET6 == cidr->ip_version) {
+    inet_pton(AF_INET6, ip, &(cidr->ip.ipv6));
+  } else {
+    return -1;
+  }
+
+  ip[mask - ip] = '/';
+  return 0;
+}
diff --git a/src/sp_network_utils.h b/src/sp_network_utils.h
new file mode 100644
index 0000000..6b6ce92
--- /dev/null
+++ b/src/sp_network_utils.h
@@ -0,0 +1,8 @@
+#ifndef SP_NETWORK_UTILS_H
+#define SP_NETWORK_UTILS_H
+
+int get_ip_and_cidr(char *, sp_cidr *);
+bool cidr_match(const char *, const sp_cidr *);
+void apply_mask_on_ip(char *, const char * const);
+
+#endif /*SP_NETWORK_UTILS_H*/
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
new file mode 100644
index 0000000..b5b67b4
--- /dev/null
+++ b/src/sp_unserialize.c
@@ -0,0 +1,111 @@
+#include "php_snuffleupagus.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+
+PHP_FUNCTION(sp_serialize) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+
+  /* Call the original `serialize` function. */
+  if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                                             "serialize", 9))) {
+    orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+  } else {
+    sp_log_err("disabled_functions",
+        "Unable to find the pointer to the original function 'serialize' in "
+        "the hashtable.\n");
+  }
+
+  /* Compute the HMAC of the textual representation of the serialized data*/
+  zval func_name;
+  zval hmac;
+  zval params[3];
+
+  ZVAL_STRING(&func_name, "hash_hmac");
+  ZVAL_STRING(&params[0], "sha256");
+  params[1] = *return_value;
+  ZVAL_STRING(&params[2],
+              SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key);
+  call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params);
+
+  size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac);
+  zend_string *res = zend_string_alloc(len, 0);
+
+  memcpy(ZSTR_VAL(res), Z_STRVAL_P(return_value), Z_STRLEN_P(return_value));
+  memcpy(ZSTR_VAL(res) + Z_STRLEN_P(return_value), Z_STRVAL(hmac),
+         Z_STRLEN(hmac));
+  ZSTR_VAL(res)[len] = '\0';
+
+  /* Append the computed HMAC to the serialized data. */
+  return_value->value.str = res;
+  return;
+}
+
+PHP_FUNCTION(sp_unserialize) {
+  void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+
+  char *buf = NULL;
+  char *serialized_str = NULL;
+  char *hmac = NULL;
+  zval expected_hmac;
+  size_t buf_len = 0;
+  zval *opts = NULL;
+
+  if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) ==
+      FAILURE) {
+    RETURN_FALSE;
+  }
+
+  /* 64 is the length of HMAC-256 */
+  if (buf_len < 64) {
+    sp_log_msg("unserialize", LOG_DROP, "The serialized object is too small.");
+    RETURN_FALSE;
+  }
+
+  hmac = buf + buf_len - 64;
+  serialized_str = ecalloc(sizeof(*serialized_str) * (buf_len - 64 + 1), 1);
+  memcpy(serialized_str, buf, buf_len - 64);
+
+  zval func_name;
+  ZVAL_STRING(&func_name, "hash_hmac");
+
+  zval params[3];
+  ZVAL_STRING(&params[0], "sha256");
+  ZVAL_STRING(&params[1], serialized_str);
+  ZVAL_STRING(&params[2],
+              SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key);
+  call_user_function(CG(function_table), NULL, &func_name, &expected_hmac, 3,
+                     params);
+
+  unsigned int status = 0;
+  for (uint8_t i = 0; i < 64; i++) {
+    status |= (hmac[i] ^ (Z_STRVAL(expected_hmac))[i]);
+  }
+
+  if (0 == status) {
+    if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                                               "unserialize", 11))) {
+      orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+    }
+  } else {
+    if ( true == SNUFFLEUPAGUS_G(config).config_unserialize->simulation) {
+      sp_log_msg("unserialize", LOG_NOTICE, "Invalid HMAC for %s", serialized_str);
+      if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook),
+                                               "unserialize", 11))) {
+        orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+      }
+    } else {
+      sp_log_msg("unserialize", LOG_DROP, "Invalid HMAC for %s", serialized_str);
+    }
+  }
+  efree(serialized_str);
+  return;
+}
+
+int hook_serialize(void) {
+  TSRMLS_FETCH();
+
+  HOOK_FUNCTION("serialize", sp_internal_functions_hook, PHP_FN(sp_serialize), false);
+  HOOK_FUNCTION("unserialize", sp_internal_functions_hook, PHP_FN(sp_unserialize), false);
+
+  return SUCCESS;
+}
diff --git a/src/sp_unserialize.h b/src/sp_unserialize.h
new file mode 100644
index 0000000..557c60c
--- /dev/null
+++ b/src/sp_unserialize.h
@@ -0,0 +1,9 @@
+#ifndef SP_UNSERIALIZE_H
+#define SP_UNSERIALIZE_H
+
+int hook_serialize(void);
+
+PHP_FUNCTION(sp_serialize);
+PHP_FUNCTION(sp_unserialize);
+
+#endif /* SP_UNSERIALIZE_H */
diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c
new file mode 100644
index 0000000..bbd7eae
--- /dev/null
+++ b/src/sp_upload_validation.c
@@ -0,0 +1,92 @@
+#include "php_snuffleupagus.h"
+#include "rfc1867.h"
+
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus);
+
+#define EFREE_3(env)               \
+  for (size_t i = 0; i < 4; i++) { \
+    efree(env[i]);                 \
+  }
+
+void hook_upload() {
+  sp_rfc1867_orig_callback = php_rfc1867_callback;
+  php_rfc1867_callback = sp_rfc1867_callback;
+}
+
+int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) {
+  int retval = SUCCESS;
+
+  if (sp_rfc1867_orig_callback) {
+    retval = sp_rfc1867_orig_callback(event, event_data, extra);
+  }
+
+  if (event == MULTIPART_EVENT_END) {
+    zend_string *file_key __attribute__((unused)) = NULL;
+    zval *file;
+    pid_t pid;
+
+    sp_log_debug(
+        "Got %d files",
+        zend_hash_num_elements(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES])));
+
+    ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]),
+                                  file_key, file) {  // for each uploaded file
+
+      char *filename =
+          Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "name", 4));
+      char *tmp_name =
+          Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "tmp_name", 8));
+      size_t filesize =
+          Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "size", 4));
+      char *cmd[3] = {0};
+      char *env[5] = {0};
+
+      sp_log_debug("Filename: %s\nTmpname: %s\nSize: %d\nError: %d\nScript: %s",
+                   filename, tmp_name, filesize,
+                   Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "error", 5)),
+                   SNUFFLEUPAGUS_G(config).config_upload_validation->script);
+
+      cmd[0] = SNUFFLEUPAGUS_G(config).config_upload_validation->script;
+      cmd[1] = tmp_name;
+      cmd[2] = NULL;
+
+      spprintf(&env[0], 0, "SP_FILENAME=%s", filename);
+      spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", sp_getenv("REMOTE_ADDR"));
+      spprintf(&env[2], 0, "SP_CURRENT_FILE=%s",
+               zend_get_executed_filename(TSRMLS_C));
+      spprintf(&env[3], 0, "SP_FILESIZE=%zu", filesize);
+      env[4] = NULL;
+
+      if ((pid = fork()) == 0) {
+        if (execve(SNUFFLEUPAGUS_G(config).config_upload_validation->script,
+                   cmd, env) == -1) {
+          sp_log_err("upload_validation", "Could not call '%s' : %s",
+                     SNUFFLEUPAGUS_G(config).config_upload_validation->script,
+                     strerror(errno));
+          EFREE_3(env);
+          exit(1);
+        }
+      } else if (pid == -1) {
+        sp_log_err("upload_validation", "Could not fork process : %s\n",
+                   strerror(errno));
+        EFREE_3(env);
+        continue;
+      }
+
+      EFREE_3(env);
+      int waitstatus;
+      wait(&waitstatus);
+      if (WEXITSTATUS(waitstatus) != 0) {  // Nope
+        char *uri = sp_getenv("REQUEST_URI");
+        int sim = SNUFFLEUPAGUS_G(config).config_upload_validation->simulation;
+        sp_log_msg("upload_valiation", sim?LOG_NOTICE:LOG_DROP,
+          "The upload of %s on %s was rejected.", filename, uri?uri:"?");
+        if (!SNUFFLEUPAGUS_G(config).config_upload_validation->simulation) {
+          zend_bailout();
+        }
+      }
+    }
+    ZEND_HASH_FOREACH_END();
+  }
+  return retval;
+}
diff --git a/src/sp_upload_validation.h b/src/sp_upload_validation.h
new file mode 100644
index 0000000..3d59527
--- /dev/null
+++ b/src/sp_upload_validation.h
@@ -0,0 +1,9 @@
+#ifndef __SP_UPLOAD_VALIDATION_H__
+#define __SP_UPLOAD_VALIDATION_H__
+
+void hook_upload();
+
+int (*sp_rfc1867_orig_callback)(unsigned int event, void *event_data, void **extra);
+int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra);
+
+#endif
diff --git a/src/sp_utils.c b/src/sp_utils.c
new file mode 100644
index 0000000..087f431
--- /dev/null
+++ b/src/sp_utils.c
@@ -0,0 +1,425 @@
+#include "php_snuffleupagus.h"
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static inline void _sp_log_err(const char* fmt, ...) {
+  char* msg;
+  va_list args;
+
+  va_start(args, fmt);
+  vspprintf(&msg, 0, fmt, args);
+  va_end(args);
+  php_log_err(msg);
+}
+
+void sp_log_msg(char const *feature, char const *level, const char* fmt, ...) {
+  char* msg;
+  va_list args;
+
+  va_start(args, fmt);
+  vspprintf(&msg, 0, fmt, args);
+  va_end(args);
+
+  char const * const client_ip = sp_getenv("REMOTE_ADDR");
+  _sp_log_err("[snuffleupagus][%s][%s][%s] %s", client_ip?client_ip:"0.0.0.0",
+    feature, level, msg);
+}
+
+int compute_hash(const char* const filename, char* file_hash) {
+  unsigned char buf[1024];
+  unsigned char digest[SHA256_SIZE];
+  PHP_SHA256_CTX context;
+  size_t n;
+
+  php_stream* stream =
+      php_stream_open_wrapper(filename, "rb", REPORT_ERRORS, NULL);
+  if (!stream) {
+    sp_log_err("hash_computation", "Can not open the file %s to compute its hash.\n", filename);
+    return -1;
+  }
+
+  PHP_SHA256Init(&context);
+  while ((n = php_stream_read(stream, (char*)buf, sizeof(buf))) > 0) {
+    PHP_SHA256Update(&context, buf, n);
+  }
+  PHP_SHA256Final(digest, &context);
+  php_stream_close(stream);
+  make_digest_ex(file_hash, digest, SHA256_SIZE);
+  return 0;
+}
+
+static void construct_filename(char* filename, const char* folder) {
+  time_t t = time(NULL);
+  struct tm* tm = localtime(&t);  // FIXME use `localtime_r` instead
+  struct timeval tval;
+  struct stat st = {0};
+
+  if (-1 == stat(folder, &st)) {
+    mkdir(folder, 0700);
+  }
+
+  memcpy(filename, folder, strlen(folder));
+  strcat(filename, "sp_dump_");
+  strftime(filename + strlen(filename), 27, "%F_%T:", tm);
+  gettimeofday(&tval, NULL);
+  sprintf(filename + strlen(filename), "%04ld", tval.tv_usec);
+  strcat(filename, "_");
+
+  char* remote_addr = getenv("REMOTE_ADDR");
+  if (remote_addr) {
+    strcat(filename, remote_addr);
+  } else {
+    strcat(filename, "0.0.0.0");
+  }
+  strcat(filename, ".dump");
+}
+
+int sp_log_request(const char* folder) {
+  FILE* file;
+  const char* current_filename = zend_get_executed_filename(TSRMLS_C);
+  const int current_line = zend_get_executed_lineno(TSRMLS_C);
+  char filename[MAX_FOLDER_LEN] = {0};
+  const struct {
+    const char* str;
+    const int key;
+  } zones[] = {{"GET", TRACK_VARS_GET},       {"POST", TRACK_VARS_POST},
+               {"COOKIE", TRACK_VARS_COOKIE}, {"SERVER", TRACK_VARS_SERVER},
+               {"ENV", TRACK_VARS_ENV},       {NULL, 0}};
+
+  construct_filename(filename, folder);
+  if (NULL == (file = fopen(filename, "a"))) {
+    sp_log_err("request_logging", "Unable to open %s", filename);
+    return -1;
+  }
+
+  fprintf(file, "%s:%d\n", current_filename, current_line);
+  for (size_t i = 0; i < (sizeof(zones) / sizeof(zones[0])) - 1; i++) {
+    zval* variable_value;
+    zend_string* variable_key;
+    size_t params_len = strlen(zones[i].str) + 1;
+    char* param;
+    size_t size_max = 2048;
+
+    if (Z_TYPE(PG(http_globals)[zones[i].key]) == IS_UNDEF) {
+      continue;
+    }
+
+    const HashTable* ht = Z_ARRVAL(PG(http_globals)[zones[i].key]);
+
+    // Compute the size of the allocation
+    ZEND_HASH_FOREACH_STR_KEY_VAL(ht, variable_key, variable_value) {
+      params_len += snprintf(NULL, 0, "%s=%s&", ZSTR_VAL(variable_key),
+                             Z_STRVAL_P(variable_value));
+    }
+    ZEND_HASH_FOREACH_END();
+
+    params_len = params_len>size_max?size_max:params_len;
+
+#define NCAT_AND_DEC(a, b, c) strncat(a, b, c); c -= strlen(b);
+
+    // Allocate and copy the data
+    // FIXME Why are we even allocating?
+    param = pecalloc(params_len, 1, 0);
+    NCAT_AND_DEC(param, zones[i].str, params_len);
+    NCAT_AND_DEC(param, ":", params_len);
+    ZEND_HASH_FOREACH_STR_KEY_VAL(ht, variable_key, variable_value) {
+      NCAT_AND_DEC(param, ZSTR_VAL(variable_key), params_len);
+      NCAT_AND_DEC(param, "=", params_len);
+      NCAT_AND_DEC(param, Z_STRVAL_P(variable_value), params_len);
+      NCAT_AND_DEC(param, "&", params_len);
+    }
+    ZEND_HASH_FOREACH_END();
+
+    param[strlen(param) - 1] = '\0';
+
+    fputs(param, file);
+    fputs("\n", file);
+  }
+  fclose(file);
+
+#undef CAT_AND_DEC
+  return 0;
+}
+
+static char *zv_str_to_char(zval *zv) {
+  zval copy;
+  char *ret;
+
+
+  ZVAL_ZVAL(&copy, zv, 1, 0);
+  //  str = zend_string_dup(Z_STR_P(zv), 0);
+  for (size_t i = 0; i < Z_STRLEN(copy); i++) {
+    if (Z_STRVAL(copy)[i] == '\0') {
+      Z_STRVAL(copy)[i] = '0';
+    }
+  }
+  ret = estrdup(Z_STRVAL(copy));
+  //  zend_string_release(str);
+  return ret;  
+}
+
+
+char* sp_convert_to_string(zval* zv) {
+  switch (Z_TYPE_P(zv)) {
+    case IS_FALSE:
+      return estrdup("FALSE");
+    case IS_TRUE:
+      return estrdup("TRUE");
+    case IS_NULL:
+      return estrdup("NULL");
+    case IS_LONG: {
+        char *msg;
+        spprintf(&msg, 0, ZEND_LONG_FMT, Z_LVAL_P(zv));
+        return msg;
+      }
+    case IS_DOUBLE: {
+        char *msg;
+        spprintf(&msg, 0, "%f", Z_DVAL_P(zv));
+        return msg;
+      }
+    case IS_STRING:{
+      return zv_str_to_char(zv);
+      }
+    case IS_OBJECT:
+      return estrdup("OBJECT");
+    case IS_ARRAY:
+      return estrdup("ARRAY");
+    case IS_RESOURCE:
+      return estrdup("RESOURCE");
+  }
+  return estrdup("");
+}
+
+bool sp_match_value(const char* value, const char* to_match, const pcre* rx) {
+  if (to_match) {
+    if (0 == strcmp(value, to_match)) {
+      return true;
+    }
+  } else if (rx) {
+    int substrvec[30];
+    int ret = pcre_exec(rx, NULL, value, strlen(value), 0, 0, substrvec, 30);
+
+    if (ret < 0) {
+      if (ret != PCRE_ERROR_NOMATCH) {
+        sp_log_err("regexp", "Something went wrong with a regexp.");
+        return false;
+      }
+      return false;
+    }
+    return true;
+  }
+  return false;
+}
+
+void sp_log_disable(const char* restrict path, const char* restrict arg_name,
+                    const char* restrict arg_value,
+                    const sp_disabled_function* config_node) {
+  const char* dump = config_node->dump;
+  const char* alias = config_node->alias;
+  const int sim = config_node->simulation;
+  if (arg_name) {
+    if (alias) {
+      sp_log_msg("disabled_function", sim?LOG_NOTICE:LOG_DROP,
+          "The call to the function '%s' in %s:%d has been disabled, "
+          "because its argument '%s' content (%s) matched the rule '%s'.",
+          path, zend_get_executed_filename(TSRMLS_C),
+          zend_get_executed_lineno(TSRMLS_C), arg_name, arg_value?arg_value:"?",
+           alias);
+    } else {
+      sp_log_msg("disabled_function", sim?LOG_NOTICE:LOG_DROP,
+          "The call to the function '%s' in %s:%d has been disabled, "
+          "because its argument '%s' content (%s) matched a rule.",
+          path, zend_get_executed_filename(TSRMLS_C),
+          zend_get_executed_lineno(TSRMLS_C), arg_name,
+           arg_value?arg_value:"?");
+    }
+  } else {
+    if (alias) {
+      sp_log_msg("disabled_function", sim?LOG_NOTICE:LOG_DROP,
+          "The call to the function '%s' in %s:%d has been disabled, "
+          "because of the the rule '%s'.",path,
+          zend_get_executed_filename(TSRMLS_C),
+          zend_get_executed_lineno(TSRMLS_C), alias);
+    } else {
+      sp_log_msg("disabled_function", sim?LOG_NOTICE:LOG_DROP,
+                 "The call to the function '%s' in %s:%d has been disabled.",
+                                 path, zend_get_executed_filename(TSRMLS_C),
+                 zend_get_executed_lineno(TSRMLS_C));
+    }
+  }
+  if (dump) {
+    sp_log_request(config_node->dump);
+  }
+}
+
+void sp_log_disable_ret(const char* restrict path,
+                        const char* restrict ret_value,
+                        const sp_disabled_function* config_node) {
+  const char* dump = config_node->dump;
+  const char* alias = config_node->alias;
+  const int sim = config_node->simulation;
+  if (alias) {
+    sp_log_msg("disabled_function", sim?LOG_NOTICE:LOG_DROP,
+        "The execution has been aborted in %s:%d, "
+        "because the function '%s' returned '%s', which matched the rule '%s'.",
+        zend_get_executed_filename(TSRMLS_C),
+        zend_get_executed_lineno(TSRMLS_C), path, ret_value?ret_value:"?", alias);
+  } else {
+    sp_log_msg("disabled_function", sim?LOG_NOTICE:LOG_DROP,
+        "The execution has been aborted in %s:%d, "
+        "because the return value (%s) of the function '%s' matched a rule.",
+        zend_get_executed_filename(TSRMLS_C),
+        zend_get_executed_lineno(TSRMLS_C), ret_value?ret_value:"?", path);
+  }
+  if (dump) {
+    sp_log_request(dump);
+  }
+}
+
+int sp_match_array_key(const zval* zv, const char* to_match, const pcre* rx) {
+  zend_string* key;
+  zval* value;
+  char* arg_value_str;
+
+  ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zv), key, value) {
+    if (Z_TYPE_P(value) == IS_ARRAY) {
+      continue;
+    }
+    arg_value_str = sp_convert_to_string(value);
+    if (!sp_match_value(arg_value_str, to_match, rx)) {
+      efree(arg_value_str);
+      continue;
+    } else {
+      efree(arg_value_str);
+      return 1;
+    }
+  }
+  ZEND_HASH_FOREACH_END();
+
+  (void)key;  // silence a compiler warning
+
+  return 0;
+}
+
+int sp_match_array_key_recurse(const zval* arr, sp_node_t* keys,
+                               const char* to_match, const pcre* rx) {
+  zend_string* key;
+  zval* value;
+  sp_node_t* current = keys;
+  if (current == NULL) {
+    return 0;
+  }
+  ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(arr), key, value) {
+    if (Z_TYPE_P(value) == IS_ARRAY && !strcmp(ZSTR_VAL(key), current->data)) {
+      return sp_match_array_key_recurse(value, current->next, to_match, rx);
+    }
+    if (!strcmp(ZSTR_VAL(key), current->data) && current->next == NULL) {
+      if (!to_match && !rx) {
+        return 1;
+      }
+      if (Z_TYPE_P(value) == IS_ARRAY) {
+        return sp_match_array_key(value, to_match, rx);
+      } else {
+        char *value_str = sp_convert_to_string(value);
+        if (sp_match_value(value_str, to_match, rx)) {
+          efree(value_str);
+          return 1;
+        } else {
+          efree (value_str);
+          return 0;
+        }
+      }
+    }
+  }
+  ZEND_HASH_FOREACH_END();
+  return 0;
+}
+
+zend_always_inline char* sp_getenv(char* var) {
+  if (sapi_module.getenv) {
+    return sapi_module.getenv(ZEND_STRL(var));
+  } else {
+    return getenv(var);
+  }
+}
+
+zend_always_inline int is_regexp_matching(const pcre* regexp, const char* str) {
+  int vec[30];
+  int ret = pcre_exec(regexp, NULL, str, strlen(str), 0, 0, vec, sizeof(vec));
+  if (ret < 0) {
+    if (ret != PCRE_ERROR_NOMATCH) {
+      sp_log_err("regexp", "Something went wrong with a regexp.");
+    }
+    return false;
+  }
+  return true;
+}
+
+int hook_function(const char* original_name, HashTable* hook_table,
+                  void (*new_function)(INTERNAL_FUNCTION_PARAMETERS),
+                  bool hook_execution_table) {
+  zend_internal_function* func;
+  HashTable *ht = hook_execution_table==true?EG(function_table):CG(function_table);
+
+  /* The `mb` module likes to hook functions, like strlen->mb_strlen,
+   * so we have to hook both of them. */
+  if (0 == strncmp(original_name, "mb_", 3)) {
+    CG(compiler_options) |= ZEND_COMPILE_NO_BUILTIN_STRLEN;
+    if (zend_hash_str_find(ht,
+                           VAR_AND_LEN(original_name + 3))) {
+      hook_function(original_name + 3, hook_table, new_function, hook_execution_table);
+    }
+  } else {  // TODO this can be moved somewhere else to gain some marginal perfs
+    CG(compiler_options) |= ZEND_COMPILE_NO_BUILTIN_STRLEN;
+    char* mb_name = pecalloc(strlen(original_name) + 3 + 1, 1, 0);
+    memcpy(mb_name, "mb_", 3);
+    memcpy(mb_name + 3, VAR_AND_LEN(original_name));
+    if (zend_hash_str_find(CG(function_table), VAR_AND_LEN(mb_name))) {
+      hook_function(mb_name, hook_table, new_function, hook_execution_table);
+    }
+  }
+
+  if ((func = zend_hash_str_find_ptr(CG(function_table),
+                                     VAR_AND_LEN(original_name)))) {
+    if (func->handler == new_function) {
+      /* Success !*/
+    } else if (zend_hash_str_add_new_ptr((hook_table),
+                                         VAR_AND_LEN(original_name),
+                                         func->handler) == NULL) {
+      sp_log_err("function_pointer_saving",
+                          "Could not save function pointer for %s", original_name);
+      return FAILURE;
+    } else {
+      func->handler = new_function;
+    }
+  }
+  return SUCCESS;
+}
+
+int hook_regexp(const pcre* regexp, HashTable* hook_table,
+                void (*new_function)(INTERNAL_FUNCTION_PARAMETERS),
+                bool hook_execution_table) {
+  zend_string* key;
+  HashTable *ht = hook_execution_table==true?EG(function_table):CG(function_table);
+
+  ZEND_HASH_FOREACH_STR_KEY(ht, key) {
+    if (key) {
+      int vec[30];
+      int ret = pcre_exec(regexp, NULL, key->val, key->len, 0, 0, vec, 30);
+      if (ret < 0) { /* Error or no match*/
+        if (PCRE_ERROR_NOMATCH != ret) {
+          sp_log_err("pcre", "Runtime error with pcre, error code: %d", ret);
+          return FAILURE;
+        }
+        continue;
+      }
+      hook_function(key->val, hook_table, new_function, hook_execution_table);
+    }
+  }
+  ZEND_HASH_FOREACH_END();
+  return SUCCESS;
+}
diff --git a/src/sp_utils.h b/src/sp_utils.h
new file mode 100644
index 0000000..37dd2c0
--- /dev/null
+++ b/src/sp_utils.h
@@ -0,0 +1,68 @@
+#ifndef SP_UTILS_H
+#define SP_UTILS_H
+
+#include "sp_config.h"
+#include "sp_list.h"
+
+#if defined(__GNUC__)
+# if __GNUC__ >= 3
+#  define sp_pure __attribute__((pure))
+#  define sp_const __attribute__((const))
+# else
+#  define sp_pure
+#  define sp_const
+# endif
+#endif
+/* The dump filename are of the form
+ * `sp_dump_DATE_IPADDR.dump`, with:
+ * - DATE being the output of asctime, 26 chars long
+ * - IP_ADDR being an IP adress, with a maximum size of 15
+ *
+ *   We keep one char for the terminal \0, and one for the leading slash.
+ */
+
+#define MAX_FOLDER_LEN                                        \
+  PATH_MAX - 1 - sizeof("sp_dump_") - 26 - sizeof("_") - 15 - \
+      sizeof(".dump") - 1
+
+#define VAR_AND_LEN(var) var, strlen(var)
+
+#define SHA256_SIZE 32
+
+#define HOOK_FUNCTION(original_name, hook_table, new_function, execution) \
+  hook_function(original_name, SNUFFLEUPAGUS_G(hook_table), new_function, execution)
+
+#define HOOK_FUNCTION_BY_REGEXP(regexp, hook_table, new_function, execution) \
+  hook_regexp(regexp, SNUFFLEUPAGUS_G(hook_table), new_function, execution)
+
+#define LOG_NOTICE "notice"
+#define LOG_DROP "drop"
+#define LOG_DEBUG "debug"
+#define LOG_ERROR "error"
+
+#define sp_log_err(feature, ...) sp_log_msg(feature, LOG_ERROR, __VA_ARGS__)
+#ifdef SP_DEBUG
+    #define sp_log_debug(...) sp_log_msg("DEBUG", LOG_DEBUG, __VA_ARGS__)
+#else
+    #define sp_log_debug(...)
+#endif
+
+void sp_log_msg(char const *feature, char const *level, const char* fmt, ...);
+int compute_hash(const char *const filename, char *file_hash);
+char *sp_convert_to_string(zval *);
+bool sp_match_value(const char *, const char *, const pcre *);
+int sp_match_array_key(const zval *, const char *, const pcre *);
+int sp_match_array_key_recurse(const zval *, sp_node_t *, const char *,
+                               const pcre *);
+void sp_log_disable(const char *restrict, const char *restrict,
+                    const char *restrict, const sp_disabled_function *);
+void sp_log_disable_ret(const char *restrict, const char *restrict,
+                        const sp_disabled_function *);
+char *sp_getenv(char *);
+int is_regexp_matching(const pcre *, const char *);
+int hook_function(const char *, HashTable *,
+                  void (*)(INTERNAL_FUNCTION_PARAMETERS), bool);
+int hook_regexp(const pcre *, HashTable *,
+                void (*)(INTERNAL_FUNCTION_PARAMETERS), bool);
+
+#endif /* SP_UTILS_H */
diff --git a/src/tests/broken_conf.phpt b/src/tests/broken_conf.phpt
new file mode 100644
index 0000000..ae0ef6e
--- /dev/null
+++ b/src/tests/broken_conf.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration prefix for 'this is a broken line'.
+
diff --git a/src/tests/broken_conf2.phpt b/src/tests/broken_conf2.phpt
new file mode 100644
index 0000000..88a2232
--- /dev/null
+++ b/src/tests/broken_conf2.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf2.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration section 'sp.wrong'.
diff --git a/src/tests/broken_conf_config_regexp.phpt b/src/tests/broken_conf_config_regexp.phpt
new file mode 100644
index 0000000..75bc603
--- /dev/null
+++ b/src/tests/broken_conf_config_regexp.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_config_regexp.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Failed to compile '*.': nothing to repeat.
+[snuffleupagus][0.0.0.0][config][error] '.filename_r()' is expecting a valid regexp, and not '"*."'.
diff --git a/src/tests/broken_conf_enable_disable.phpt b/src/tests/broken_conf_enable_disable.phpt
new file mode 100644
index 0000000..2f3fe19
--- /dev/null
+++ b/src/tests/broken_conf_enable_disable.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Global strict mode
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/borken_conf_enable_disable.ini
+--FILE--
+--EXPECTF--
+[snuffleupagus][0.0.0.0][config][error] A rule can't be enabled and disabled.
diff --git a/src/tests/broken_conf_expecting_bool.phpt b/src/tests/broken_conf_expecting_bool.phpt
new file mode 100644
index 0000000..80e1b61
--- /dev/null
+++ b/src/tests/broken_conf_expecting_bool.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bad boolean value in configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_expecting_bool.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Trailing chars '337);' at the end of '.enable(1337);'.
diff --git a/src/tests/broken_conf_expecting_int.phpt b/src/tests/broken_conf_expecting_int.phpt
new file mode 100644
index 0000000..e806337
--- /dev/null
+++ b/src/tests/broken_conf_expecting_int.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bad integer value in configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_expecting_int.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][error][error] .mask_ipv4() is expecting a valid integer.
diff --git a/src/tests/broken_conf_invalid_cidr.phpt b/src/tests/broken_conf_invalid_cidr.phpt
new file mode 100644
index 0000000..515091b
--- /dev/null
+++ b/src/tests/broken_conf_invalid_cidr.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_invalid_cidr.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] '42' isn't a valid ipv4 mask.
diff --git a/src/tests/broken_conf_invalid_cidr6.phpt b/src/tests/broken_conf_invalid_cidr6.phpt
new file mode 100644
index 0000000..d20cfcd
--- /dev/null
+++ b/src/tests/broken_conf_invalid_cidr6.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] 'ZZZ' isn't a valid network mask.
diff --git a/src/tests/broken_conf_invalid_cidr6_no_slash.phpt b/src/tests/broken_conf_invalid_cidr6_no_slash.phpt
new file mode 100644
index 0000000..de70a05
--- /dev/null
+++ b/src/tests/broken_conf_invalid_cidr6_no_slash.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration, invalid cidr for ipv6 because there is no `/` in it
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_no_slash.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] '2001:0db8:0000:0000:0000:ff00:0042:8329' isn't a valid network mask, it seems that you forgot a '/'.
diff --git a/src/tests/broken_conf_invalid_cidr6_too_big.phpt b/src/tests/broken_conf_invalid_cidr6_too_big.phpt
new file mode 100644
index 0000000..47d4a5d
--- /dev/null
+++ b/src/tests/broken_conf_invalid_cidr6_too_big.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration, cidr for ipv6 is too big, that will `mod` to 25.
+(13337%128 = 25)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_too_big.ini
+--FILE--
+--EXPECT--
diff --git a/src/tests/broken_conf_invalid_cidr_value.phpt b/src/tests/broken_conf_invalid_cidr_value.phpt
new file mode 100644
index 0000000..712f123
--- /dev/null
+++ b/src/tests/broken_conf_invalid_cidr_value.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Broken configuration, invalid cidr value
+(13337%128 = 25)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_invalid_cidr_value.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][error][error] There is an issue with the parsing of '"': it doesn't look like a valid string.
+[snuffleupagus][0.0.0.0][config][error] " doesn't contain a valid cidr.
diff --git a/src/tests/broken_conf_invalid_type.phpt b/src/tests/broken_conf_invalid_type.phpt
new file mode 100644
index 0000000..29d2ff5
--- /dev/null
+++ b/src/tests/broken_conf_invalid_type.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken conf with wrong type
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_invalid_type.ini
+--FILE--
+--EXPECTF--
+[snuffleupagus][0.0.0.0][error][error] There is an issue with the parsing of '"totally_wrong"_type")': it doesn't look like a valid string.
diff --git a/src/tests/broken_conf_line_empty_string.phpt b/src/tests/broken_conf_line_empty_string.phpt
new file mode 100644
index 0000000..c4334b9
--- /dev/null
+++ b/src/tests/broken_conf_line_empty_string.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Configuration line with an empty string
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_line_empty_string.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][error][error] There is an issue with the parsing of '': it doesn't look like a valid string.
diff --git a/src/tests/broken_conf_line_no_closing.phpt b/src/tests/broken_conf_line_no_closing.phpt
new file mode 100644
index 0000000..07c94e4
--- /dev/null
+++ b/src/tests/broken_conf_line_no_closing.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Configuration line without closing parenthese
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_line_no_closing.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][error][error] There is an issue with the parsing of '"123"': it doesn't look like a valid string.
diff --git a/src/tests/broken_conf_line_too_long.phpt b/src/tests/broken_conf_line_too_long.phpt
new file mode 100644
index 0000000..8e82708
--- /dev/null
+++ b/src/tests/broken_conf_line_too_long.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Line too long in configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_line_too_long.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] The following line is too long: 1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111);.
+[snuffleupagus][0.0.0.0][error][error] .mask_ipv4() is expecting a valid integer.
diff --git a/src/tests/broken_conf_lots_of_quotes.phpt b/src/tests/broken_conf_lots_of_quotes.phpt
new file mode 100644
index 0000000..e877cfa
--- /dev/null
+++ b/src/tests/broken_conf_lots_of_quotes.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Configuration line with too many quotes
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_lots_of_quotes.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][error][error] There is an issue with the parsing of '"this\"is a weird\"\"\"cookie\"name"");': it doesn't look like a valid string.
diff --git a/src/tests/broken_conf_mutually_exclusive.phpt b/src/tests/broken_conf_mutually_exclusive.phpt
new file mode 100644
index 0000000..9de7e5a
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();':'.value' and '.regexp' are mutually exclusives.
\ No newline at end of file
diff --git a/src/tests/broken_conf_mutually_exclusive2.phpt b/src/tests/broken_conf_mutually_exclusive2.phpt
new file mode 100644
index 0000000..9d3ea36
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive2.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive2.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.r_function' and '.function' are mutually exclusive.
\ No newline at end of file
diff --git a/src/tests/broken_conf_mutually_exclusive3.phpt b/src/tests/broken_conf_mutually_exclusive3.phpt
new file mode 100644
index 0000000..58686a3
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive3.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive3.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();':'.r_filename' and '.filename' are mutually exclusive.
\ No newline at end of file
diff --git a/src/tests/broken_conf_mutually_exclusive4.phpt b/src/tests/broken_conf_mutually_exclusive4.phpt
new file mode 100644
index 0000000..d854380
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive4.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive4.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();':'.r_param' and '.param' are mutually exclusive.
\ No newline at end of file
diff --git a/src/tests/broken_conf_mutually_exclusive5.phpt b/src/tests/broken_conf_mutually_exclusive5.phpt
new file mode 100644
index 0000000..a265c30
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive5.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive5.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");':'.r_ret' and '.ret' are mutually exclusive.
\ No newline at end of file
diff --git a/src/tests/broken_conf_mutually_exclusive6.phpt b/src/tests/broken_conf_mutually_exclusive6.phpt
new file mode 100644
index 0000000..d0cdb85
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive6.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive6.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();':`ret` and `param` are mutually exclusives.
\ No newline at end of file
diff --git a/src/tests/broken_conf_mutually_exclusive7.phpt b/src/tests/broken_conf_mutually_exclusive7.phpt
new file mode 100644
index 0000000..c9a3513
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive7.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive7.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().allow();': The rule must either be a `drop` or and `allow` one.
\ No newline at end of file
diff --git a/src/tests/broken_conf_mutually_exclusive8.phpt b/src/tests/broken_conf_mutually_exclusive8.phpt
new file mode 100644
index 0000000..7c5baee
--- /dev/null
+++ b/src/tests/broken_conf_mutually_exclusive8.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive8.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.ret("0").drop();': must take a function name.
\ No newline at end of file
diff --git a/src/tests/broken_conf_no_closing_misc.phpt b/src/tests/broken_conf_no_closing_misc.phpt
new file mode 100644
index 0000000..1d1e112
--- /dev/null
+++ b/src/tests/broken_conf_no_closing_misc.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Configuration line without closing parenthese, misc
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_no_closing_misc.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Missing closing ) in line 123.
+[snuffleupagus][0.0.0.0][error][error] .mask_ipv4() is expecting a valid integer.
diff --git a/src/tests/broken_conf_weird_keyword.phpt b/src/tests/broken_conf_weird_keyword.phpt
new file mode 100644
index 0000000..5293791
--- /dev/null
+++ b/src/tests/broken_conf_weird_keyword.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bad config, unknown keyword
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_weird_keyword.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][config][error] Trailing chars '.not_a_valid_keyword("test");' at the end of '.enable().not_a_valid_keyword("test");'.
\ No newline at end of file
diff --git a/src/tests/broken_conf_wrong_quotes.phpt b/src/tests/broken_conf_wrong_quotes.phpt
new file mode 100644
index 0000000..b6324fe
--- /dev/null
+++ b/src/tests/broken_conf_wrong_quotes.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Configuration line with too many quotes
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_wrong_quotes.ini
+--FILE--
+--EXPECT--
+[snuffleupagus][0.0.0.0][error][error] There is an issue with the parsing of '"\)': it doesn't look like a valid string.
diff --git a/src/tests/broken_conf_wrong_type.phpt b/src/tests/broken_conf_wrong_type.phpt
new file mode 100644
index 0000000..338ca3a
--- /dev/null
+++ b/src/tests/broken_conf_wrong_type.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken conf with wrong type
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_wrong_type.ini
+--FILE--
+--EXPECTF--
+[snuffleupagus][0.0.0.0][error][error] .ret_type() is expecting a valid php type ('false', 'true', 'array'. 'object', 'long', 'double', 'null', 'resource', 'reference', 'undef').
diff --git a/src/tests/broken_regexp.phpt b/src/tests/broken_regexp.phpt
new file mode 100644
index 0000000..cbfef7d
--- /dev/null
+++ b/src/tests/broken_regexp.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Broken regexp
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_regexp.ini
+--FILE--
+--EXPECTF--
+[snuffleupagus][0.0.0.0][config][error] '.value_r()' is expecting a valid regexp, and not '"^$["'.
diff --git a/src/tests/config/borken_conf_enable_disable.ini b/src/tests/config/borken_conf_enable_disable.ini
new file mode 100644
index 0000000..4e95294
--- /dev/null
+++ b/src/tests/config/borken_conf_enable_disable.ini
@@ -0,0 +1 @@
+sp.global_strict.disable().enable();
diff --git a/src/tests/config/broken_conf.ini b/src/tests/config/broken_conf.ini
new file mode 100644
index 0000000..0595320
--- /dev/null
+++ b/src/tests/config/broken_conf.ini
@@ -0,0 +1 @@
+this is a broken line
diff --git a/src/tests/config/broken_conf2.ini b/src/tests/config/broken_conf2.ini
new file mode 100644
index 0000000..fdb6b8f
--- /dev/null
+++ b/src/tests/config/broken_conf2.ini
@@ -0,0 +1 @@
+sp.wrong
diff --git a/src/tests/config/broken_conf_expecting_bool.ini b/src/tests/config/broken_conf_expecting_bool.ini
new file mode 100644
index 0000000..51c28b2
--- /dev/null
+++ b/src/tests/config/broken_conf_expecting_bool.ini
@@ -0,0 +1,5 @@
+    # this is an example of broken conf
+
+
+     ; this is another comment
+sp.harden_random.enable(1337);
diff --git a/src/tests/config/broken_conf_expecting_int.ini b/src/tests/config/broken_conf_expecting_int.ini
new file mode 100644
index 0000000..8e2efea
--- /dev/null
+++ b/src/tests/config/broken_conf_expecting_int.ini
@@ -0,0 +1,2 @@
+sp.global.secret_key("abcdef");
+sp.cookie_encryption.cookie("super_cookie").mask_ipv4(abc);
diff --git a/src/tests/config/broken_conf_invalid_cidr.ini b/src/tests/config/broken_conf_invalid_cidr.ini
new file mode 100644
index 0000000..0cdc695
--- /dev/null
+++ b/src/tests/config/broken_conf_invalid_cidr.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().cidr("127.0.0.1/42");
diff --git a/src/tests/config/broken_conf_invalid_cidr6.ini b/src/tests/config/broken_conf_invalid_cidr6.ini
new file mode 100644
index 0000000..e5a120c
--- /dev/null
+++ b/src/tests/config/broken_conf_invalid_cidr6.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().cidr("2001:0db8:0000:0000:0000:ff00:0042:8329/ZZZ");
diff --git a/src/tests/config/broken_conf_invalid_cidr6_no_slash.ini b/src/tests/config/broken_conf_invalid_cidr6_no_slash.ini
new file mode 100644
index 0000000..e4cf835
--- /dev/null
+++ b/src/tests/config/broken_conf_invalid_cidr6_no_slash.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().cidr("2001:0db8:0000:0000:0000:ff00:0042:8329");
diff --git a/src/tests/config/broken_conf_invalid_cidr6_too_big.ini b/src/tests/config/broken_conf_invalid_cidr6_too_big.ini
new file mode 100644
index 0000000..417dee7
--- /dev/null
+++ b/src/tests/config/broken_conf_invalid_cidr6_too_big.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().cidr("2001:0db8:0000:0000:0000:ff00:0042:8329/13337");
diff --git a/src/tests/config/broken_conf_invalid_cidr_value.ini b/src/tests/config/broken_conf_invalid_cidr_value.ini
new file mode 100644
index 0000000..733e889
--- /dev/null
+++ b/src/tests/config/broken_conf_invalid_cidr_value.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().cidr("
diff --git a/src/tests/config/broken_conf_invalid_type.ini b/src/tests/config/broken_conf_invalid_type.ini
new file mode 100644
index 0000000..b2cd8cd
--- /dev/null
+++ b/src/tests/config/broken_conf_invalid_type.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("strpos").ret_type("totally_wrong"_type")
diff --git a/src/tests/config/broken_conf_line_empty_string.ini b/src/tests/config/broken_conf_line_empty_string.ini
new file mode 100644
index 0000000..74d0e5a
--- /dev/null
+++ b/src/tests/config/broken_conf_line_empty_string.ini
@@ -0,0 +1 @@
+sp.cookie_encryption.mask_ipv4(123).cookie(
diff --git a/src/tests/config/broken_conf_line_no_closing.ini b/src/tests/config/broken_conf_line_no_closing.ini
new file mode 100644
index 0000000..bcac291
--- /dev/null
+++ b/src/tests/config/broken_conf_line_no_closing.ini
@@ -0,0 +1 @@
+sp.cookie_encryption.mask_ipv4(123).cookie("123"
diff --git a/src/tests/config/broken_conf_line_too_long.ini b/src/tests/config/broken_conf_line_too_long.ini
new file mode 100644
index 0000000..ed057a5
--- /dev/null
+++ b/src/tests/config/broken_conf_line_too_long.ini
@@ -0,0 +1 @@
+sp.cookie_encryption.cookie("super_cookie").mask_ipv4(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111);
diff --git a/src/tests/config/broken_conf_lots_of_quotes.ini b/src/tests/config/broken_conf_lots_of_quotes.ini
new file mode 100644
index 0000000..dfd48e7
--- /dev/null
+++ b/src/tests/config/broken_conf_lots_of_quotes.ini
@@ -0,0 +1 @@
+sp.cookie_encryption.mask_ipv4(123).cookie("this\"is a weird\"\"\"cookie\"name"");
diff --git a/src/tests/config/broken_conf_mutually_exclusive.ini b/src/tests/config/broken_conf_mutually_exclusive.ini
new file mode 100644
index 0000000..af1d505
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").param("id").value("42").value_r("^id$").drop();
diff --git a/src/tests/config/broken_conf_mutually_exclusive2.ini b/src/tests/config/broken_conf_mutually_exclusive2.ini
new file mode 100644
index 0000000..29b21d4
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive2.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").function_r("system").param("id").value("42").drop();
diff --git a/src/tests/config/broken_conf_mutually_exclusive3.ini b/src/tests/config/broken_conf_mutually_exclusive3.ini
new file mode 100644
index 0000000..556de08
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive3.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();
diff --git a/src/tests/config/broken_conf_mutually_exclusive4.ini b/src/tests/config/broken_conf_mutually_exclusive4.ini
new file mode 100644
index 0000000..d212ad4
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive4.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").param("id").value("42").param_r("^id$").drop();
diff --git a/src/tests/config/broken_conf_mutually_exclusive5.ini b/src/tests/config/broken_conf_mutually_exclusive5.ini
new file mode 100644
index 0000000..5b64079
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive5.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").ret("0").drop().ret_r("^0$");
diff --git a/src/tests/config/broken_conf_mutually_exclusive6.ini b/src/tests/config/broken_conf_mutually_exclusive6.ini
new file mode 100644
index 0000000..d08ee58
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive6.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").param("id").value("42").ret_r("^0$").drop();
diff --git a/src/tests/config/broken_conf_mutually_exclusive7.ini b/src/tests/config/broken_conf_mutually_exclusive7.ini
new file mode 100644
index 0000000..645c26c
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive7.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").ret("0").drop().allow();
diff --git a/src/tests/config/broken_conf_mutually_exclusive8.ini b/src/tests/config/broken_conf_mutually_exclusive8.ini
new file mode 100644
index 0000000..b08ef57
--- /dev/null
+++ b/src/tests/config/broken_conf_mutually_exclusive8.ini
@@ -0,0 +1 @@
+sp.disable_functions.ret("0").drop();
diff --git a/src/tests/config/broken_conf_no_closing_misc.ini b/src/tests/config/broken_conf_no_closing_misc.ini
new file mode 100644
index 0000000..2cb79a8
--- /dev/null
+++ b/src/tests/config/broken_conf_no_closing_misc.ini
@@ -0,0 +1 @@
+sp.cookie_encryption.cookie("123").mask_ipv4(123
diff --git a/src/tests/config/broken_conf_to_few_args.ini b/src/tests/config/broken_conf_to_few_args.ini
new file mode 100644
index 0000000..89e19be
--- /dev/null
+++ b/src/tests/config/broken_conf_to_few_args.ini
@@ -0,0 +1 @@
+sp.harden_random.enable();
diff --git a/src/tests/config/broken_conf_weird_keyword.ini b/src/tests/config/broken_conf_weird_keyword.ini
new file mode 100644
index 0000000..bf5e7f5
--- /dev/null
+++ b/src/tests/config/broken_conf_weird_keyword.ini
@@ -0,0 +1 @@
+sp.harden_random.enable().not_a_valid_keyword("test");
diff --git a/src/tests/config/broken_conf_wrong_quotes.ini b/src/tests/config/broken_conf_wrong_quotes.ini
new file mode 100644
index 0000000..c8cc949
--- /dev/null
+++ b/src/tests/config/broken_conf_wrong_quotes.ini
@@ -0,0 +1 @@
+sp.cookie_encryption.mask_ipv4(123).cookie("\)
diff --git a/src/tests/config/broken_conf_wrong_type.ini b/src/tests/config/broken_conf_wrong_type.ini
new file mode 100644
index 0000000..6ecca6a
--- /dev/null
+++ b/src/tests/config/broken_conf_wrong_type.ini
@@ -0,0 +1,5 @@
+sp.disable_functions.function("strpos").ret_type("undef").drop().alias("Return value is undef");
+sp.disable_functions.function("strpos").ret_type("null").drop().alias("Return value is null");
+sp.disable_functions.function("strpos").ret_type("object").drop().alias("Return value is object");
+sp.disable_functions.function("strpos").ret_type("reference").drop().alias("Return value is reference");
+sp.disable_functions.function("strpos").ret_type("totally_wrong_type").drop().alias("Return value is FALSE");
diff --git a/src/tests/config/broken_config_regexp.ini b/src/tests/config/broken_config_regexp.ini
new file mode 100644
index 0000000..efad83e
--- /dev/null
+++ b/src/tests/config/broken_config_regexp.ini
@@ -0,0 +1 @@
+sp.disable_functions.function_r("^system$").filename_r("*.").drop();
diff --git a/src/tests/config/broken_regexp.ini b/src/tests/config/broken_regexp.ini
new file mode 100644
index 0000000..8e1f69a
--- /dev/null
+++ b/src/tests/config/broken_regexp.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("AwesomeClass::method3").param("a").drop().value_r("^$[");
diff --git a/src/tests/config/config_disable_writable.ini b/src/tests/config/config_disable_writable.ini
new file mode 100644
index 0000000..9f90601
--- /dev/null
+++ b/src/tests/config/config_disable_writable.ini
@@ -0,0 +1 @@
+  sp.readonly_exec.enable();
diff --git a/src/tests/config/config_disable_writable_disabled.ini b/src/tests/config/config_disable_writable_disabled.ini
new file mode 100644
index 0000000..6a33437
--- /dev/null
+++ b/src/tests/config/config_disable_writable_disabled.ini
@@ -0,0 +1 @@
+  sp.readonly_exec.disable();
diff --git a/src/tests/config/config_disable_writable_simulation.ini b/src/tests/config/config_disable_writable_simulation.ini
new file mode 100644
index 0000000..52a43ba
--- /dev/null
+++ b/src/tests/config/config_disable_writable_simulation.ini
@@ -0,0 +1 @@
+  sp.readonly_exec.enable().simulation();
diff --git a/src/tests/config/config_disabled_functions_filename_r.ini b/src/tests/config/config_disabled_functions_filename_r.ini
new file mode 100644
index 0000000..b92f136
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_filename_r.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function_r("^system$").filename_r("\\.txt$").drop();
+sp.disable_functions.function_r("^shell_exec$").filename_r("\\.php$").drop();
diff --git a/src/tests/config/config_disabled_functions_method.ini b/src/tests/config/config_disabled_functions_method.ini
new file mode 100644
index 0000000..4d088d2
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_method.ini
@@ -0,0 +1,3 @@
+sp.disable_functions.function("AwesomeClass::method1").drop();
+sp.disable_functions.function("method2").drop();
+sp.disable_functions.function("AwesomeClass::method3").param("a").value("pouet").drop();
diff --git a/src/tests/config/config_disabled_functions_name_r.ini b/src/tests/config/config_disabled_functions_name_r.ini
new file mode 100644
index 0000000..3f7178e
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_name_r.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function_r("^not_system$").ret("42").drop();
+sp.disable_functions.function_r("^system$").ret("1337").drop();
diff --git a/src/tests/config/config_disabled_functions_name_type.ini b/src/tests/config/config_disabled_functions_name_type.ini
new file mode 100644
index 0000000..2b433df
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_name_type.ini
@@ -0,0 +1 @@
+sp.disable_functions.function_r("^strcmp$").param("str1").param_type("array").drop();
diff --git a/src/tests/config/config_disabled_functions_namespace.ini b/src/tests/config/config_disabled_functions_namespace.ini
new file mode 100644
index 0000000..d09b81b
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_namespace.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function("strcmp").drop();
+sp.disable_functions.function("my_super_namespace::my_function").drop();
diff --git a/src/tests/config/config_disabled_functions_nul_byte.ini b/src/tests/config/config_disabled_functions_nul_byte.ini
new file mode 100644
index 0000000..7994583
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_nul_byte.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").param("command").value_r("id").drop();
\ No newline at end of file
diff --git a/src/tests/config/config_disabled_functions_param.ini b/src/tests/config/config_disabled_functions_param.ini
new file mode 100644
index 0000000..7363781
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param.ini
@@ -0,0 +1,6 @@
+sp.disable_functions.function("system").param("command").value_r("^id$").alias("1").drop();
+sp.disable_functions.function("array_sum").param("array").value_r("^8$").alias("2").drop();
+sp.disable_functions.function("shell_exec").param("cmd").value("id").alias("3").drop();
+sp.disable_functions.function("shell_exec").param("cmd").value("bla").alias("4").drop();
+sp.disable_functions.function("strcmp").param("str1").value("bla").alias("5").drop().simulation();
+sp.disable_functions.function("strncmp").param("str1").value("bla").drop().simulation();
diff --git a/src/tests/config/config_disabled_functions_param_alias.ini b/src/tests/config/config_disabled_functions_param_alias.ini
new file mode 100644
index 0000000..f8d9f43
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param_alias.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function("system").alias("1").drop();
+sp.disable_functions.function("shell_exec").alias("2").drop().simulation();
diff --git a/src/tests/config/config_disabled_functions_param_allow.ini b/src/tests/config/config_disabled_functions_param_allow.ini
new file mode 100644
index 0000000..e349b38
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param_allow.ini
@@ -0,0 +1,3 @@
+sp.disable_functions.function("system").param("command").value("echo win").filename("test.php").drop();
+sp.disable_functions.function("system").param("command").value("echo win").allow();
+sp.disable_functions.function("system").drop();
diff --git a/src/tests/config/config_disabled_functions_param_array.ini b/src/tests/config/config_disabled_functions_param_array.ini
new file mode 100644
index 0000000..7b71692
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param_array.ini
@@ -0,0 +1,4 @@
+sp.disable_functions.function("foo").param("arr").value("abcd").alias("1").drop();
+sp.disable_functions.function("foo").param("arr[bla]").value("abcdef").alias("2").drop();
+sp.disable_functions.function("foo").param("arr[test]").alias("3").drop();
+sp.disable_functions.function("foo").param("arr[test2][foo][lol]").value("aaa").alias("4").drop();
diff --git a/src/tests/config/config_disabled_functions_param_int.ini b/src/tests/config/config_disabled_functions_param_int.ini
new file mode 100644
index 0000000..2552f0a
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param_int.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function("foobar").param("id").value("42").drop();
+sp.disable_functions.function("foobar").param("id").value_r("^1337").drop();
diff --git a/src/tests/config/config_disabled_functions_param_r.ini b/src/tests/config/config_disabled_functions_param_r.ini
new file mode 100644
index 0000000..d9f6692
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param_r.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").param_r("^command$").value("id").drop();
diff --git a/src/tests/config/config_disabled_functions_param_runtime.ini b/src/tests/config/config_disabled_functions_param_runtime.ini
new file mode 100644
index 0000000..641bd0a
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param_runtime.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("test").param("param").value_r("1337").drop();
diff --git a/src/tests/config/config_disabled_functions_param_str_representation.ini b/src/tests/config/config_disabled_functions_param_str_representation.ini
new file mode 100644
index 0000000..7171a30
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_param_str_representation.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("var_export").param("var").value("bla").drop();
diff --git a/src/tests/config/config_disabled_functions_require.ini b/src/tests/config/config_disabled_functions_require.ini
new file mode 100644
index 0000000..474fada
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_require.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("require").param("").value_r("meh$").drop();
diff --git a/src/tests/config/config_disabled_functions_ret_allow.ini b/src/tests/config/config_disabled_functions_ret_allow.ini
new file mode 100644
index 0000000..1884227
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_ret_allow.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function("strpos").hash("70b33f3eaf585b245640bb2c92445d0040b2bcb31395aa25dede9f2df4dbcbe8").allow();
+sp.disable_functions.function("strpos").drop();
diff --git a/src/tests/config/config_disabled_functions_ret_allow_value.ini b/src/tests/config/config_disabled_functions_ret_allow_value.ini
new file mode 100644
index 0000000..e179819
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_ret_allow_value.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("strpos").ret("0").allow();
diff --git a/src/tests/config/config_disabled_functions_ret_right_hash.ini b/src/tests/config/config_disabled_functions_ret_right_hash.ini
new file mode 100644
index 0000000..6f49177
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_ret_right_hash.ini
@@ -0,0 +1,4 @@
+sp.disable_functions.function("system").ret("1").drop();
+sp.disable_functions.function("system").ret("1337").hash("123456789597a81a2b862cdb49920e2cba2e5979a3fc374c58c803e8f5c99a10").drop();
+sp.disable_functions.function("system").ret("1338").hash("522a976fa597a81a2b862cdb49920e2cba2e5979a3fc374c58c803e8f5c99a10").drop();
+sp.disable_functions.function("system").ret("1337").hash("522a976fa597a81a2b862cdb49920e2cba2e5979a3fc374c58c803e8f5c99a10").drop();
diff --git a/src/tests/config/config_disabled_functions_ret_simulation.ini b/src/tests/config/config_disabled_functions_ret_simulation.ini
new file mode 100644
index 0000000..ee46c4b
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_ret_simulation.ini
@@ -0,0 +1,3 @@
+sp.disable_functions.function("strpos").ret("0").simulation().drop();
+sp.disable_functions.function("stripos").ret("0").simulation().drop().alias("1");
+sp.disable_functions.function("strcmp").ret("0").drop();
diff --git a/src/tests/config/config_disabled_functions_right_hash.ini b/src/tests/config/config_disabled_functions_right_hash.ini
new file mode 100644
index 0000000..fab68fa
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_right_hash.ini
@@ -0,0 +1,3 @@
+sp.disable_functions.function("system").hash("1337c3ad8cf096272cd0e78768af3b11325f498de5c2c36f40adc43643af378a").allow();
+sp.disable_functions.function("system").hash("d259c3ad8cf096272cd0e78768af3b11325f498de5c2c36f40adc43643af378a").allow();
+sp.disable_functions.function("system").drop();
\ No newline at end of file
diff --git a/src/tests/config/config_disabled_user_functions.ini b/src/tests/config/config_disabled_user_functions.ini
new file mode 100644
index 0000000..15cbccc
--- /dev/null
+++ b/src/tests/config/config_disabled_user_functions.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("my_super_function").drop();
diff --git a/src/tests/config/config_encrypted_cookies.ini b/src/tests/config/config_encrypted_cookies.ini
new file mode 100644
index 0000000..710e863
--- /dev/null
+++ b/src/tests/config/config_encrypted_cookies.ini
@@ -0,0 +1,3 @@
+sp.global.secret_key("abcdef");
+sp.cookie_encryption.cookie("super_cookie").mask_ipv4(8).mask_ipv6(2);
+sp.auto_cookie_secure.enable();
diff --git a/src/tests/config/config_noncore_function_hooking.ini b/src/tests/config/config_noncore_function_hooking.ini
new file mode 100644
index 0000000..88f2acf
--- /dev/null
+++ b/src/tests/config/config_noncore_function_hooking.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("custom_fun").drop();
diff --git a/src/tests/config/config_rand_harden_disabled.ini b/src/tests/config/config_rand_harden_disabled.ini
new file mode 100644
index 0000000..b9cd227
--- /dev/null
+++ b/src/tests/config/config_rand_harden_disabled.ini
@@ -0,0 +1 @@
+sp.harden_random.disable();              
diff --git a/src/tests/config/config_serialize.ini b/src/tests/config/config_serialize.ini
new file mode 100644
index 0000000..f2c1699
--- /dev/null
+++ b/src/tests/config/config_serialize.ini
@@ -0,0 +1,2 @@
+sp.global.secret_key("abcdef");
+sp.unserialize_hmac.enable();
\ No newline at end of file
diff --git a/src/tests/config/config_serialize_sim.ini b/src/tests/config/config_serialize_sim.ini
new file mode 100644
index 0000000..7f015e0
--- /dev/null
+++ b/src/tests/config/config_serialize_sim.ini
@@ -0,0 +1,2 @@
+sp.global.secret_key("abcdef");
+sp.unserialize_hmac.enable().simulation();
diff --git a/src/tests/config/disable_xxe.ini b/src/tests/config/disable_xxe.ini
new file mode 100644
index 0000000..bc9d1f2
--- /dev/null
+++ b/src/tests/config/disable_xxe.ini
@@ -0,0 +1 @@
+sp.disable_xxe.enable();
diff --git a/src/tests/config/disable_xxe_disable.ini b/src/tests/config/disable_xxe_disable.ini
new file mode 100644
index 0000000..bb1e432
--- /dev/null
+++ b/src/tests/config/disable_xxe_disable.ini
@@ -0,0 +1 @@
+sp.disable_xxe.disable();
diff --git a/src/tests/config/disabled_function_local_var.ini b/src/tests/config/disabled_function_local_var.ini
new file mode 100644
index 0000000..64d98dc
--- /dev/null
+++ b/src/tests/config/disabled_function_local_var.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function("phpinfo").var("b").value("1337").drop();
+sp.disable_functions.function("strlen").var("a").value("1337").drop();
diff --git a/src/tests/config/disabled_function_super_global_var.ini b/src/tests/config/disabled_function_super_global_var.ini
new file mode 100644
index 0000000..e0c87e1
--- /dev/null
+++ b/src/tests/config/disabled_function_super_global_var.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("strlen").var("_GET[bla]").value("test2").drop();
diff --git a/src/tests/config/disabled_functions.ini b/src/tests/config/disabled_functions.ini
new file mode 100644
index 0000000..cf54164
--- /dev/null
+++ b/src/tests/config/disabled_functions.ini
@@ -0,0 +1,7 @@
+sp.disable_functions.function("system").drop();
+sp.disable_functions.function("vprintf").hash("123456789").drop();
+sp.disable_functions.function("printf").disable().drop();
+sp.disable_functions.function("printf").simulation().drop();
+sp.disable_functions.function("print").disable().drop();  # this is a comment
+sp.disable_functions.function_r("^var_dump$").drop();
+sp.disable_functions.function("sprintf").filename("wrong file name").drop();
diff --git a/src/tests/config/disabled_functions_cidr.ini b/src/tests/config/disabled_functions_cidr.ini
new file mode 100644
index 0000000..9e527ba
--- /dev/null
+++ b/src/tests/config/disabled_functions_cidr.ini
@@ -0,0 +1,4 @@
+sp.disable_functions.function("system").drop().cidr("127.0.0.1/8");
+sp.disable_functions.function("printf").drop().cidr("10.0.0.1/8");
+sp.disable_functions.function("strpos").drop().cidr("2001:0db8:0000:0000:0000:ff00:0042:8329/24");
+sp.disable_functions.function("printf").drop().cidr("2002:0db8:0000:0000:0000:ff00:0042:8329/24");
diff --git a/src/tests/config/disabled_functions_mb.ini b/src/tests/config/disabled_functions_mb.ini
new file mode 100644
index 0000000..b6afd97
--- /dev/null
+++ b/src/tests/config/disabled_functions_mb.ini
@@ -0,0 +1,2 @@
+sp.disable_functions.function("strlen").drop();
+sp.disable_functions.function("mb_strlen").drop();
diff --git a/src/tests/config/disabled_functions_ret.ini b/src/tests/config/disabled_functions_ret.ini
new file mode 100644
index 0000000..2b769a9
--- /dev/null
+++ b/src/tests/config/disabled_functions_ret.ini
@@ -0,0 +1,5 @@
+sp.disable_functions.function("testFunction").ret("0").drop().disable();
+sp.disable_functions.function("strpos").ret("0").drop().filename_r(".*\\.php");
+sp.disable_functions.function_r("str[ia]pos").ret_r("^[^a-z]+$").drop();
+sp.disable_functions.function_r("stripos").ret_r("^[^a-z]+").drop();
+sp.disable_functions.function("Bob::a").ret("0").drop();
diff --git a/src/tests/config/disabled_functions_ret_type.ini b/src/tests/config/disabled_functions_ret_type.ini
new file mode 100644
index 0000000..56c8e57
--- /dev/null
+++ b/src/tests/config/disabled_functions_ret_type.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("strpos").ret_type("false").drop().alias("Return value is FALSE");
diff --git a/src/tests/config/disabled_functions_ret_type_double.ini b/src/tests/config/disabled_functions_ret_type_double.ini
new file mode 100644
index 0000000..a1239d8
--- /dev/null
+++ b/src/tests/config/disabled_functions_ret_type_double.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("cos").ret_type("double").drop().alias("Return value is a double");
diff --git a/src/tests/config/disabled_functions_ret_type_long.ini b/src/tests/config/disabled_functions_ret_type_long.ini
new file mode 100644
index 0000000..6cccd4d
--- /dev/null
+++ b/src/tests/config/disabled_functions_ret_type_long.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("strlen").ret_type("long").drop().alias("Return value is a long");
diff --git a/src/tests/config/disabled_functions_ret_type_resource.ini b/src/tests/config/disabled_functions_ret_type_resource.ini
new file mode 100644
index 0000000..e81cf2c
--- /dev/null
+++ b/src/tests/config/disabled_functions_ret_type_resource.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("fopen").ret_type("resource").drop().alias("Return value is a resource");
diff --git a/src/tests/config/disabled_functions_ret_type_str.ini b/src/tests/config/disabled_functions_ret_type_str.ini
new file mode 100644
index 0000000..b3ff050
--- /dev/null
+++ b/src/tests/config/disabled_functions_ret_type_str.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("substr").ret_type("string").drop().alias("Return value is a string");
diff --git a/src/tests/config/disabled_functions_ret_type_true.ini b/src/tests/config/disabled_functions_ret_type_true.ini
new file mode 100644
index 0000000..02a37dd
--- /dev/null
+++ b/src/tests/config/disabled_functions_ret_type_true.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("is_numeric").ret_type("true").drop().alias("Return value is a true");
diff --git a/src/tests/config/disabled_functions_retval.ini b/src/tests/config/disabled_functions_retval.ini
new file mode 100644
index 0000000..20422e4
--- /dev/null
+++ b/src/tests/config/disabled_functions_retval.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("str_repeat").ret("fufufu").drop();
diff --git a/src/tests/config/disabled_functions_retval_rx.ini b/src/tests/config/disabled_functions_retval_rx.ini
new file mode 100644
index 0000000..ca2bce3
--- /dev/null
+++ b/src/tests/config/disabled_functions_retval_rx.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("str_repeat").ret_r("(fu){3}").drop();
diff --git a/src/tests/config/disabled_functions_zero_cidr.ini b/src/tests/config/disabled_functions_zero_cidr.ini
new file mode 100644
index 0000000..bba1af9
--- /dev/null
+++ b/src/tests/config/disabled_functions_zero_cidr.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().cidr("0.0.0.0/0");
diff --git a/src/tests/config/dump_request.ini b/src/tests/config/dump_request.ini
new file mode 100644
index 0000000..8c595f9
--- /dev/null
+++ b/src/tests/config/dump_request.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().dump("./dump_results/");
diff --git a/src/tests/config/dump_request_invalid_folder.ini b/src/tests/config/dump_request_invalid_folder.ini
new file mode 100644
index 0000000..b5ae154
--- /dev/null
+++ b/src/tests/config/dump_request_invalid_folder.ini
@@ -0,0 +1 @@
+sp.disable_functions.function("system").drop().dump("/root/NON_EXISTENT/FOLDER/PLEASE/");
diff --git a/src/tests/config/empty.ini b/src/tests/config/empty.ini
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/src/tests/config/empty.ini
diff --git a/src/tests/config/empty_conf.ini b/src/tests/config/empty_conf.ini
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/src/tests/config/empty_conf.ini
diff --git a/src/tests/config/encryption_key_only.ini b/src/tests/config/encryption_key_only.ini
new file mode 100644
index 0000000..7de4438
--- /dev/null
+++ b/src/tests/config/encryption_key_only.ini
@@ -0,0 +1 @@
+sp.global.secret_key("abcdef");
diff --git a/src/tests/config/global_strict.ini b/src/tests/config/global_strict.ini
new file mode 100644
index 0000000..2bc2bdc
--- /dev/null
+++ b/src/tests/config/global_strict.ini
@@ -0,0 +1 @@
+        sp.global_strict.enable();
diff --git a/src/tests/config/global_strict_disabled.ini b/src/tests/config/global_strict_disabled.ini
new file mode 100644
index 0000000..2e68471
--- /dev/null
+++ b/src/tests/config/global_strict_disabled.ini
@@ -0,0 +1 @@
+sp.global_strict.disable();
diff --git a/src/tests/config/harden_rand.ini b/src/tests/config/harden_rand.ini
new file mode 100644
index 0000000..89e19be
--- /dev/null
+++ b/src/tests/config/harden_rand.ini
@@ -0,0 +1 @@
+sp.harden_random.enable();
diff --git a/src/tests/config/upload_validation.ini b/src/tests/config/upload_validation.ini
new file mode 100644
index 0000000..0646134
--- /dev/null
+++ b/src/tests/config/upload_validation.ini
@@ -0,0 +1,2 @@
+sp.upload_validation.script("tests/upload_ko.sh");
+sp.upload_validation.enable();
diff --git a/src/tests/config/upload_validation_invalid.ini b/src/tests/config/upload_validation_invalid.ini
new file mode 100644
index 0000000..7a638a1
--- /dev/null
+++ b/src/tests/config/upload_validation_invalid.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_invalid.sh").enable();
diff --git a/src/tests/config/upload_validation_ko.ini b/src/tests/config/upload_validation_ko.ini
new file mode 100644
index 0000000..b15977f
--- /dev/null
+++ b/src/tests/config/upload_validation_ko.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_ko.sh").enable();
diff --git a/src/tests/config/upload_validation_ko_simulation.ini b/src/tests/config/upload_validation_ko_simulation.ini
new file mode 100644
index 0000000..da56439
--- /dev/null
+++ b/src/tests/config/upload_validation_ko_simulation.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_ko.sh").enable().simulation();
diff --git a/src/tests/config/upload_validation_no_exist.ini b/src/tests/config/upload_validation_no_exist.ini
new file mode 100644
index 0000000..24f81a5
--- /dev/null
+++ b/src/tests/config/upload_validation_no_exist.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("fufufufufu").enable();
diff --git a/src/tests/config/upload_validation_non_exec.ini b/src/tests/config/upload_validation_non_exec.ini
new file mode 100644
index 0000000..bdf0a57
--- /dev/null
+++ b/src/tests/config/upload_validation_non_exec.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("tests/data/upload_no_exec.sh").enable();
diff --git a/src/tests/config/upload_validation_ok.ini b/src/tests/config/upload_validation_ok.ini
new file mode 100644
index 0000000..5df8db8
--- /dev/null
+++ b/src/tests/config/upload_validation_ok.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_ok.sh").enable();
diff --git a/src/tests/data/upload_invalid.sh b/src/tests/data/upload_invalid.sh
new file mode 100755
index 0000000..e5eb0c6
--- /dev/null
+++ b/src/tests/data/upload_invalid.sh
@@ -0,0 +1 @@
+lulz
diff --git a/src/tests/data/upload_ko.sh b/src/tests/data/upload_ko.sh
new file mode 100755
index 0000000..c4cacdc
--- /dev/null
+++ b/src/tests/data/upload_ko.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+exit 1;
diff --git a/src/tests/data/upload_no_exec.sh b/src/tests/data/upload_no_exec.sh
new file mode 100644
index 0000000..6b9cafa
--- /dev/null
+++ b/src/tests/data/upload_no_exec.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+exit 0;
diff --git a/src/tests/data/upload_ok.sh b/src/tests/data/upload_ok.sh
new file mode 100755
index 0000000..6b9cafa
--- /dev/null
+++ b/src/tests/data/upload_ok.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+exit 0;
diff --git a/src/tests/deny_writable_execution.phpt b/src/tests/deny_writable_execution.phpt
new file mode 100644
index 0000000..2870561
--- /dev/null
+++ b/src/tests/deny_writable_execution.phpt
@@ -0,0 +1,44 @@
+--TEST--
+Readonly execution attempt
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) print "skip";
+
+$filename = __DIR__ . '/test.txt';
+
+@unlink($filename);
+
+file_put_contents($filename, 'a');
+chmod($filename, 0400);
+
+if (is_writable($filename)) print "skip";
+@unlink($filename);
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disable_writable.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+
+// just in case
+@unlink("$dir/non_writable_file.txt");
+@unlink("$dir/writable_file.txt");
+
+file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
+file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
+chmod("$dir/non_writable_file.txt", 0400);
+chmod("$dir/writable_file.txt", 0777);
+include "$dir/non_writable_file.txt";
+include "$dir/writable_file.txt";
+?>
+--EXPECTF--
+Code execution within a non-writable file.
+[snuffleupagus][0.0.0.0][readonly_exec][drop] Attempted execution of a writable file (%a/writable_file.txt).
+--CLEAN--
+<?php
+$dir = __DIR__;
+chmod("$dir/non_writable_file.txt", 0777);
+chmod("$dir/writable_file.txt", 0777);
+unlink("$dir/non_writable_file.txt");
+unlink("$dir/writable_file.txt");
+?>
\ No newline at end of file
diff --git a/src/tests/deny_writable_execution_disabled.phpt b/src/tests/deny_writable_execution_disabled.phpt
new file mode 100644
index 0000000..6d1233b
--- /dev/null
+++ b/src/tests/deny_writable_execution_disabled.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Readonly execution attempt
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disable_writable_disabled.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+
+// just in case
+@unlink("$dir/non_writable_file.txt");
+@unlink("$dir/writable_file.txt");
+
+file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
+file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
+chmod("$dir/writable_file.txt", 0777);
+chmod("$dir/non_writable_file.txt", 0400);
+include "$dir/writable_file.txt";
+include "$dir/non_writable_file.txt";
+?>
+--EXPECT--
+Code execution within a writable file.
+Code execution within a non-writable file.
+--CLEAN--
+<?php
+$dir = __DIR__;
+chmod("$dir/non_writable_file.txt", 0777);
+chmod("$dir/writable_file.txt", 0777);
+unlink("$dir/non_writable_file.txt");
+unlink("$dir/writable_file.txt");
+?>
\ No newline at end of file
diff --git a/src/tests/deny_writable_execution_simulation.phpt b/src/tests/deny_writable_execution_simulation.phpt
new file mode 100644
index 0000000..3278be8
--- /dev/null
+++ b/src/tests/deny_writable_execution_simulation.phpt
@@ -0,0 +1,45 @@
+--TEST--
+Readonly execution attempt (simulation mode)
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) print "skip";
+
+$filename = __DIR__ . '/test.txt';
+
+@unlink($filename);
+
+file_put_contents($filename, 'a');
+chmod($filename, 0400);
+
+if (is_writable($filename)) print "skip";;
+@unlink($filename);
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disable_writable_simulation.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+
+// just in case
+@unlink("$dir/non_writable_file.txt");
+@unlink("$dir/writable_file.txt");
+
+file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
+file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
+chmod("$dir/writable_file.txt", 0777);
+chmod("$dir/non_writable_file.txt", 0400);
+include "$dir/writable_file.txt";
+include "$dir/non_writable_file.txt";
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][readonly_exec][notice] Attempted execution of a writable file (%a/writable_file.txt).
+Code execution within a writable file.
+Code execution within a non-writable file.
+--CLEAN--
+<?php
+$dir = __DIR__;
+chmod("$dir/non_writable_file.txt", 0777);
+chmod("$dir/writable_file.txt", 0777);
+unlink("$dir/non_writable_file.txt");
+unlink("$dir/writable_file.txt");
+?>
\ No newline at end of file
diff --git a/src/tests/disable_xxe_dom.phpt b/src/tests/disable_xxe_dom.phpt
new file mode 100644
index 0000000..47f3db3
--- /dev/null
+++ b/src/tests/disable_xxe_dom.phpt
@@ -0,0 +1,71 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) die "skip";
+ if (!extension_loaded("dom")) die "skip";
+ ?>
+--INI--
+extension=`php-config --extension-dir`/dom.so 
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+?>
+--EXPECTF--
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Notice: Trying to get property of non-object in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to true: 
+
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Notice: Trying to get property of non-object in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "content.xml");
+unlink($dir . "content.txt");
+?>
diff --git a/src/tests/disable_xxe_dom_disabled.phpt b/src/tests/disable_xxe_dom_disabled.phpt
new file mode 100644
index 0000000..b89b595
--- /dev/null
+++ b/src/tests/disable_xxe_dom_disabled.phpt
@@ -0,0 +1,56 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) die "skip";
+ if (!extension_loaded("dom")) die "skip";
+ ?>
+--INI--
+extension=`php-config --extension-dir`/dom.so 
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = '<content>WARNING, external entity loaded!</content>';
+file_put_contents($dir . '/content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents($dir . '/content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+?>
+--EXPECTF-- 
+libxml_disable_entity to true: WARNING, external entity loaded!
+libxml_disable_entity to false: WARNING, external entity loaded!
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/disable_xxe_simplexml.phpt b/src/tests/disable_xxe_simplexml.phpt
new file mode 100644
index 0000000..54404a3
--- /dev/null
+++ b/src/tests/disable_xxe_simplexml.phpt
@@ -0,0 +1,52 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) die "skip";
+ if (!extension_loaded("simplexml")) die "skip";
+ ?>
+--INI--
+extension=`php-config --extension-dir`/simplexml.so 
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to true: %s\n", $doc->testing);
+
+libxml_disable_entity_loader(false);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to false: %s\n", $doc->testing);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+$doc = new SimpleXMLElement($xml);
+printf("without xxe: %s", $doc->testing);
+
+?>
+--EXPECT--
+libxml_disable_entity to true: 
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/disable_xxe_simplexml_oop.phpt b/src/tests/disable_xxe_simplexml_oop.phpt
new file mode 100644
index 0000000..62762eb
--- /dev/null
+++ b/src/tests/disable_xxe_simplexml_oop.phpt
@@ -0,0 +1,52 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) die "skip";
+ if (!extension_loaded("simplexml")) die "skip";
+ ?>
+--INI--
+extension=`php-config --extension-dir`/simplexml.so 
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$doc = simplexml_load_string($xml);
+printf("libxml_disable_entity to true: %s\n", $doc->testing);
+
+libxml_disable_entity_loader(false);
+$doc = simplexml_load_string($xml);
+printf("libxml_disable_entity to false: %s\n", $doc->testing);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+$doc = simplexml_load_string($xml);
+printf("without xxe: %s", $doc->testing);
+
+?>
+--EXPECT--
+libxml_disable_entity to true: 
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/disable_xxe_xml_parse.phpt b/src/tests/disable_xxe_xml_parse.phpt
new file mode 100644
index 0000000..944bc38
--- /dev/null
+++ b/src/tests/disable_xxe_xml_parse.phpt
@@ -0,0 +1,104 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) die "skip";
+ if (!extension_loaded("xml")) die "skip";
+ ?>
+--INI--
+extension=`php-config --extension-dir`/xml.so 
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+function create_parser() {
+        $parser = xml_parser_create();
+        xml_set_element_handler(
+                $parser,
+                function($parser, $name, array $attributes) {
+                        var_dump($name);
+                        echo "\n";
+                        var_dump($attributes);
+                },
+                function($parser, $name) {
+                        var_dump($name);
+                }
+        );
+
+        xml_set_character_data_handler(
+                $parser,
+                function ($parser, $text){
+                        echo 'text' . $text;
+                }
+        );
+
+        return $parser;
+}
+
+libxml_disable_entity_loader(true);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+
+libxml_disable_entity_loader(false);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+
+--EXPECT--
+string(4) "TEST"
+
+array(0) {
+}
+string(7) "TESTING"
+
+array(0) {
+}
+string(7) "TESTING"
+string(4) "TEST"
+string(4) "TEST"
+
+array(0) {
+}
+string(7) "TESTING"
+
+array(0) {
+}
+string(7) "TESTING"
+string(4) "TEST"
+string(4) "TEST"
+
+array(0) {
+}
+string(7) "TESTING"
+
+array(0) {
+}
+textfoostring(7) "TESTING"
+string(4) "TEST"
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/disabled_function_local_var.phpt b/src/tests/disabled_function_local_var.phpt
new file mode 100644
index 0000000..3142039
--- /dev/null
+++ b/src/tests/disabled_function_local_var.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Disable functions - match on a local variable
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_function_local_var.ini
+--FILE--
+<?php 
+$a = 1338;
+function test(){
+    echo strlen("id") . "\n";
+}
+echo "Value of a: $a\n";
+test();
+
+$a = 1337;
+echo "Value of a: $a\n";
+test();
+?>
+--EXPECTF--
+Value of a: 1338
+2
+Value of a: 1337
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var.php:%d has been disabled.
\ No newline at end of file
diff --git a/src/tests/disabled_function_super_global_var.phpt b/src/tests/disabled_function_super_global_var.phpt
new file mode 100644
index 0000000..d41897a
--- /dev/null
+++ b/src/tests/disabled_function_super_global_var.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Disable functions - match on a super global
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_function_super_global_var.ini
+--GET--
+bla=test
+--FILE--
+<?php 
+function test(){
+    echo strlen($_GET['bla']) . "\n";
+}
+test();
+$_GET['bla'] = 'test2';
+test();
+?>
+--EXPECTF--
+4
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %s/tests/disabled_function_super_global_var.php:%d has been disabled.
diff --git a/src/tests/disabled_functions.phpt b/src/tests/disabled_functions.phpt
new file mode 100644
index 0000000..37da911
--- /dev/null
+++ b/src/tests/disabled_functions.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions.ini
+--FILE--
+<?php 
+system("id");
+printf("printf in simulation mode\n");
+print("print in disabled mode\n");
+var_dump("this is a super test");
+echo strpos("pouet", "o");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions.php:%d has been disabled.
+[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'printf' in %a/tests/disabled_functions.php:%d has been disabled.
+printf in simulation mode
+print in disabled mode
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'var_dump' in %a/tests/disabled_functions.php:%d has been disabled.
+1
diff --git a/src/tests/disabled_functions_cidr.phpt b/src/tests/disabled_functions_cidr.phpt
new file mode 100644
index 0000000..5b13107
--- /dev/null
+++ b/src/tests/disabled_functions_cidr.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_cidr.ini
+--FILE--
+<?php
+system("echo 42");
+printf("1337");
+?>
+--EXPECTF--
+[snuffleupagus][127.0.0.1][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_cidr.php:2 has been disabled.
+1337
diff --git a/src/tests/disabled_functions_cidr_6.phpt b/src/tests/disabled_functions_cidr_6.phpt
new file mode 100644
index 0000000..f2c5f5a
--- /dev/null
+++ b/src/tests/disabled_functions_cidr_6.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:ff00:0042:8328
+EOF;
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_cidr.ini
+--FILE--
+<?php
+strpos("a", "b");
+printf(1337);
+?>
+--EXPECTF--
+[snuffleupagus][2001:0db8:0000:0000:0000:ff00:0042:8328][disabled_function][drop] The call to the function 'strpos' in %a/tests/disabled_functions_cidr_6.php:2 has been disabled.
+1337
diff --git a/src/tests/disabled_functions_filename_r.phpt b/src/tests/disabled_functions_filename_r.phpt
new file mode 100644
index 0000000..ed46802
--- /dev/null
+++ b/src/tests/disabled_functions_filename_r.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - filename regexp
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_filename_r.ini
+--FILE--
+<?php 
+system("echo 42");
+shell_exec("echo 43");
+?>
+--EXPECTF--
+42
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'shell_exec' in %a/tests/disabled_functions_filename_r.php:%d has been disabled.
\ No newline at end of file
diff --git a/src/tests/disabled_functions_mb.phpt b/src/tests/disabled_functions_mb.phpt
new file mode 100644
index 0000000..7089063
--- /dev/null
+++ b/src/tests/disabled_functions_mb.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_mb.ini
+--FILE--
+<?php 
+echo strlen("id");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_functions_mb.php:2 has been disabled.
diff --git a/src/tests/disabled_functions_method.phpt b/src/tests/disabled_functions_method.phpt
new file mode 100644
index 0000000..33651b7
--- /dev/null
+++ b/src/tests/disabled_functions_method.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_method.ini
+--FILE--
+<?php 
+class AwesomeClass {
+        function method1($a) {
+                echo "method1:" . $a . "\n";
+        }
+        function method2($a) {
+                echo "method2:" . $a . "\n";
+        }
+        function method3($a) {
+                echo "method3:" . $a . "\n";
+        }
+}
+
+$c = new AwesomeClass();
+$c->method1("pif");
+$c->method2("paf");
+$c->method3("pouet");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'AwesomeClass::method1' in %a/tests/disabled_functions_method.php:4 has been disabled.
+method2:paf
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'AwesomeClass::method3' in %a/tests/disabled_functions_method.php:10 has been disabled, because its argument 'a' content (pouet) matched a rule.
diff --git a/src/tests/disabled_functions_name_r.phpt b/src/tests/disabled_functions_name_r.phpt
new file mode 100644
index 0000000..0e29abb
--- /dev/null
+++ b/src/tests/disabled_functions_name_r.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_name_r.ini
+--FILE--
+<?php 
+system("echo 42");
+system("echo 1337");
+?>
+--EXPECTF--
+42
+1337
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_name_r.php:3, because the return value (1337) of the function 'system' matched a rule.
diff --git a/src/tests/disabled_functions_name_type.phpt b/src/tests/disabled_functions_name_type.phpt
new file mode 100644
index 0000000..c5b24d6
--- /dev/null
+++ b/src/tests/disabled_functions_name_type.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_name_type.ini
+--FILE--
+<?php 
+echo strcmp("pouet", "pouet") . "\n";
+echo strcmp([1,23], "pouet") . "\n";
+?>
+--EXPECTF--
+0
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strcmp' in %a/disabled_functions_name_type.php:%d has been disabled, because its argument 'str1' content (?) matched a rule.
diff --git a/src/tests/disabled_functions_namespace.phpt b/src/tests/disabled_functions_namespace.phpt
new file mode 100644
index 0000000..72c7d0b
--- /dev/null
+++ b/src/tests/disabled_functions_namespace.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Disable functions: namespaces support isn't implemented now
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_namespace.ini
+--FILE--
+<?php 
+namespace my_super_namespace {
+        function my_function() {
+                echo "1\n";
+        }
+}
+namespace my_second_namespace {
+        function my_function() {
+                echo "2\n";
+        }
+}
+namespace {
+        function my_function() {
+                echo "3\n";
+        }
+\strcmp("1", "2");
+\my_super_namespace\my_function();
+\my_second_namespace\my_function();
+my_function();
+}
+?>
+--XFAIL--
+--EXPECTF--
+[snuffleupagus] The call to the function 'strcmp' in %a/tests/disabled_functions_namespace.php:%d has been disabled.
diff --git a/src/tests/disabled_functions_noconf.phpt b/src/tests/disabled_functions_noconf.phpt
new file mode 100644
index 0000000..cb13413
--- /dev/null
+++ b/src/tests/disabled_functions_noconf.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/empty.ini
+--FILE--
+<?php 
+echo strpos("pouet", "o");
+?>
+--EXPECT--
+1
diff --git a/src/tests/disabled_functions_nul_byte.phpt b/src/tests/disabled_functions_nul_byte.phpt
new file mode 100644
index 0000000..95e87de
--- /dev/null
+++ b/src/tests/disabled_functions_nul_byte.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Disable functions with nul byte
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_nul_byte.ini
+--FILE--
+<?php 
+system("\0id");
+system("id");
+
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_nul_byte.php:2 has been disabled, because its argument 'command' content (0id) matched a rule.
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_nul_byte.php:3 has been disabled, because its argument 'command' content (id) matched a rule.
\ No newline at end of file
diff --git a/src/tests/disabled_functions_param.phpt b/src/tests/disabled_functions_param.phpt
new file mode 100644
index 0000000..2309217
--- /dev/null
+++ b/src/tests/disabled_functions_param.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param.ini
+--FILE--
+<?php 
+system("id");
+system("echo win");
+var_dump(array_sum([1,2,3,4,5]));
+shell_exec("id");
+echo shell_exec("echo 42");
+strcmp("bla", "ble");
+strncmp("bla", "ble", 2);
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/disabled_functions_param.php:2 has been disabled, because its argument 'command' content (id) matched the rule '1'.
+win
+int(15)
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'shell_exec' in %a/disabled_functions_param.php:5 has been disabled, because its argument 'cmd' content (id) matched the rule '3'.
+42
+[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'strcmp' in %a/tests/disabled_functions_param.php:7 has been disabled, because its argument 'str1' content (bla) matched the rule '5'.
+[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'strncmp' in %a/tests/disabled_functions_param.php:8 has been disabled, because its argument 'str1' content (bla) matched a rule.
diff --git a/src/tests/disabled_functions_param_alias.phpt b/src/tests/disabled_functions_param_alias.phpt
new file mode 100644
index 0000000..fe3d1c1
--- /dev/null
+++ b/src/tests/disabled_functions_param_alias.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - alias
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param_alias.ini
+--FILE--
+<?php 
+system("id");
+shell_exec("id");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_param_alias.php:2 has been disabled, because of the the rule '1'.
+[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'shell_exec' in %a/tests/disabled_functions_param_alias.php:3 has been disabled, because of the the rule '2'.
diff --git a/src/tests/disabled_functions_param_allow.phpt b/src/tests/disabled_functions_param_allow.phpt
new file mode 100644
index 0000000..b6ff01a
--- /dev/null
+++ b/src/tests/disabled_functions_param_allow.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - allow
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param_allow.ini
+--FILE--
+<?php 
+system("echo win");
+system("id");
+?>
+--EXPECTF--
+win
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_param_allow.php:3 has been disabled.
\ No newline at end of file
diff --git a/src/tests/disabled_functions_param_array.phpt b/src/tests/disabled_functions_param_array.phpt
new file mode 100644
index 0000000..6596d1a
--- /dev/null
+++ b/src/tests/disabled_functions_param_array.phpt
@@ -0,0 +1,37 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param_array.ini
+--FILE--
+<?php
+function foo($arr) {
+         echo $arr["a"]."\n";
+}
+$a=Array("a"=>"test1");
+foo($a);
+$a=Array("a"=>"abcd");
+foo($a);
+$a=Array("a"=>"abcde");
+foo($a);
+$a=Array("bla"=>"abcdef");
+foo($a);
+$a=Array("bla"=>"aaa", "a"=>"eee" );
+foo($a);
+$a=Array("test"=>"aaa", "a"=>"fff" );
+foo($a);
+$a=Array("test2"=>Array("foo"=>Array("lol"=>"bbb")), "a"=>"cccc");
+foo($a);
+$a=Array("test2"=>Array("foo"=>Array("lol"=>"aaa")), "a"=>"dddd");
+foo($a);
+?>
+--EXPECTF--
+test1
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/disabled_functions_param_array.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '1'.
+abcde
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/disabled_functions_param_array.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '2'.
+eee
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/disabled_functions_param_array.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '3'.
+cccc
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/disabled_functions_param_array.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '4'.
diff --git a/src/tests/disabled_functions_param_int.phpt b/src/tests/disabled_functions_param_int.phpt
new file mode 100644
index 0000000..3b2cc08
--- /dev/null
+++ b/src/tests/disabled_functions_param_int.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param_int.ini
+--FILE--
+<?php
+function foobar($id) {
+  echo $id."\n";
+}
+foobar(1);
+foobar(42);
+foobar(1337);
+foobar(13374242);
+foobar(0x2A);
+foobar("10");
+?>
+--EXPECTF--
+1
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foobar' in %a/tests/disabled_functions_param_int.php:3 has been disabled, because its argument 'id' content (42) matched a rule.
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foobar' in %a/tests/disabled_functions_param_int.php:3 has been disabled, because its argument 'id' content (1337) matched a rule.
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foobar' in %a/tests/disabled_functions_param_int.php:3 has been disabled, because its argument 'id' content (13374242) matched a rule.
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foobar' in %a/tests/disabled_functions_param_int.php:3 has been disabled, because its argument 'id' content (42) matched a rule.
+10
diff --git a/src/tests/disabled_functions_param_r.phpt b/src/tests/disabled_functions_param_r.phpt
new file mode 100644
index 0000000..3708881
--- /dev/null
+++ b/src/tests/disabled_functions_param_r.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param_r.ini
+--FILE--
+<?php 
+system("id");
+system("echo win");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_param_r.php:2 has been disabled, because its argument 'command' content (id) matched a rule.
+win
diff --git a/src/tests/disabled_functions_param_str_representation.phpt b/src/tests/disabled_functions_param_str_representation.phpt
new file mode 100644
index 0000000..7cbdc0f
--- /dev/null
+++ b/src/tests/disabled_functions_param_str_representation.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Disable functions - casting various types to string internally
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param_str_representation.ini
+--FILE--
+<?php 
+echo var_export(true) . "\n";
+echo var_export(false) . "\n";
+echo var_export(null) . "\n";
+echo var_export(1) . "\n";
+echo var_export(1.0) . "\n";
+function f(&$a) {
+        echo var_export($a) . "\n";
+}
+$a = 123; f($a);
+?>
+--EXPECTF--
+true
+false
+NULL
+1
+1.0
+123
diff --git a/src/tests/disabled_functions_parse_class.phpt b/src/tests/disabled_functions_parse_class.phpt
new file mode 100644
index 0000000..af9ed88
--- /dev/null
+++ b/src/tests/disabled_functions_parse_class.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Disable functions - Parsing of an Object as a return value of a function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret.ini
+--FILE--
+<?php 
+/*
+Because Snuffleupagus used to cast everything with the `zval_get_string` function,
+this sometimes raised exceptions, because PHP is awful.
+ */
+class Bob {
+    function a() {
+        return new StdClass;
+    }
+}
+$b = new Bob;
+echo ($b->a() instanceof StdClass)?'Y':'N';
+?>
+--EXPECT--
+Y
diff --git a/src/tests/disabled_functions_require.phpt b/src/tests/disabled_functions_require.phpt
new file mode 100644
index 0000000..1eedde4
--- /dev/null
+++ b/src/tests/disabled_functions_require.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Disable functions - Require
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_require.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+file_put_contents($dir . '/test.meh', "");
+file_put_contents($dir . '/test.bla', "");
+require $dir . '/test.meh';
+require $dir . '/test.bla';
+echo "1337";
+?>
+--XFAIL--
+PHP doesn't replace the format string, so the test is failing.
+--EXPECTF--
+[snuffleupagus][0.0.0.0][include][drop] Inclusion of a forbidden file (%a/test.bla)
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . '/test.meh');
+unlink($dir . '/test.bla');
+?>
diff --git a/src/tests/disabled_functions_ret.phpt b/src/tests/disabled_functions_ret.phpt
new file mode 100644
index 0000000..b64bf70
--- /dev/null
+++ b/src/tests/disabled_functions_ret.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Disable functions check on `ret`.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret.ini
+--FILE--
+<?php 
+echo strpos("pouet", "p");
+echo stripos("pouet", "p");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret.php:2, because the return value (0) of the function 'strpos' matched a rule.
diff --git a/src/tests/disabled_functions_ret2.phpt b/src/tests/disabled_functions_ret2.phpt
new file mode 100644
index 0000000..b713201
--- /dev/null
+++ b/src/tests/disabled_functions_ret2.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions check on `ret`.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret.ini
+--FILE--
+<?php 
+echo stripos("pouet", "p");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret2.php:2, because the return value (0) of the function 'stripos' matched a rule.
diff --git a/src/tests/disabled_functions_ret3.phpt b/src/tests/disabled_functions_ret3.phpt
new file mode 100644
index 0000000..d5f96d0
--- /dev/null
+++ b/src/tests/disabled_functions_ret3.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Disable functions check on `ret`.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret.ini
+--FILE--
+<?php 
+class Bob {
+        function a() {
+        echo("We're in function `a`.\n");
+                return 1;
+        }
+}
+$b = new Bob();
+echo "`a` returned: " . $b->a() . ".\n";
+echo("We're at the end of the execution.\n");
+?>
+--EXPECTF--
+We're in function `a`.
+`a` returned: 1.
+We're at the end of the execution.
\ No newline at end of file
diff --git a/src/tests/disabled_functions_ret_allow.phpt b/src/tests/disabled_functions_ret_allow.phpt
new file mode 100644
index 0000000..1690995
--- /dev/null
+++ b/src/tests/disabled_functions_ret_allow.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Disable functions check on `ret`.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_ret_allow.ini
+--FILE--
+<?php 
+echo strpos("pouet", "p");
+echo stripos("pouet", "p");
+?>
+--EXPECT--
+00
\ No newline at end of file
diff --git a/src/tests/disabled_functions_ret_allow_value.phpt b/src/tests/disabled_functions_ret_allow_value.phpt
new file mode 100644
index 0000000..881a006
--- /dev/null
+++ b/src/tests/disabled_functions_ret_allow_value.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions check on `ret` allowed
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_ret_allow_value.ini
+--FILE--
+<?php 
+echo strpos("pouet", "p");
+?>
+--EXPECT--
+0
diff --git a/src/tests/disabled_functions_ret_right_hash.phpt b/src/tests/disabled_functions_ret_right_hash.phpt
new file mode 100644
index 0000000..e0d8b5b
--- /dev/null
+++ b/src/tests/disabled_functions_ret_right_hash.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_ret_right_hash.ini
+--FILE--
+<?php 
+system("echo $((1 + 1336))");
+?>
+--EXPECTF--
+1337
diff --git a/src/tests/disabled_functions_ret_simulation.phpt b/src/tests/disabled_functions_ret_simulation.phpt
new file mode 100644
index 0000000..58af3a9
--- /dev/null
+++ b/src/tests/disabled_functions_ret_simulation.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Disable functions check on `ret` simulation
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_ret_simulation.ini
+--FILE--
+<?php 
+echo strpos("pouet", "p") . "\n";
+echo stripos("pouet", "p") . "\n";
+strcmp("p", "p") . "\n";
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][notice] The execution has been aborted in %a/disabled_functions_ret_simulation.php:2, because the return value (0) of the function 'strpos' matched a rule.
+0
+[snuffleupagus][0.0.0.0][disabled_function][notice] The execution has been aborted in %a/disabled_functions_ret_simulation.php:3, because the function 'stripos' returned '0', which matched the rule '1'.
+0
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_simulation.php:4, because the return value (0) of the function 'strcmp' matched a rule.
diff --git a/src/tests/disabled_functions_ret_type.phpt b/src/tests/disabled_functions_ret_type.phpt
new file mode 100644
index 0000000..f1c6e4c
--- /dev/null
+++ b/src/tests/disabled_functions_ret_type.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Disable functions check on `ret` by type matching on boolean
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret_type.ini
+--FILE--
+<?php 
+echo strpos("pouet", "p") . "\n";
+echo "1337\n";
+echo strpos("pouet", "123");
+?>
+--EXPECTF--
+0
+1337
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/tests/disabled_functions_ret_type.php:%d, because the function 'strpos' returned 'FALSE', which matched the rule 'Return value is FALSE'.
diff --git a/src/tests/disabled_functions_ret_type_double.phpt b/src/tests/disabled_functions_ret_type_double.phpt
new file mode 100644
index 0000000..b7942e1
--- /dev/null
+++ b/src/tests/disabled_functions_ret_type_double.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions check on `ret` by type matching (double).
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret_type_double.ini
+--FILE--
+<?php 
+echo cos(0.5) . "\n";
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_type_double.php:%d, because the function 'cos' returned '0.877583', which matched the rule 'Return value is a double'.
diff --git a/src/tests/disabled_functions_ret_type_long.phpt b/src/tests/disabled_functions_ret_type_long.phpt
new file mode 100644
index 0000000..b841c64
--- /dev/null
+++ b/src/tests/disabled_functions_ret_type_long.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions check on `ret` by type matching (long).
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret_type_long.ini
+--FILE--
+<?php 
+echo strlen("pouet") . "\n";
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_type_long.php:%d, because the function 'strlen' returned '5', which matched the rule 'Return value is a long'.
diff --git a/src/tests/disabled_functions_ret_type_resource.phpt b/src/tests/disabled_functions_ret_type_resource.phpt
new file mode 100644
index 0000000..4ceb610
--- /dev/null
+++ b/src/tests/disabled_functions_ret_type_resource.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions check on `ret` by type matching (resource).
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret_type_resource.ini
+--FILE--
+<?php 
+echo fopen("/etc/passwd", "r");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_type_resource.php:2, because the function 'fopen' returned 'RESOURCE', which matched the rule 'Return value is a resource'.
diff --git a/src/tests/disabled_functions_ret_type_str.phpt b/src/tests/disabled_functions_ret_type_str.phpt
new file mode 100644
index 0000000..8c48b1d
--- /dev/null
+++ b/src/tests/disabled_functions_ret_type_str.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions check on `ret` by type matching (string).
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret_type_str.ini
+--FILE--
+<?php 
+echo substr("pouet", 3) . "\n";
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_type_str.php:%d, because the function 'substr' returned 'et', which matched the rule 'Return value is a string'.
diff --git a/src/tests/disabled_functions_ret_type_true.phpt b/src/tests/disabled_functions_ret_type_true.phpt
new file mode 100644
index 0000000..a5eae38
--- /dev/null
+++ b/src/tests/disabled_functions_ret_type_true.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Disable functions check on `ret` by type matching (true).
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_ret_type_true.ini
+--FILE--
+<?php 
+var_dump(is_numeric("pouet")) . "\n";
+echo "1337\n";
+echo is_numeric("1234") . "\n";
+?>
+--EXPECTF--
+bool(false)
+1337
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_type_true.php:%d, because the function 'is_numeric' returned 'TRUE', which matched the rule 'Return value is a true'.
diff --git a/src/tests/disabled_functions_ret_val.phpt b/src/tests/disabled_functions_ret_val.phpt
new file mode 100644
index 0000000..8a02b29
--- /dev/null
+++ b/src/tests/disabled_functions_ret_val.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions ret val
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_retval.ini
+--FILE--
+<?php 
+echo str_repeat("fufu",1)."\n";
+echo str_repeat("fufufu",1);
+?>
+--EXPECTF--
+fufu
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_val.php:3, because the return value (fufufu) of the function 'str_repeat' matched a rule.
diff --git a/src/tests/disabled_functions_ret_val_rx.phpt b/src/tests/disabled_functions_ret_val_rx.phpt
new file mode 100644
index 0000000..1054b70
--- /dev/null
+++ b/src/tests/disabled_functions_ret_val_rx.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions ret val rx
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_retval_rx.ini
+--FILE--
+<?php 
+echo str_repeat("fufu",1)."\n";
+echo str_repeat("fufufu",1);
+?>
+--EXPECTF--
+fufu
+[snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_val_rx.php:3, because the return value (fufufu) of the function 'str_repeat' matched a rule.
diff --git a/src/tests/disabled_functions_right_hash.phpt b/src/tests/disabled_functions_right_hash.phpt
new file mode 100644
index 0000000..f3c5fb3
--- /dev/null
+++ b/src/tests/disabled_functions_right_hash.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_right_hash.ini
+--FILE--
+<?php 
+system("echo $((1 + 1336))");
+?>
+--EXPECTF--
+1337
diff --git a/src/tests/disabled_functions_runtime.phpt b/src/tests/disabled_functions_runtime.phpt
new file mode 100644
index 0000000..1c6a141
--- /dev/null
+++ b/src/tests/disabled_functions_runtime.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Disable functions - runtime inclusion
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_param_runtime.ini
+--FILE--
+<?php 
+
+$dir = __DIR__;
+$content = '<?php function test($param) { echo $param . "\n"; }';
+file_put_contents('file_to_include1.php', $content);
+file_put_contents('file_to_include2.php', $content);
+
+if (rand() % 2) {
+    include "file_to_include1.php";
+} else {
+    include "file_to_include2.php";
+}
+
+test('1338');test('1337');
+
+?>
+--EXPECTF--
+1338
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'test' in %a has been disabled, because its argument 'param' content (1337) matched a rule.
+--CLEAN--
+<?php
+unlink("file_to_include1.php");
+unlink("file_to_include2.php");
+?>
diff --git a/src/tests/disabled_functions_zero_cidr.phpt b/src/tests/disabled_functions_zero_cidr.phpt
new file mode 100644
index 0000000..35d187a
--- /dev/null
+++ b/src/tests/disabled_functions_zero_cidr.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Disable functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_zero_cidr.ini
+--FILE--
+<?php
+system("echo 42");
+printf("1337");
+?>
+--EXPECTF--
+[snuffleupagus][127.0.0.1][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_zero_cidr.php:2 has been disabled.
+1337
diff --git a/src/tests/disabled_option.phpt b/src/tests/disabled_option.phpt
new file mode 100644
index 0000000..8bc7e39
--- /dev/null
+++ b/src/tests/disabled_option.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Harden rand
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_rand_harden_disabled.ini
+--FILE--
+<?php 
+srand(0);
+echo rand(0,100)."\n";
+srand(0);
+echo rand(0,100)."\n";
+?>
+--EXPECT--
+84
+84
diff --git a/src/tests/disabled_user_functions.phpt b/src/tests/disabled_user_functions.phpt
new file mode 100644
index 0000000..8952d43
--- /dev/null
+++ b/src/tests/disabled_user_functions.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Disabled user-created functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_user_functions.ini
+--FILE--
+<?php 
+function my_super_function() {
+        echo 1;
+}
+my_super_function();
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'my_super_function' in %a/tests/disabled_user_functions.php:3 has been disabled.
diff --git a/src/tests/dump_request.phpt b/src/tests/dump_request.phpt
new file mode 100644
index 0000000..a752def
--- /dev/null
+++ b/src/tests/dump_request.phpt
@@ -0,0 +1,39 @@
+--TEST--
+Dump request
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) {
+    print "skip";
+} 
+
+foreach (glob("./tests/dump_results/*.dump") as $dump) {
+    unlink($dump);
+}
+rmdir("./tests/dump_results/");
+?>
+--POST--
+post_a=data_post_a&post_b=data_post_b
+--GET--
+get_a=data_get_a&get_b=data_get_b
+--COOKIE--
+cookie_a=data_cookie_a&cookie_b=data_cookie_b
+--INI--
+sp.configuration_file={PWD}/config/dump_request.ini
+--FILE--
+<?php
+mkdir("./dump_results/");
+echo "1\n";
+echo system("echo 1337;");
+$filename = glob('./dump_results/*.dump')[0];
+$res = file($filename);
+if ($res[1] != "GET:get_a=data_get_a&get_b=data_get_b\n") {
+    echo "1\n";
+} elseif ($res[2] != "POST:post_a=data_post_a&post_b=data_post_b\n") {
+    echo "2\n";
+} elseif ($res[3] != "COOKIE:cookie_a=data_cookie_a&cookie_b=data_cookie_b\n") {
+    echo "3\n";
+}
+?>
+--EXPECTF--
+1
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/dump_request.php:%d has been disabled.
diff --git a/src/tests/dump_request_invalid_folder.phpt b/src/tests/dump_request_invalid_folder.phpt
new file mode 100644
index 0000000..b866f70
--- /dev/null
+++ b/src/tests/dump_request_invalid_folder.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Dump request - invalid folder.
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) { print "skip"; } 
+?>
+--POST--
+post_a=data_post_a&post_b=data_post_b
+--GET--
+get_a=data_get_a&get_b=data_get_b
+--COOKIE--
+cookie_a=data_cookie_a&cookie_b=data_cookie_b
+--INI--
+sp.configuration_file={PWD}/config/dump_request_invalid_folder.ini
+--FILE--
+<?php
+echo "1\n";
+echo system("echo 1337;");
+echo "2\n";
+?>
+--EXPECTF--
+1
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %atests/dump_request_invalid_folder.php:3 has been disabled.
+[snuffleupagus][0.0.0.0][request_logging][error] Unable to open /root/NON_EXISTENT/FOLDER/PLEASE/sp_dump_%a_0.0.0.0.dump
+2
\ No newline at end of file
diff --git a/src/tests/dump_request_too_big.phpt b/src/tests/dump_request_too_big.phpt
new file mode 100644
index 0000000..81eb71c
--- /dev/null
+++ b/src/tests/dump_request_too_big.phpt
@@ -0,0 +1,42 @@
+--TEST--
+Dump request -- to big, so it's truncated.
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) {
+    print "skip";
+} 
+
+foreach (glob("./tests/dump_results/*.dump") as $dump) {
+    unlink($dump);
+}
+rmdir("./tests/dump_results/");
+?>
+--POST--
+post_a=data_post_a&post_b=data_post_b&post_c=c
+--GET--
+get_a=data_get_a&get_b=data_get_b&get_c=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaBBBB
+--COOKIE--
+cookie_a=data_cookie_a&cookie_b=data_cookie_b&data_cookie_c=cookie_c
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--INI--
+sp.configuration_file={PWD}/config/dump_request.ini
+--FILE--
+<?php
+echo "1\n";
+echo system("echo 1337;");
+$filename = glob('./dump_results/*.dump')[0];
+$res = file($filename);
+if ($res[1] != "GET:get_a=data_get_a&get_b=data_get_b&get_c=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\n") {
+    echo "1\n";
+} elseif ($res[2] != "POST:post_a=data_post_a&post_b=data_post_b&post_c=c\n") {
+    echo "2\n";
+} elseif ($res[3] != "COOKIE:cookie_a=data_cookie_a&cookie_b=data_cookie_b&data_cookie_c=cookie_c\n") {
+    echo "3\n";
+}
+?>
+--EXPECTF--
+1
+[snuffleupagus][127.0.0.1][disabled_function][drop] The call to the function 'system' in %a/dump_request_too_big.php:%d has been disabled.
diff --git a/src/tests/empty_conf.phpt b/src/tests/empty_conf.phpt
new file mode 100644
index 0000000..411c817
--- /dev/null
+++ b/src/tests/empty_conf.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Empty configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/empty_conf.ini
+--FILE--
+--EXPECT--
diff --git a/src/tests/encrypt_cookies.phpt b/src/tests/encrypt_cookies.phpt
new file mode 100644
index 0000000..f8bf64f
--- /dev/null
+++ b/src/tests/encrypt_cookies.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Cookie decryption in ipv4
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+--COOKIE--
+super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEmXkk3H0xheoOMxoWPEDw1Zd8NAmD9KbB2DSjQ=%3d;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+array(2) {
+  ["super_cookie"]=>
+  string(11) "super_value"
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_cookies2.phpt b/src/tests/encrypt_cookies2.phpt
new file mode 100644
index 0000000..be4c990
--- /dev/null
+++ b/src/tests/encrypt_cookies2.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption in ipv4
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+setcookie("super_cookie", "super_value");
+setcookie("awful_cookie", "awful_value");
+setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true);
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(0) {
+}
diff --git a/src/tests/encrypt_cookies3.phpt b/src/tests/encrypt_cookies3.phpt
new file mode 100644
index 0000000..c85c5dc
--- /dev/null
+++ b/src/tests/encrypt_cookies3.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie decryption with ipv6
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+--COOKIE--
+super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJNTUge7MpiVNi4q3DqstbcumllXBir0CbIQiDI%3D;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+array(2) {
+  ["super_cookie"]=>
+  string(11) "super_value"
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_cookies4.phpt b/src/tests/encrypt_cookies4.phpt
new file mode 100644
index 0000000..14d737a
--- /dev/null
+++ b/src/tests/encrypt_cookies4.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption in ipv6
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+setcookie("super_cookie", "super_value");
+setcookie("awful_cookie", "awful_value");
+setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true);
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(0) {
+}
diff --git a/src/tests/encrypt_cookies_invalid_decryption.phpt b/src/tests/encrypt_cookies_invalid_decryption.phpt
new file mode 100644
index 0000000..a5187c1
--- /dev/null
+++ b/src/tests/encrypt_cookies_invalid_decryption.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+display_errors=1
+display_startup_errors=1
+error_reporting=E_ALL
+--COOKIE--
+super_cookie=jWjORGsgZyqzk3WA63XZBmUoSknXWnXDfAAAAAAAAAAAAAAAAAAAAAA7LiMDfkpP94jDnMVH%2Fm41GeL0Y00q3mbOFYz%2FS9mQGySu;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+
+array(1) {
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_cookies_invalid_decryption2.phpt b/src/tests/encrypt_cookies_invalid_decryption2.phpt
new file mode 100644
index 0000000..f18cf6d
--- /dev/null
+++ b/src/tests/encrypt_cookies_invalid_decryption2.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+display_errors=1
+display_startup_errors=1
+error_reporting=E_ALL
+--COOKIE--
+super_cookie=1337;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+
+array(1) {
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_cookies_invalid_decryption3.phpt b/src/tests/encrypt_cookies_invalid_decryption3.phpt
new file mode 100644
index 0000000..f4afc32
--- /dev/null
+++ b/src/tests/encrypt_cookies_invalid_decryption3.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Cookie encryption
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+--COOKIE--
+super_cookie=;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+array(2) {
+  ["super_cookie"]=>
+  string(0) ""
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encryption_key_only.phpt b/src/tests/encryption_key_only.phpt
new file mode 100644
index 0000000..bf5edb5
--- /dev/null
+++ b/src/tests/encryption_key_only.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Encryption key only
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/encryption_key_only.ini
+--FILE--
+<?php
+echo 1337;
+?>
+--EXPECT--
+1337
+
diff --git a/src/tests/example_configuration.phpt b/src/tests/example_configuration.phpt
new file mode 100644
index 0000000..0bbf59c
--- /dev/null
+++ b/src/tests/example_configuration.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Shipped configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/../../config/examples.ini
+--FILE--
+<?php 
+system("echo 0");
+?>
+--EXPECTF--
+0
diff --git a/src/tests/global_strict.phpt b/src/tests/global_strict.phpt
new file mode 100644
index 0000000..e06721c
--- /dev/null
+++ b/src/tests/global_strict.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Global strict mode
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/global_strict.ini
+--FILE--
+<?php 
+strcmp("pouet", []);
+?>
+--EXPECTF--
+Fatal error: Uncaught TypeError: strcmp() expects parameter 2 to be string, array given in %a/global_strict.php:2
+Stack trace:
+#0 %a/global_strict.php(2): strcmp('pouet', Array)
+#1 {main}
+  thrown in %a/global_strict.php on line 2
diff --git a/src/tests/global_strict_disabled.phpt b/src/tests/global_strict_disabled.phpt
new file mode 100644
index 0000000..ca3ddfa
--- /dev/null
+++ b/src/tests/global_strict_disabled.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Global strict mode
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/global_strict_disabled.ini
+--FILE--
+<?php 
+strcmp("pouet", []);
+echo 1337;
+?>
+--EXPECTF--
+Warning: strcmp() expects parameter 2 to be string, array given in %a/global_strict_disabled.php on line 2
+1337
diff --git a/src/tests/harden_mt_rand.phpt b/src/tests/harden_mt_rand.phpt
new file mode 100644
index 0000000..8887613
--- /dev/null
+++ b/src/tests/harden_mt_rand.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Harden mt_rand
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/harden_rand.ini
+--FILE--
+<?php 
+mt_srand(0);
+$a = mt_rand(0,100)."\n";
+$b = mt_rand(0,100)."\n";
+mt_srand(0);
+$c = mt_rand(0,100)."\n";
+$d = mt_rand(0,100)."\n";
+
+if ($a == $c && $b == $d)
+        echo 'lose';
+else
+        echo 'win';
+?>
+--EXPECT--
+win
diff --git a/src/tests/harden_rand.phpt b/src/tests/harden_rand.phpt
new file mode 100644
index 0000000..391bccc
--- /dev/null
+++ b/src/tests/harden_rand.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Harden rand
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/harden_rand.ini
+--FILE--
+<?php 
+srand(0);
+$a = rand(0,100)."\n";
+$b = rand(0,100)."\n";
+srand(0);
+$c = rand(0,100)."\n";
+$d = rand(0,100)."\n";
+
+rand(100,0)."\n";
+
+if ($a == $c && $b == $d)
+        echo 'fail';
+else
+        echo 'win';
+?>
+--EXPECT--
+win
diff --git a/src/tests/harden_rand_noargs.phpt b/src/tests/harden_rand_noargs.phpt
new file mode 100644
index 0000000..643a453
--- /dev/null
+++ b/src/tests/harden_rand_noargs.phpt
@@ -0,0 +1,62 @@
+--TEST--
+Harden rand without any arguments
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/harden_rand.ini
+We should fix this
+--FILE--
+<?php 
+rand();
+mt_rand();
+
+rand(1);
+mt_rand(1);
+
+rand(1, 2);
+mt_rand(1, 2);
+
+rand(2, 1);
+mt_rand(2, 1);
+
+rand(2, 1, 0);
+mt_rand(2, 1, 0);
+
+rand("test", 1);
+mt_rand("test", 1);
+
+rand(1, "test");
+mt_rand(1, "test");
+
+rand(1, 2, "test");
+mt_rand(1, 2, "test");
+
+echo "Everything is fine\n";
+echo "Absolutely everything\n";
+echo 'Even with single quotes';
+?>
+--EXPECTF--
+Warning: rand() expects exactly 2 parameters, 1 given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: mt_rand() expects exactly 2 parameters, 1 given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: mt_rand(): max(1) is smaller than min(2) in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: mt_rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: rand() expects parameter 1 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: mt_rand() expects parameter 1 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: rand() expects parameter 2 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: mt_rand() expects parameter 2 to be integer, string given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d
+
+Warning: mt_rand() expects exactly 2 parameters, 3 given in %s/tests/harden_rand_noargs.php on line %d
+Everything is fine
+Absolutely everything
+Even with single quotes
diff --git a/src/tests/inexistent_conf_file.phpt b/src/tests/inexistent_conf_file.phpt
new file mode 100644
index 0000000..c7c3fcd
--- /dev/null
+++ b/src/tests/inexistent_conf_file.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Check for snuffleupagus presence
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/unexistent_configuration_file.ini
+--FILE--
+<?php ?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][config][error] Could not open configuration file %a/tests/config/unexistent_configuration_file.ini : No such file or directory
diff --git a/src/tests/loading.phpt b/src/tests/loading.phpt
new file mode 100644
index 0000000..25e2e17
--- /dev/null
+++ b/src/tests/loading.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Check for snuffleupagus presence
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--FILE--
+<?php 
+echo "snuffleupagus extension is available";
+?>
+--EXPECT--
+snuffleupagus extension is available
diff --git a/src/tests/noncore_function_hooking.phpt b/src/tests/noncore_function_hooking.phpt
new file mode 100644
index 0000000..106123c
--- /dev/null
+++ b/src/tests/noncore_function_hooking.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Hooking of user-defined functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_noncore_function_hooking.ini
+--FILE--
+<?php 
+function custom_fun($a) {
+        echo $a;
+}
+custom_fun("hello");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'custom_fun' in %a/tests/noncore_function_hooking.php:3 has been disabled.
diff --git a/src/tests/phpinfo_presence.phpt b/src/tests/phpinfo_presence.phpt
new file mode 100644
index 0000000..35ed0ed
--- /dev/null
+++ b/src/tests/phpinfo_presence.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Unserialize fail
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_serialize.ini
+--FILE--
+<?php 
+ob_start () ;
+phpinfo () ;
+$pinfo = ob_get_contents () ;
+ob_end_clean () ;
+if (strstr($pinfo, "snuffleupagus") !== FALSE) 
+        echo 1;
+else
+        echo 2;
+?>
+--EXPECT--
+1
diff --git a/src/tests/serialize.phpt b/src/tests/serialize.phpt
new file mode 100644
index 0000000..e93dbaf
--- /dev/null
+++ b/src/tests/serialize.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Test serialize hmac
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_serialize.ini
+--FILE--
+<?php 
+echo serialize("a");
+?>
+--EXPECT--
+s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1
+
diff --git a/src/tests/setcookie.phpt b/src/tests/setcookie.phpt
new file mode 100644
index 0000000..ba1d1c1
--- /dev/null
+++ b/src/tests/setcookie.phpt
@@ -0,0 +1,35 @@
+--TEST--
+Set cookies.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+setcookie("name");
+setcookie("super_cookie");
+setcookie("name", "value");
+setcookie("name", "value1", 1);
+setcookie("name", "value2", 0);
+setcookie("name", "value", 1, "/super/path");
+setcookie("name", "value", 1, "/super/path", "super_domain");
+setcookie("name", "value", 1, "/super/path", "super_domain1", true);
+setcookie("name", "value", 1, "/super/path", "super_domain2", false);
+setcookie("name", "value", 1, "/super/path", "super_domain1", true, true);
+setcookie("name", "value", 1, "/super/path", "super_domain2", true, false);
+setcookie("name", "value", 1, "/super/path", "super_domain2", true, false, 1337);
+setcookie();
+echo '1337';
+?>
+--EXPECTF--
+Warning: setcookie() expects at most 7 parameters, 8 given in %a/setcookie.php on line %d
+
+Warning: setcookie() expects at least 1 parameter, 0 given in %a/setcookie.php on line %d
+1337
diff --git a/src/tests/shipped_configuration.phpt b/src/tests/shipped_configuration.phpt
new file mode 100644
index 0000000..c060a85
--- /dev/null
+++ b/src/tests/shipped_configuration.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Shipped configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/../../config/default.ini
+--FILE--
+<?php 
+system("echo 0");
+?>
+--EXPECTF--
+0
diff --git a/src/tests/unserialize.phpt b/src/tests/unserialize.phpt
new file mode 100644
index 0000000..b1db915
--- /dev/null
+++ b/src/tests/unserialize.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Unserialize ok
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_serialize.ini
+--FILE--
+<?php 
+$a=serialize("a");
+var_dump(unserialize($a));
+?>
+--EXPECT--
+string(1) "a"
diff --git a/src/tests/unserialize_fail.phpt b/src/tests/unserialize_fail.phpt
new file mode 100644
index 0000000..5c0bb80
--- /dev/null
+++ b/src/tests/unserialize_fail.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Unserialize fail
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_serialize.ini
+--FILE--
+<?php 
+var_dump(unserialize('s:1:"a";'));
+var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdhflkasjdf'));
+var_dump(unserialize('s:1:"a";dslfjklfjfkjfdjffjfjads'));
+var_dump(unserialize(1,2,3,4));
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][unserialize][drop] The serialized object is too small.
+bool(false)
+[snuffleupagus][0.0.0.0][unserialize][drop] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh
+NULL
+[snuffleupagus][0.0.0.0][unserialize][drop] The serialized object is too small.
+bool(false)
+
+Warning: unserialize() expects at most 2 parameters, 4 given in %a/tests/unserialize_fail.php on line %d
+bool(false)
\ No newline at end of file
diff --git a/src/tests/unserialize_sim.phpt b/src/tests/unserialize_sim.phpt
new file mode 100644
index 0000000..8ebf64d
--- /dev/null
+++ b/src/tests/unserialize_sim.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Unserialize ok
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_serialize_sim.ini
+--FILE--
+<?php 
+$a=serialize("a");
+echo $a;
+var_dump(unserialize($a));
+var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdh1337sjdf'));
+?>
+--EXPECT--
+s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1string(1) "a"
+[snuffleupagus][0.0.0.0][unserialize][notice] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh
+string(1) "a"
diff --git a/src/tests/upload_validation.phpt b/src/tests/upload_validation.phpt
new file mode 100644
index 0000000..c802c16
--- /dev/null
+++ b/src/tests/upload_validation.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Upload a file, validation ok, no simulation
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation.ini
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+1
diff --git a/src/tests/upload_validation_invalid.phpt b/src/tests/upload_validation_invalid.phpt
new file mode 100644
index 0000000..f8c993b
--- /dev/null
+++ b/src/tests/upload_validation_invalid.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Upload a file, invalid validation script
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_invalid.ini
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][upload_validation][error] Could not call './tests/data/upload_invalid.sh' : Exec format error
+[snuffleupagus][0.0.0.0][upload_valiation][drop] The upload of test.php on ? was rejected.
diff --git a/src/tests/upload_validation_ko.phpt b/src/tests/upload_validation_ko.phpt
new file mode 100644
index 0000000..cf4057a
--- /dev/null
+++ b/src/tests/upload_validation_ko.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Upload a file, validation ko, no simulation
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_ko.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+--EXPECTF--
+[snuffleupagus][0.0.0.0][upload_valiation][drop] The upload of test.php on ? was rejected.
diff --git a/src/tests/upload_validation_no_exec.phpt b/src/tests/upload_validation_no_exec.phpt
new file mode 100644
index 0000000..90a58da
--- /dev/null
+++ b/src/tests/upload_validation_no_exec.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Upload a file, validation script not executable
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_non_exec.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+var_dump($_FILES);
+echo "\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
+?>
+--EXPECTF--
+array(1) {
+  ["test"]=>
+  array(5) {
+    ["name"]=>
+    string(8) "test.php"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(0) ""
+    ["error"]=>
+    int(3)
+    ["size"]=>
+    int(0)
+  }
+}
diff --git a/src/tests/upload_validation_nocrash.phpt b/src/tests/upload_validation_nocrash.phpt
new file mode 100644
index 0000000..6fa50d0
--- /dev/null
+++ b/src/tests/upload_validation_nocrash.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Upload validation isn't crashing
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_ok.ini
+output_buffering=off
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+1
diff --git a/src/tests/upload_validation_ok.phpt b/src/tests/upload_validation_ok.phpt
new file mode 100644
index 0000000..f9b5015
--- /dev/null
+++ b/src/tests/upload_validation_ok.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Upload a file, validation ok, no simulation
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_ok.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+1
diff --git a/src/tweetnacl.c b/src/tweetnacl.c
new file mode 100644
index 0000000..937e879
--- /dev/null
+++ b/src/tweetnacl.c
@@ -0,0 +1,842 @@
+#include "tweetnacl.h"
+#define FOR(i,n) for (i = 0;i < n;++i)
+#define sv static void
+
+typedef unsigned char u8;
+typedef unsigned long u32;
+typedef unsigned long long u64;
+typedef long long i64;
+typedef i64 gf[16];
+
+
+/* it's really stupid that there isn't a syscall for this */
+
+static int fd = -1;
+
+void randombytes(unsigned char *x,unsigned long long xlen)
+{
+  int i;
+
+  if (fd == -1) {
+    for (;;) {
+      fd = open("/dev/urandom",O_RDONLY);
+      if (fd != -1) break;
+      sleep(1);
+    }
+  }
+
+  while (xlen > 0) {
+    if (xlen < 1048576) i = xlen; else i = 1048576;
+
+    i = read(fd,x,i);
+    if (i < 1) {
+      sleep(1);
+      continue;
+    }
+
+    x += i;
+    xlen -= i;
+  }
+}
+
+
+static const u8
+  _0[16],
+  _9[32] = {9};
+static const gf
+  gf0,
+  gf1 = {1},
+  _121665 = {0xDB41,1},
+  D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203},
+  D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406},
+  X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169},
+  Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666},
+  I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};
+
+static u32 L32(u32 x,int c) { return (x << c) | ((x&0xffffffff) >> (32 - c)); }
+
+static u32 ld32(const u8 *x)
+{
+  u32 u = x[3];
+  u = (u<<8)|x[2];
+  u = (u<<8)|x[1];
+  return (u<<8)|x[0];
+}
+
+static u64 dl64(const u8 *x)
+{
+  u64 i,u=0;
+  FOR(i,8) u=(u<<8)|x[i];
+  return u;
+}
+
+sv st32(u8 *x,u32 u)
+{
+  int i;
+  FOR(i,4) { x[i] = u; u >>= 8; }
+}
+
+sv ts64(u8 *x,u64 u)
+{
+  int i;
+  for (i = 7;i >= 0;--i) { x[i] = u; u >>= 8; }
+}
+
+static int vn(const u8 *x,const u8 *y,int n)
+{
+  int i = 0;
+  u32 d = 0;
+  FOR(i,n) d |= x[i]^y[i];
+  return (1 & ((d - 1) >> 8)) - 1;
+}
+
+int crypto_verify_16(const u8 *x,const u8 *y)
+{
+  return vn(x,y,16);
+}
+
+int crypto_verify_32(const u8 *x,const u8 *y)
+{
+  return vn(x,y,32);
+}
+
+sv core(u8 *out,const u8 *in,const u8 *k,const u8 *c,int h)
+{
+  u32 w[16],x[16],y[16],t[4];
+  int i,j,m;
+
+  FOR(i,4) {
+    x[5*i] = ld32(c+4*i);
+    x[1+i] = ld32(k+4*i);
+    x[6+i] = ld32(in+4*i);
+    x[11+i] = ld32(k+16+4*i);
+  }
+
+  FOR(i,16) y[i] = x[i];
+
+  FOR(i,20) {
+    FOR(j,4) {
+      FOR(m,4) t[m] = x[(5*j+4*m)%16];
+      t[1] ^= L32(t[0]+t[3], 7);
+      t[2] ^= L32(t[1]+t[0], 9);
+      t[3] ^= L32(t[2]+t[1],13);
+      t[0] ^= L32(t[3]+t[2],18);
+      FOR(m,4) w[4*j+(j+m)%4] = t[m];
+    }
+    FOR(m,16) x[m] = w[m];
+  }
+
+  if (h) {
+    FOR(i,16) x[i] += y[i];
+    FOR(i,4) {
+      x[5*i] -= ld32(c+4*i);
+      x[6+i] -= ld32(in+4*i);
+    }
+    FOR(i,4) {
+      st32(out+4*i,x[5*i]);
+      st32(out+16+4*i,x[6+i]);
+    }
+  } else
+    FOR(i,16) st32(out + 4 * i,x[i] + y[i]);
+}
+
+int crypto_core_salsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c)
+{
+  core(out,in,k,c,0);
+  return 0;
+}
+
+int crypto_core_hsalsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c)
+{
+  core(out,in,k,c,1);
+  return 0;
+}
+
+static const u8 sigma[16] = "expand 32-byte k";
+
+int crypto_stream_salsa20_xor(u8 *c,const u8 *m,u64 b,const u8 *n,const u8 *k)
+{
+  u8 z[16],x[64];
+  u32 u,i;
+  if (!b) return 0;
+  FOR(i,16) z[i] = 0;
+  FOR(i,8) z[i] = n[i];
+  while (b >= 64) {
+    crypto_core_salsa20(x,z,k,sigma);
+    FOR(i,64) c[i] = (m?m[i]:0) ^ x[i];
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (u32) z[i];
+      z[i] = u;
+      u >>= 8;
+    }
+    b -= 64;
+    c += 64;
+    if (m) m += 64;
+  }
+  if (b) {
+    crypto_core_salsa20(x,z,k,sigma);
+    FOR(i,b) c[i] = (m?m[i]:0) ^ x[i];
+  }
+  return 0;
+}
+
+int crypto_stream_salsa20(u8 *c,u64 d,const u8 *n,const u8 *k)
+{
+  return crypto_stream_salsa20_xor(c,0,d,n,k);
+}
+
+int crypto_stream(u8 *c,u64 d,const u8 *n,const u8 *k)
+{
+  u8 s[32];
+  crypto_core_hsalsa20(s,n,k,sigma);
+  return crypto_stream_salsa20(c,d,n+16,s);
+}
+
+int crypto_stream_xor(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k)
+{
+  u8 s[32];
+  crypto_core_hsalsa20(s,n,k,sigma);
+  return crypto_stream_salsa20_xor(c,m,d,n+16,s);
+}
+
+sv add1305(u32 *h,const u32 *c)
+{
+  u32 j,u = 0;
+  FOR(j,17) {
+    u += h[j] + c[j];
+    h[j] = u & 255;
+    u >>= 8;
+  }
+}
+
+static const u32 minusp[17] = {
+  5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252
+} ;
+
+int crypto_onetimeauth(u8 *out,const u8 *m,u64 n,const u8 *k)
+{
+  u32 s,i,j,u,x[17],r[17],h[17],c[17],g[17];
+
+  FOR(j,17) r[j]=h[j]=0;
+  FOR(j,16) r[j]=k[j];
+  r[3]&=15;
+  r[4]&=252;
+  r[7]&=15;
+  r[8]&=252;
+  r[11]&=15;
+  r[12]&=252;
+  r[15]&=15;
+
+  while (n > 0) {
+    FOR(j,17) c[j] = 0;
+    for (j = 0;(j < 16) && (j < n);++j) c[j] = m[j];
+    c[j] = 1;
+    m += j; n -= j;
+    add1305(h,c);
+    FOR(i,17) {
+      x[i] = 0;
+      FOR(j,17) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 - j]);
+    }
+    FOR(i,17) h[i] = x[i];
+    u = 0;
+    FOR(j,16) {
+      u += h[j];
+      h[j] = u & 255;
+      u >>= 8;
+    }
+    u += h[16]; h[16] = u & 3;
+    u = 5 * (u >> 2);
+    FOR(j,16) {
+      u += h[j];
+      h[j] = u & 255;
+      u >>= 8;
+    }
+    u += h[16]; h[16] = u;
+  }
+
+  FOR(j,17) g[j] = h[j];
+  add1305(h,minusp);
+  s = -(h[16] >> 7);
+  FOR(j,17) h[j] ^= s & (g[j] ^ h[j]);
+
+  FOR(j,16) c[j] = k[j + 16];
+  c[16] = 0;
+  add1305(h,c);
+  FOR(j,16) out[j] = h[j];
+  return 0;
+}
+
+int crypto_onetimeauth_verify(const u8 *h,const u8 *m,u64 n,const u8 *k)
+{
+  u8 x[16];
+  crypto_onetimeauth(x,m,n,k);
+  return crypto_verify_16(h,x);
+}
+
+int crypto_secretbox(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k)
+{
+  int i;
+  if (d < 32) return -1;
+  crypto_stream_xor(c,m,d,n,k);
+  crypto_onetimeauth(c + 16,c + 32,d - 32,c);
+  FOR(i,16) c[i] = 0;
+  return 0;
+}
+
+int crypto_secretbox_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k)
+{
+  int i;
+  u8 x[32];
+  if (d < 32) return -1;
+  crypto_stream(x,32,n,k);
+  if (crypto_onetimeauth_verify(c + 16,c + 32,d - 32,x) != 0) return -1;
+  crypto_stream_xor(m,c,d,n,k);
+  FOR(i,32) m[i] = 0;
+  return 0;
+}
+
+sv set25519(gf r, const gf a)
+{
+  int i;
+  FOR(i,16) r[i]=a[i];
+}
+
+sv car25519(gf o)
+{
+  int i;
+  i64 c;
+  FOR(i,16) {
+    o[i]+=(1LL<<16);
+    c=o[i]>>16;
+    o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15);
+    o[i]-=c<<16;
+  }
+}
+
+sv sel25519(gf p,gf q,int b)
+{
+  i64 t,i,c=~(b-1);
+  FOR(i,16) {
+    t= c&(p[i]^q[i]);
+    p[i]^=t;
+    q[i]^=t;
+  }
+}
+
+sv pack25519(u8 *o,const gf n)
+{
+  int i,j,b;
+  gf m,t;
+  FOR(i,16) t[i]=n[i];
+  car25519(t);
+  car25519(t);
+  car25519(t);
+  FOR(j,2) {
+    m[0]=t[0]-0xffed;
+    for(i=1;i<15;i++) {
+      m[i]=t[i]-0xffff-((m[i-1]>>16)&1);
+      m[i-1]&=0xffff;
+    }
+    m[15]=t[15]-0x7fff-((m[14]>>16)&1);
+    b=(m[15]>>16)&1;
+    m[14]&=0xffff;
+    sel25519(t,m,1-b);
+  }
+  FOR(i,16) {
+    o[2*i]=t[i]&0xff;
+    o[2*i+1]=t[i]>>8;
+  }
+}
+
+static int neq25519(const gf a, const gf b)
+{
+  u8 c[32],d[32];
+  pack25519(c,a);
+  pack25519(d,b);
+  return crypto_verify_32(c,d);
+}
+
+static u8 par25519(const gf a)
+{
+  u8 d[32];
+  pack25519(d,a);
+  return d[0]&1;
+}
+
+sv unpack25519(gf o, const u8 *n)
+{
+  int i;
+  FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8);
+  o[15]&=0x7fff;
+}
+
+sv A(gf o,const gf a,const gf b)
+{
+  int i;
+  FOR(i,16) o[i]=a[i]+b[i];
+}
+
+sv Z(gf o,const gf a,const gf b)
+{
+  int i;
+  FOR(i,16) o[i]=a[i]-b[i];
+}
+
+sv M(gf o,const gf a,const gf b)
+{
+  i64 i,j,t[31];
+  FOR(i,31) t[i]=0;
+  FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j];
+  FOR(i,15) t[i]+=38*t[i+16];
+  FOR(i,16) o[i]=t[i];
+  car25519(o);
+  car25519(o);
+}
+
+sv S(gf o,const gf a)
+{
+  M(o,a,a);
+}
+
+sv inv25519(gf o,const gf i)
+{
+  gf c;
+  int a;
+  FOR(a,16) c[a]=i[a];
+  for(a=253;a>=0;a--) {
+    S(c,c);
+    if(a!=2&&a!=4) M(c,c,i);
+  }
+  FOR(a,16) o[a]=c[a];
+}
+
+sv pow2523(gf o,const gf i)
+{
+  gf c;
+  int a;
+  FOR(a,16) c[a]=i[a];
+  for(a=250;a>=0;a--) {
+    S(c,c);
+    if(a!=1) M(c,c,i);
+  }
+  FOR(a,16) o[a]=c[a];
+}
+
+int crypto_scalarmult(u8 *q,const u8 *n,const u8 *p)
+{
+  u8 z[32];
+  i64 x[80],r,i;
+  gf a,b,c,d,e,f;
+  FOR(i,31) z[i]=n[i];
+  z[31]=(n[31]&127)|64;
+  z[0]&=248;
+  unpack25519(x,p);
+  FOR(i,16) {
+    b[i]=x[i];
+    d[i]=a[i]=c[i]=0;
+  }
+  a[0]=d[0]=1;
+  for(i=254;i>=0;--i) {
+    r=(z[i>>3]>>(i&7))&1;
+    sel25519(a,b,r);
+    sel25519(c,d,r);
+    A(e,a,c);
+    Z(a,a,c);
+    A(c,b,d);
+    Z(b,b,d);
+    S(d,e);
+    S(f,a);
+    M(a,c,a);
+    M(c,b,e);
+    A(e,a,c);
+    Z(a,a,c);
+    S(b,a);
+    Z(c,d,f);
+    M(a,c,_121665);
+    A(a,a,d);
+    M(c,c,a);
+    M(a,d,f);
+    M(d,b,x);
+    S(b,e);
+    sel25519(a,b,r);
+    sel25519(c,d,r);
+  }
+  FOR(i,16) {
+    x[i+16]=a[i];
+    x[i+32]=c[i];
+    x[i+48]=b[i];
+    x[i+64]=d[i];
+  }
+  inv25519(x+32,x+32);
+  M(x+16,x+16,x+32);
+  pack25519(q,x+16);
+  return 0;
+}
+
+int crypto_scalarmult_base(u8 *q,const u8 *n)
+{ 
+  return crypto_scalarmult(q,n,_9);
+}
+
+int crypto_box_keypair(u8 *y,u8 *x)
+{
+  randombytes(x,32);
+  return crypto_scalarmult_base(y,x);
+}
+
+int crypto_box_beforenm(u8 *k,const u8 *y,const u8 *x)
+{
+  u8 s[32];
+  crypto_scalarmult(s,x,y);
+  return crypto_core_hsalsa20(k,_0,s,sigma);
+}
+
+int crypto_box_afternm(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *k)
+{
+  return crypto_secretbox(c,m,d,n,k);
+}
+
+int crypto_box_open_afternm(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *k)
+{
+  return crypto_secretbox_open(m,c,d,n,k);
+}
+
+int crypto_box(u8 *c,const u8 *m,u64 d,const u8 *n,const u8 *y,const u8 *x)
+{
+  u8 k[32];
+  crypto_box_beforenm(k,y,x);
+  return crypto_box_afternm(c,m,d,n,k);
+}
+
+int crypto_box_open(u8 *m,const u8 *c,u64 d,const u8 *n,const u8 *y,const u8 *x)
+{
+  u8 k[32];
+  crypto_box_beforenm(k,y,x);
+  return crypto_box_open_afternm(m,c,d,n,k);
+}
+
+static u64 R(u64 x,int c) { return (x >> c) | (x << (64 - c)); }
+static u64 Ch(u64 x,u64 y,u64 z) { return (x & y) ^ (~x & z); }
+static u64 Maj(u64 x,u64 y,u64 z) { return (x & y) ^ (x & z) ^ (y & z); }
+static u64 Sigma0(u64 x) { return R(x,28) ^ R(x,34) ^ R(x,39); }
+static u64 Sigma1(u64 x) { return R(x,14) ^ R(x,18) ^ R(x,41); }
+static u64 sigma0(u64 x) { return R(x, 1) ^ R(x, 8) ^ (x >> 7); }
+static u64 sigma1(u64 x) { return R(x,19) ^ R(x,61) ^ (x >> 6); }
+
+static const u64 K[80] = 
+{
+  0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+  0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+  0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+  0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+  0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+  0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+  0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+  0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+  0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+  0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+  0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+  0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+  0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+  0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+  0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+  0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+  0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+  0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+  0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+  0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+};
+
+int crypto_hashblocks(u8 *x,const u8 *m,u64 n)
+{
+  u64 z[8],b[8],a[8],w[16],t;
+  int i,j;
+
+  FOR(i,8) z[i] = a[i] = dl64(x + 8 * i);
+
+  while (n >= 128) {
+    FOR(i,16) w[i] = dl64(m + 8 * i);
+
+    FOR(i,80) {
+      FOR(j,8) b[j] = a[j];
+      t = a[7] + Sigma1(a[4]) + Ch(a[4],a[5],a[6]) + K[i] + w[i%16];
+      b[7] = t + Sigma0(a[0]) + Maj(a[0],a[1],a[2]);
+      b[3] += t;
+      FOR(j,8) a[(j+1)%8] = b[j];
+      if (i%16 == 15)
+        FOR(j,16)
+          w[j] += w[(j+9)%16] + sigma0(w[(j+1)%16]) + sigma1(w[(j+14)%16]);
+    }
+
+    FOR(i,8) { a[i] += z[i]; z[i] = a[i]; }
+
+    m += 128;
+    n -= 128;
+  }
+
+  FOR(i,8) ts64(x+8*i,z[i]);
+
+  return n;
+}
+
+static const u8 iv[64] = {
+  0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+  0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+  0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+  0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+  0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+  0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+  0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+  0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+} ;
+
+int crypto_hash(u8 *out,const u8 *m,u64 n)
+{
+  u8 h[64],x[256];
+  u64 i,b = n;
+
+  FOR(i,64) h[i] = iv[i];
+
+  crypto_hashblocks(h,m,n);
+  m += n;
+  n &= 127;
+  m -= n;
+
+  FOR(i,256) x[i] = 0;
+  FOR(i,n) x[i] = m[i];
+  x[n] = 128;
+
+  n = 256-128*(n<112);
+  x[n-9] = b >> 61;
+  ts64(x+n-8,b<<3);
+  crypto_hashblocks(h,x,n);
+
+  FOR(i,64) out[i] = h[i];
+
+  return 0;
+}
+
+sv add(gf p[4],gf q[4])
+{
+  gf a,b,c,d,t,e,f,g,h;
+  
+  Z(a, p[1], p[0]);
+  Z(t, q[1], q[0]);
+  M(a, a, t);
+  A(b, p[0], p[1]);
+  A(t, q[0], q[1]);
+  M(b, b, t);
+  M(c, p[3], q[3]);
+  M(c, c, D2);
+  M(d, p[2], q[2]);
+  A(d, d, d);
+  Z(e, b, a);
+  Z(f, d, c);
+  A(g, d, c);
+  A(h, b, a);
+
+  M(p[0], e, f);
+  M(p[1], h, g);
+  M(p[2], g, f);
+  M(p[3], e, h);
+}
+
+sv cswap(gf p[4],gf q[4],u8 b)
+{
+  int i;
+  FOR(i,4)
+    sel25519(p[i],q[i],b);
+}
+
+sv pack(u8 *r,gf p[4])
+{
+  gf tx, ty, zi;
+  inv25519(zi, p[2]); 
+  M(tx, p[0], zi);
+  M(ty, p[1], zi);
+  pack25519(r, ty);
+  r[31] ^= par25519(tx) << 7;
+}
+
+sv scalarmult(gf p[4],gf q[4],const u8 *s)
+{
+  int i;
+  set25519(p[0],gf0);
+  set25519(p[1],gf1);
+  set25519(p[2],gf1);
+  set25519(p[3],gf0);
+  for (i = 255;i >= 0;--i) {
+    u8 b = (s[i/8]>>(i&7))&1;
+    cswap(p,q,b);
+    add(q,p);
+    add(p,p);
+    cswap(p,q,b);
+  }
+}
+
+sv scalarbase(gf p[4],const u8 *s)
+{
+  gf q[4];
+  set25519(q[0],X);
+  set25519(q[1],Y);
+  set25519(q[2],gf1);
+  M(q[3],X,Y);
+  scalarmult(p,q,s);
+}
+
+int crypto_sign_keypair(u8 *pk, u8 *sk)
+{
+  u8 d[64];
+  gf p[4];
+  int i;
+
+  randombytes(sk, 32);
+  crypto_hash(d, sk, 32);
+  d[0] &= 248;
+  d[31] &= 127;
+  d[31] |= 64;
+
+  scalarbase(p,d);
+  pack(pk,p);
+
+  FOR(i,32) sk[32 + i] = pk[i];
+  return 0;
+}
+
+static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10};
+
+sv modL(u8 *r,i64 x[64])
+{
+  i64 carry,i,j;
+  for (i = 63;i >= 32;--i) {
+    carry = 0;
+    for (j = i - 32;j < i - 12;++j) {
+      x[j] += carry - 16 * x[i] * L[j - (i - 32)];
+      carry = (x[j] + 128) >> 8;
+      x[j] -= carry << 8;
+    }
+    x[j] += carry;
+    x[i] = 0;
+  }
+  carry = 0;
+  FOR(j,32) {
+    x[j] += carry - (x[31] >> 4) * L[j];
+    carry = x[j] >> 8;
+    x[j] &= 255;
+  }
+  FOR(j,32) x[j] -= carry * L[j];
+  FOR(i,32) {
+    x[i+1] += x[i] >> 8;
+    r[i] = x[i] & 255;
+  }
+}
+
+sv reduce(u8 *r)
+{
+  i64 x[64],i;
+  FOR(i,64) x[i] = (u64) r[i];
+  FOR(i,64) r[i] = 0;
+  modL(r,x);
+}
+
+int crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 n,const u8 *sk)
+{
+  u8 d[64],h[64],r[64];
+  u64 i;
+  i64 j,x[64];
+  gf p[4];
+
+  crypto_hash(d, sk, 32);
+  d[0] &= 248;
+  d[31] &= 127;
+  d[31] |= 64;
+
+  *smlen = n+64;
+  FOR(i,n) sm[64 + i] = m[i];
+  FOR(i,32) sm[32 + i] = d[32 + i];
+
+  crypto_hash(r, sm+32, n+32);
+  reduce(r);
+  scalarbase(p,r);
+  pack(sm,p);
+
+  FOR(i,32) sm[i+32] = sk[i+32];
+  crypto_hash(h,sm,n + 64);
+  reduce(h);
+
+  FOR(i,64) x[i] = 0;
+  FOR(i,32) x[i] = (u64) r[i];
+  FOR(i,32) FOR(j,32) x[i+j] += h[i] * (u64) d[j];
+  modL(sm + 32,x);
+
+  return 0;
+}
+
+static int unpackneg(gf r[4],const u8 p[32])
+{
+  gf t, chk, num, den, den2, den4, den6;
+  set25519(r[2],gf1);
+  unpack25519(r[1],p);
+  S(num,r[1]);
+  M(den,num,D);
+  Z(num,num,r[2]);
+  A(den,r[2],den);
+
+  S(den2,den);
+  S(den4,den2);
+  M(den6,den4,den2);
+  M(t,den6,num);
+  M(t,t,den);
+
+  pow2523(t,t);
+  M(t,t,num);
+  M(t,t,den);
+  M(t,t,den);
+  M(r[0],t,den);
+
+  S(chk,r[0]);
+  M(chk,chk,den);
+  if (neq25519(chk, num)) M(r[0],r[0],I);
+
+  S(chk,r[0]);
+  M(chk,chk,den);
+  if (neq25519(chk, num)) return -1;
+
+  if (par25519(r[0]) == (p[31]>>7)) Z(r[0],gf0,r[0]);
+
+  M(r[3],r[0],r[1]);
+  return 0;
+}
+
+int crypto_sign_open(u8 *m,u64 *mlen,const u8 *sm,u64 n,const u8 *pk)
+{
+  u64 i;
+  u8 t[32],h[64];
+  gf p[4],q[4];
+
+  *mlen = -1;
+  if (n < 64) return -1;
+
+  if (unpackneg(q,pk)) return -1;
+
+  FOR(i,n) m[i] = sm[i];
+  FOR(i,32) m[i+32] = pk[i];
+  crypto_hash(h,m,n);
+  reduce(h);
+  scalarmult(p,q,h);
+
+  scalarbase(q,sm + 32);
+  add(p,q);
+  pack(t,p);
+
+  n -= 64;
+  if (crypto_verify_32(sm, t)) {
+    FOR(i,n) m[i] = 0;
+    return -1;
+  }
+
+  FOR(i,n) m[i] = sm[i + 64];
+  *mlen = n;
+  return 0;
+}
diff --git a/src/tweetnacl.h b/src/tweetnacl.h
new file mode 100644
index 0000000..508876d
--- /dev/null
+++ b/src/tweetnacl.h
@@ -0,0 +1,277 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#ifndef TWEETNACL_H
+#define TWEETNACL_H
+#define crypto_auth_PRIMITIVE "hmacsha512256"
+#define crypto_auth crypto_auth_hmacsha512256
+#define crypto_auth_verify crypto_auth_hmacsha512256_verify
+#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
+#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
+#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512256_IMPLEMENTATION
+#define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION
+#define crypto_auth_hmacsha512256_tweet_BYTES 32
+#define crypto_auth_hmacsha512256_tweet_KEYBYTES 32
+extern int crypto_auth_hmacsha512256_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_auth_hmacsha512256_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#define crypto_auth_hmacsha512256_tweet_VERSION "-"
+#define crypto_auth_hmacsha512256 crypto_auth_hmacsha512256_tweet
+#define crypto_auth_hmacsha512256_verify crypto_auth_hmacsha512256_tweet_verify
+#define crypto_auth_hmacsha512256_BYTES crypto_auth_hmacsha512256_tweet_BYTES
+#define crypto_auth_hmacsha512256_KEYBYTES crypto_auth_hmacsha512256_tweet_KEYBYTES
+#define crypto_auth_hmacsha512256_VERSION crypto_auth_hmacsha512256_tweet_VERSION
+#define crypto_auth_hmacsha512256_IMPLEMENTATION "crypto_auth/hmacsha512256/tweet"
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+#define crypto_box crypto_box_curve25519xsalsa20poly1305
+#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
+#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
+#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
+#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
+#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION
+#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION
+#define crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES 24
+#define crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES 32
+#define crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES 16
+extern int crypto_box_curve25519xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_keypair(unsigned char *,unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_box_curve25519xsalsa20poly1305_tweet_VERSION "-"
+#define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_tweet
+#define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_tweet_open
+#define crypto_box_curve25519xsalsa20poly1305_keypair crypto_box_curve25519xsalsa20poly1305_tweet_keypair
+#define crypto_box_curve25519xsalsa20poly1305_beforenm crypto_box_curve25519xsalsa20poly1305_tweet_beforenm
+#define crypto_box_curve25519xsalsa20poly1305_afternm crypto_box_curve25519xsalsa20poly1305_tweet_afternm
+#define crypto_box_curve25519xsalsa20poly1305_open_afternm crypto_box_curve25519xsalsa20poly1305_tweet_open_afternm
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_PUBLICKEYBYTES
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_tweet_SECRETKEYBYTES
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BEFORENMBYTES
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_tweet_NONCEBYTES
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_ZEROBYTES
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_tweet_BOXZEROBYTES
+#define crypto_box_curve25519xsalsa20poly1305_VERSION crypto_box_curve25519xsalsa20poly1305_tweet_VERSION
+#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/tweet"
+#define crypto_core_PRIMITIVE "salsa20"
+#define crypto_core crypto_core_salsa20
+#define crypto_core_OUTPUTBYTES crypto_core_salsa20_OUTPUTBYTES
+#define crypto_core_INPUTBYTES crypto_core_salsa20_INPUTBYTES
+#define crypto_core_KEYBYTES crypto_core_salsa20_KEYBYTES
+#define crypto_core_CONSTBYTES crypto_core_salsa20_CONSTBYTES
+#define crypto_core_IMPLEMENTATION crypto_core_salsa20_IMPLEMENTATION
+#define crypto_core_VERSION crypto_core_salsa20_VERSION
+#define crypto_core_salsa20_tweet_OUTPUTBYTES 64
+#define crypto_core_salsa20_tweet_INPUTBYTES 16
+#define crypto_core_salsa20_tweet_KEYBYTES 32
+#define crypto_core_salsa20_tweet_CONSTBYTES 16
+extern int crypto_core_salsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_salsa20_tweet_VERSION "-"
+#define crypto_core_salsa20 crypto_core_salsa20_tweet
+#define crypto_core_salsa20_OUTPUTBYTES crypto_core_salsa20_tweet_OUTPUTBYTES
+#define crypto_core_salsa20_INPUTBYTES crypto_core_salsa20_tweet_INPUTBYTES
+#define crypto_core_salsa20_KEYBYTES crypto_core_salsa20_tweet_KEYBYTES
+#define crypto_core_salsa20_CONSTBYTES crypto_core_salsa20_tweet_CONSTBYTES
+#define crypto_core_salsa20_VERSION crypto_core_salsa20_tweet_VERSION
+#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/tweet"
+#define crypto_core_hsalsa20_tweet_OUTPUTBYTES 32
+#define crypto_core_hsalsa20_tweet_INPUTBYTES 16
+#define crypto_core_hsalsa20_tweet_KEYBYTES 32
+#define crypto_core_hsalsa20_tweet_CONSTBYTES 16
+extern int crypto_core_hsalsa20_tweet(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+#define crypto_core_hsalsa20_tweet_VERSION "-"
+#define crypto_core_hsalsa20 crypto_core_hsalsa20_tweet
+#define crypto_core_hsalsa20_OUTPUTBYTES crypto_core_hsalsa20_tweet_OUTPUTBYTES
+#define crypto_core_hsalsa20_INPUTBYTES crypto_core_hsalsa20_tweet_INPUTBYTES
+#define crypto_core_hsalsa20_KEYBYTES crypto_core_hsalsa20_tweet_KEYBYTES
+#define crypto_core_hsalsa20_CONSTBYTES crypto_core_hsalsa20_tweet_CONSTBYTES
+#define crypto_core_hsalsa20_VERSION crypto_core_hsalsa20_tweet_VERSION
+#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/tweet"
+#define crypto_hashblocks_PRIMITIVE "sha512"
+#define crypto_hashblocks crypto_hashblocks_sha512
+#define crypto_hashblocks_STATEBYTES crypto_hashblocks_sha512_STATEBYTES
+#define crypto_hashblocks_BLOCKBYTES crypto_hashblocks_sha512_BLOCKBYTES
+#define crypto_hashblocks_IMPLEMENTATION crypto_hashblocks_sha512_IMPLEMENTATION
+#define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION
+#define crypto_hashblocks_sha512_tweet_STATEBYTES 64
+#define crypto_hashblocks_sha512_tweet_BLOCKBYTES 128
+extern int crypto_hashblocks_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hashblocks_sha512_tweet_VERSION "-"
+#define crypto_hashblocks_sha512 crypto_hashblocks_sha512_tweet
+#define crypto_hashblocks_sha512_STATEBYTES crypto_hashblocks_sha512_tweet_STATEBYTES
+#define crypto_hashblocks_sha512_BLOCKBYTES crypto_hashblocks_sha512_tweet_BLOCKBYTES
+#define crypto_hashblocks_sha512_VERSION crypto_hashblocks_sha512_tweet_VERSION
+#define crypto_hashblocks_sha512_IMPLEMENTATION "crypto_hashblocks/sha512/tweet"
+#define crypto_hashblocks_sha256_tweet_STATEBYTES 32
+#define crypto_hashblocks_sha256_tweet_BLOCKBYTES 64
+extern int crypto_hashblocks_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hashblocks_sha256_tweet_VERSION "-"
+#define crypto_hashblocks_sha256 crypto_hashblocks_sha256_tweet
+#define crypto_hashblocks_sha256_STATEBYTES crypto_hashblocks_sha256_tweet_STATEBYTES
+#define crypto_hashblocks_sha256_BLOCKBYTES crypto_hashblocks_sha256_tweet_BLOCKBYTES
+#define crypto_hashblocks_sha256_VERSION crypto_hashblocks_sha256_tweet_VERSION
+#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/tweet"
+#define crypto_hash_PRIMITIVE "sha512"
+#define crypto_hash crypto_hash_sha512
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION
+#define crypto_hash_VERSION crypto_hash_sha512_VERSION
+#define crypto_hash_sha512_tweet_BYTES 64
+extern int crypto_hash_sha512_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hash_sha512_tweet_VERSION "-"
+#define crypto_hash_sha512 crypto_hash_sha512_tweet
+#define crypto_hash_sha512_BYTES crypto_hash_sha512_tweet_BYTES
+#define crypto_hash_sha512_VERSION crypto_hash_sha512_tweet_VERSION
+#define crypto_hash_sha512_IMPLEMENTATION "crypto_hash/sha512/tweet"
+#define crypto_hash_sha256_tweet_BYTES 32
+extern int crypto_hash_sha256_tweet(unsigned char *,const unsigned char *,unsigned long long);
+#define crypto_hash_sha256_tweet_VERSION "-"
+#define crypto_hash_sha256 crypto_hash_sha256_tweet
+#define crypto_hash_sha256_BYTES crypto_hash_sha256_tweet_BYTES
+#define crypto_hash_sha256_VERSION crypto_hash_sha256_tweet_VERSION
+#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/tweet"
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+#define crypto_onetimeauth crypto_onetimeauth_poly1305
+#define crypto_onetimeauth_verify crypto_onetimeauth_poly1305_verify
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+#define crypto_onetimeauth_IMPLEMENTATION crypto_onetimeauth_poly1305_IMPLEMENTATION
+#define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION
+#define crypto_onetimeauth_poly1305_tweet_BYTES 16
+#define crypto_onetimeauth_poly1305_tweet_KEYBYTES 32
+extern int crypto_onetimeauth_poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_onetimeauth_poly1305_tweet_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+#define crypto_onetimeauth_poly1305_tweet_VERSION "-"
+#define crypto_onetimeauth_poly1305 crypto_onetimeauth_poly1305_tweet
+#define crypto_onetimeauth_poly1305_verify crypto_onetimeauth_poly1305_tweet_verify
+#define crypto_onetimeauth_poly1305_BYTES crypto_onetimeauth_poly1305_tweet_BYTES
+#define crypto_onetimeauth_poly1305_KEYBYTES crypto_onetimeauth_poly1305_tweet_KEYBYTES
+#define crypto_onetimeauth_poly1305_VERSION crypto_onetimeauth_poly1305_tweet_VERSION
+#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/tweet"
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+#define crypto_scalarmult crypto_scalarmult_curve25519
+#define crypto_scalarmult_base crypto_scalarmult_curve25519_base
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+#define crypto_scalarmult_IMPLEMENTATION crypto_scalarmult_curve25519_IMPLEMENTATION
+#define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION
+#define crypto_scalarmult_curve25519_tweet_BYTES 32
+#define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32
+extern int crypto_scalarmult_curve25519_tweet(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_scalarmult_curve25519_tweet_base(unsigned char *,const unsigned char *);
+#define crypto_scalarmult_curve25519_tweet_VERSION "-"
+#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet
+#define crypto_scalarmult_curve25519_base crypto_scalarmult_curve25519_tweet_base
+#define crypto_scalarmult_curve25519_BYTES crypto_scalarmult_curve25519_tweet_BYTES
+#define crypto_scalarmult_curve25519_SCALARBYTES crypto_scalarmult_curve25519_tweet_SCALARBYTES
+#define crypto_scalarmult_curve25519_VERSION crypto_scalarmult_curve25519_tweet_VERSION
+#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/tweet"
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+#define crypto_secretbox crypto_secretbox_xsalsa20poly1305
+#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION
+#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION
+#define crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES 24
+#define crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES 32
+#define crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES 16
+extern int crypto_secretbox_xsalsa20poly1305_tweet(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_secretbox_xsalsa20poly1305_tweet_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_secretbox_xsalsa20poly1305_tweet_VERSION "-"
+#define crypto_secretbox_xsalsa20poly1305 crypto_secretbox_xsalsa20poly1305_tweet
+#define crypto_secretbox_xsalsa20poly1305_open crypto_secretbox_xsalsa20poly1305_tweet_open
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES crypto_secretbox_xsalsa20poly1305_tweet_KEYBYTES
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES crypto_secretbox_xsalsa20poly1305_tweet_NONCEBYTES
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_ZEROBYTES
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_tweet_BOXZEROBYTES
+#define crypto_secretbox_xsalsa20poly1305_VERSION crypto_secretbox_xsalsa20poly1305_tweet_VERSION
+#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/tweet"
+#define crypto_sign_PRIMITIVE "ed25519"
+#define crypto_sign crypto_sign_ed25519
+#define crypto_sign_open crypto_sign_ed25519_open
+#define crypto_sign_keypair crypto_sign_ed25519_keypair
+#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
+#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
+#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
+#define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION
+#define crypto_sign_VERSION crypto_sign_ed25519_VERSION
+#define crypto_sign_ed25519_tweet_BYTES 64
+#define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32
+#define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64
+extern int crypto_sign_ed25519_tweet(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_ed25519_tweet_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *);
+#define crypto_sign_ed25519_tweet_VERSION "-"
+#define crypto_sign_ed25519 crypto_sign_ed25519_tweet
+#define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open
+#define crypto_sign_ed25519_keypair crypto_sign_ed25519_tweet_keypair
+#define crypto_sign_ed25519_BYTES crypto_sign_ed25519_tweet_BYTES
+#define crypto_sign_ed25519_PUBLICKEYBYTES crypto_sign_ed25519_tweet_PUBLICKEYBYTES
+#define crypto_sign_ed25519_SECRETKEYBYTES crypto_sign_ed25519_tweet_SECRETKEYBYTES
+#define crypto_sign_ed25519_VERSION crypto_sign_ed25519_tweet_VERSION
+#define crypto_sign_ed25519_IMPLEMENTATION "crypto_sign/ed25519/tweet"
+#define crypto_stream_PRIMITIVE "xsalsa20"
+#define crypto_stream crypto_stream_xsalsa20
+#define crypto_stream_xor crypto_stream_xsalsa20_xor
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+#define crypto_stream_IMPLEMENTATION crypto_stream_xsalsa20_IMPLEMENTATION
+#define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION
+#define crypto_stream_xsalsa20_tweet_KEYBYTES 32
+#define crypto_stream_xsalsa20_tweet_NONCEBYTES 24
+extern int crypto_stream_xsalsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xsalsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_stream_xsalsa20_tweet_VERSION "-"
+#define crypto_stream_xsalsa20 crypto_stream_xsalsa20_tweet
+#define crypto_stream_xsalsa20_xor crypto_stream_xsalsa20_tweet_xor
+#define crypto_stream_xsalsa20_KEYBYTES crypto_stream_xsalsa20_tweet_KEYBYTES
+#define crypto_stream_xsalsa20_NONCEBYTES crypto_stream_xsalsa20_tweet_NONCEBYTES
+#define crypto_stream_xsalsa20_VERSION crypto_stream_xsalsa20_tweet_VERSION
+#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/tweet"
+#define crypto_stream_salsa20_tweet_KEYBYTES 32
+#define crypto_stream_salsa20_tweet_NONCEBYTES 8
+extern int crypto_stream_salsa20_tweet(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_salsa20_tweet_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+#define crypto_stream_salsa20_tweet_VERSION "-"
+#define crypto_stream_salsa20 crypto_stream_salsa20_tweet
+#define crypto_stream_salsa20_xor crypto_stream_salsa20_tweet_xor
+#define crypto_stream_salsa20_KEYBYTES crypto_stream_salsa20_tweet_KEYBYTES
+#define crypto_stream_salsa20_NONCEBYTES crypto_stream_salsa20_tweet_NONCEBYTES
+#define crypto_stream_salsa20_VERSION crypto_stream_salsa20_tweet_VERSION
+#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/tweet"
+#define crypto_verify_PRIMITIVE "16"
+#define crypto_verify crypto_verify_16
+#define crypto_verify_BYTES crypto_verify_16_BYTES
+#define crypto_verify_IMPLEMENTATION crypto_verify_16_IMPLEMENTATION
+#define crypto_verify_VERSION crypto_verify_16_VERSION
+#define crypto_verify_16_tweet_BYTES 16
+extern int crypto_verify_16_tweet(const unsigned char *,const unsigned char *);
+#define crypto_verify_16_tweet_VERSION "-"
+#define crypto_verify_16 crypto_verify_16_tweet
+#define crypto_verify_16_BYTES crypto_verify_16_tweet_BYTES
+#define crypto_verify_16_VERSION crypto_verify_16_tweet_VERSION
+#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/tweet"
+#define crypto_verify_32_tweet_BYTES 32
+extern int crypto_verify_32_tweet(const unsigned char *,const unsigned char *);
+#define crypto_verify_32_tweet_VERSION "-"
+#define crypto_verify_32 crypto_verify_32_tweet
+#define crypto_verify_32_BYTES crypto_verify_32_tweet_BYTES
+#define crypto_verify_32_VERSION crypto_verify_32_tweet_VERSION
+#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/tweet"
+#endif