From 19e2cfa72095253b4328a301cc1b829a5fb0f1eb Mon Sep 17 00:00:00 2001
From: Julien Voisin
Date: Fri, 17 Feb 2023 15:51:14 +0100
Subject: Improve a bit the documentation

Add another example of file-upload script.---
 doc/source/features.rst | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/source/features.rst b/doc/source/features.rst
index 60dbbef..90f8a59 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -86,8 +86,6 @@ Having a secret server-side key will prevent anyone (even the user)
 from reading the content of the cookie, reducing the impact of an application storing sensitive data client-side.
 
 
-
-
 .. _fileupload-feature:
 
 Remote code execution via file-upload
@@ -112,6 +110,13 @@ inside the script to ensure the file doesn't contain any valid PHP code, with so
 
   $ php -d vld.execute=0 -d vld.active=1 -d extension=vld.so $file
 
+One could also filter on the file extensions, with something like this:
+
+::
+
+  #!/bin/bash
+  exit $([[ $SP_FILENAME =~ *\.php* ]])
+
 
 Examples of related vulnerabilities
 """""""""""""""""""""""""""""""""""
-- 
cgit v1.3