From 44255b8dbf5c98c8d110c2e3918298ee6978b93c Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 12 Jan 2018 12:09:52 +0100
Subject: Massive overhaul of the documentation

---
 doc/source/features.rst | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'doc/source/features.rst')

diff --git a/doc/source/features.rst b/doc/source/features.rst
index 86b81fd..24c5074 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -61,6 +61,8 @@ Examples of related vulnerabilities
 - `CVE-2016-10033 <https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html>`_: remote code execution in PHPMailer
 - `CVE-2016-9920 <https://www.ripstech.com/blog/2016/roundcube-command-execution-via-email/>`_: Unauthenticated remote code execution in Roundcube
 
+.. _cookie-encryption-feature:
+
 Session-cookie stealing via XSS
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -82,6 +84,9 @@ thus using curve25519, xsalsa20 and poly1305 for the encryption. We chose this
 library because of its portability, simplicity and reduced size (a single `.h` and
 `.c` file.).
 
+
+.. _fileupload-feature:
+
 Remote code execution via file-upload
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -114,6 +119,8 @@ Examples of related vulnerabilities
 - `EDB-19154 <https://www.rapid7.com/db/modules/exploit/multi/http/qdpm_upload_exec>`_: Authenticated remote code execution in qdPM
 
 
+.. _unserialize-feature:
+
 Unserialize-related magic
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -191,11 +198,6 @@ It's worth noting that the PHP documentation contains the following warning:
 
 This is of course addressed as well by the ``harden_rand`` feature.
 
-.. warning::
-
-  Activating this feature will raise an `Error <https://secure.php.net/manual/en/class.error.php>`_
-  exception if ``min`` is superior to ``max``, while the default dehaviour is simply to swap them.
-
 
 Examples of related vulnerabilities
 """""""""""""""""""""""""""""""""""
@@ -209,6 +211,8 @@ Examples of related vulnerabilities
 - `CVE-2008-4102 <https://sektioneins.de/en/advisories/advisory-042008-joomla-weak-random-password-reset-token-vulnerability.html>`_: Unauthenticated accounts takeover in Joomla
 - `CVE-2006-0632 <https://www.cvedetails.com/cve/CVE-2006-0632/>`_: Unauthenticated account takeover in phpBB
 
+.. _xxe-feature:
+
 XXE
 ^^^
 
@@ -239,6 +243,8 @@ Examples of related vulnerabilities
 - `CVE-2011-4107 <https://www.phpmyadmin.net/security/PMASA-2011-17/>`_: Authenticated local file disclosure in PHPMyAdmin
 
 
+.. _auto-cookie-secure-feature:
+
 Cookie stealing via HTTP MITM
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -313,6 +319,8 @@ This feature is largely inspired from the
 `autostrict <https://github.com/krakjoe/autostrict>`_ module from `krakjoe <http://krakjoe.ninja>`__.
 
 
+.. _readonly-exec-feature:
+
 Preventing execution of writable PHP files
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -337,6 +345,7 @@ it's broadly (mis)used all around the web.
 Snuffleupagus provides a white and blacklist mechanism, to explicitly allow
 and forbid specific functions call from being issued inside ``eval``.
 
+.. _samesite-feature:
 
 Protection against cross site request forgery
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-- 
cgit v1.3