From acaad73e63c9258d6e8c9f60ffd635f16d572445 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Wed, 14 Jun 2017 17:48:10 -0500
Subject: [PATCH] Fix security.html issues with HTML

---
 documentation/security.html | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/documentation/security.html b/documentation/security.html
index c9bca2b009..ee813eee5e 100755
--- a/documentation/security.html
+++ b/documentation/security.html
@@ -23,20 +23,20 @@
   <li><a href="#3.Using-safe-browsers">Using safe browsers</a></li>
   <li><a href="#4.Moving-config-file">Moving your configuration file out of the web directory</a></li>
   <li><a href="#5.Files-permissions">Restricting files permissions</a></li>
-  <li><a href="#6.HSPS">HTTP Headers Security</a></li>
+  <li><a href="#6.HSTS">HTTP Headers Security</a></li>
 </ol>
 
 <h2><a name="1.Disclosing-server-info"></a>1. Disclosing server info</h2>
 <p>
 It is considered a safer behaviour not to disclose server information from your Chamilo page. In order to avoid
     both web server and PHP information disclosure, you might want to take the following actions:
+</p>
 <ul>
 <li>Locate the <i>ServerTokens</i> setting inside your Apache configuration and set it to "Prod"</li>
 <li>Locate the <i>ServerSignature</i> setting inside your Apache configuration and set it to "Off"</li>
 <li>Locate the <i>expose_php</i> setting inside your PHP configuration and set it to "Off"</li>
 <li>Reload Apache</li>
 </ul>
-</p>
 
 <h2><a name="2.Keeping-up-to-date"></a>2. Keeping up to date</h2>
 <p>
@@ -63,32 +63,32 @@ access to your database if that one isn't well protected and many other stuff we
     move the configuration file out of your web directory. If your Chamilo installation is in /var/www/, move your
     configuration to /etc/chamilo/configuration.php, for example. Then create a new app/config/configuration.php
     file, open it, and write the following:</p>
-<p>
 <pre>
 &lt;?php
 require '/etc/chamilo/configuration.php';
 </pre>
-</p>
 <p>
 This will prevent direct access to your settings and make it seem totally the same to Chamilo.
 </p>
 
 <h2><a name="5.Files-permissions"></a>5. Restricting files permissions</h2>
-        Making all the Chamilo files world-writable will help you install quickly, and it solves many
+        <p>Making all the Chamilo files world-writable will help you install quickly, and it solves many
         issues for people without much admin experience. However, it's more
         secure to make a distinct user owner of all the chamilo files and folders,
         and only give read access to the web server to all files, and write access
-        only to the directories previously mentioned. This way, these files need
+            only to the directories previously mentioned.</p>
+    <p>This way, these files need
         only be readable and writable by the Apache process owner, not by the
         entire world. It would also be advisable to make all writable directory
         refuse the interpretation of PHP files (except for the root of the courses
-        directories). Don't hesitate to hire an experienced administrator to do that,
+        directories).</p>
+    <p>Don't hesitate to hire an experienced administrator to do that,
         it might be a bit more expensive now, but you'll be happy not to have to loose
-        all of your data to a hacker who attacked your site.</li>
+        all of your data to a hacker who attacked your site.</p>
 
 
-    <hr />
-<h2>HTTP Headers Security</h2>
+<hr />
+<h2><a name="6.HSTS">HTTP Headers Security</a></h2>
     <p>A relatively recent development in web security, HTTP headers can be modified either
     from the web server or from the application (like Chamilo) to increase the security
         of your visitors.</p>