Argh, didn't re-read my own text..

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@9607 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/doc/Development/plugin.txt b/doc/Development/plugin.txt
index 7ab2dc0b6bd9f70dc7757c4fe9a407188bf84617..d5266cbcd962e4aebee4fc97b1d200e9132e11f7 100644 (file)
--- a/doc/Development/plugin.txt
+++ b/doc/Development/plugin.txt
@@ -1319,12 +1319,12 @@ scope automatically.  There is nothing more to do than this:
 Security considerations
 -----------------------
 
-All plugins should consider the security implications of their plugin.
-Of course, if you call external programs you have to use great care,
-but the following issues are important to nearly every plugin.
+All plugin authors should consider the security implications of their
+plugin. Of course, if you call external programs you have to use great
+care, but the following issues are important to nearly every plugin.
 
 - Escape any untrusted data before you output it. This is to prevent
-cross site scripting attachs. It means that you have to htmlspecialchar()
+cross site scripting attacks. It means that you have to htmlspecialchars()
 every variable that comes in through the URL, a mail message or other
 external factors, before outputting it.
 
@@ -1332,7 +1332,7 @@ external factors, before outputting it.
 enabled. If you just call hooks, your hooks won't be called when the
 plugin is disabled, but if you also supply extra .php files, you should
 check if they perform any function if accessed directly. If they do, you
-should check at the start of that file if the plugin is enabled in the
+should check at the start of that file whether the plugin is enabled in the
 config, and if not, exit the script. Example:
   global $plugins;
   if ( !in_array('mypluginname', $plugins) ) {