|
The Zend Developer Zone has starting up their own contribution to the security side of the PHP community a Security Tip of the Week starting with the first three new ones posted just recently:
Tip number one involves a good recommendation keeping your PHP version up to date. Many security issues and exploits have come around because of older versions and the issues they hold.
Tip number two focuses on the errors that your site gives to the viewing public and the information they can betray (file locations, etc)
Tip number three talks about using other applications to help you find issues in your code that you might not even know were there such as Chorizo and the PHPSecInfo reporting tool.
Stay tuned for even more security goodness from Cal and the Zend Developer Zone over the coming weeks...
|
|
|
The latest version of the popular (and simple) PHP security audit tool, PHPSecInfo, has been released version 0.2.
The major changes in this version [zip] include:
More info links to give you details on the specified issue
CSS/layout changes to make understanding the results simpler
a new test PhpSecInfo_Test_Session_Save_Path
and more...
Check out the Changelog for complete information on the update or just head over and download it now.
|
|
|
Stefan Esser has released the latest version of his Suhosin security patch for PHP:
Yesterday I released Suhosin 0.9.17 in response to a bug report by Ilia Alshanetsky and some crash problems with PHP 4 that were reported during the last weeks.
The issue dealt with a method to bypass the hard_memory_limit of Suhosin due to a bug in PHP that could result in memory consumption up into the gigabyte range for a single script. The patch takes care of the issue by not allowing negative memory_limit settings, preventing the problem from happening.
|
|
|
DevShed concludes their look at the Flyweight pattern with this new tutorial the second part focusing on building an actual application with the pattern implemented.
In this final part of the series, I'm going to teach you in a stepbystep format how to create in PHP 5 a flyweight class to balance the instantiation of objects that will be used to generate web documents on the fly. Hopefully, by the end of this article, you should have acquired a considerable background in how to apply the flyweight pattern in a realworld situation.
They create a simple application that generates dynamic HTML elements DIV tags with a simple interface to define things like content, name, and ID. Their Flyweight factory class creates and manages the number of DIVs that are created, blocking requests for any more. Finally, they apply it, showing the creation of a simple web page with multiple DIVs in it.
|
|
|
As mentioned by the Zend Developer Zone, the Royal Pingdom website has recently posted their look at what the most popular websites on the internet are running. There aren't many surprises in the list, but we'll save those for later. First, a quote:
TechCrunch, FeedBurner, iStockPhoto, YouSendIt, Meebo, Vimeo and Alexaholic. These are some of the most popular websites on the Internet. You have heard about them, you have read about them and you have most likely used or visited at least one of them. But how often have you read about what these websites are actually running on? This article dives into the facts and figures about the underlying hardware and software that keep these sites running smoothly in spite of their massive popularity.
As mentioned, there's no real surprises in the list Linux still tops out on the server popularity, Apache and MySQL dominate their fields and, according to the numbers, PHP is still on top in the web world. Of course, there are some that these software just won't meet the needs of, so he mentions those too Meebo with Lighttpd, Alexaholic with IIS and SQL Server, and TechCrunch/FeedBurner with Java and Tomcat.
Check out this PDF report for the full results of their survey.
|
|
|
As mentioned by the Zend Developer Zone, the Royal Pingdom website has recently posted their look at what the most popular websites on the internet are running. There aren't many surprises in the list, but we'll save those for later. First, a quote:
TechCrunch, FeedBurner, iStockPhoto, YouSendIt, Meebo, Vimeo and Alexaholic. These are some of the most popular websites on the Internet. You have heard about them, you have read about them and you have most likely used or visited at least one of them. But how often have you read about what these websites are actually running on? This article dives into the facts and figures about the underlying hardware and software that keep these sites running smoothly in spite of their massive popularity.
As mentioned, there's no real surprises in the list Linux still tops out on the server popularity, Apache and MySQL dominate their fields and, according to the numbers, PHP is still on top in the web world. Of course, there are some that these software just won't meet the needs of, so he mentions those too Meebo with Lighttpd, Alexaholic with IIS and SQL Server, and TechCrunch/FeedBurner with Java and Tomcat.
Check out this PDF report for the full results of their survey.
|
|
|
The PHPGTK Community website has three new posts today on a range of topics from books to class browsers to writing CDS:
First off, there's a pointer to the phpISO application that acts as a frontend on linux systems to grab the data off of a CD and make an image of it as easy as one click.
Next up is a book release announcement about a PHPGTK book that's been updated with a second edition (from its previous 2004 release) Criando Aplicaandccedil;andotilde;es Grandaacute;ficas com PHP. It available directly from the publisher
Finally, there's this simple application that only has one goal in life to help you help your code by acting as an inspector for your PHP classes. Check it out on its homepage.
|
|
|
Those that didn't get a chance to go to this year's UK PHP Conference but wanted to should definitely check out this great post by Caroline Maynard about all the goings on there.
Last week I attended the second UK PHP Conference in London. The organisers had clearly listened to the comments after the first conference, and this year's event was even better. It's the only event of its kind in the UK, and deservedly popular, with a large lecture theatre completely packed.
She talks about some of the talks that were given (including one from Cal Evans of the Zend Developer Zone and Rasmus Lerdorf giving a talk on Fast and Rich Web Applications with PHP 5). Check out the full post for the full story on the rest of the event.
|
|
|
Stefan Esser takes a look back at the first week (or so) of the Month of PHP Bugs he's doing for the month of March:
We are on day 5 of the Month of PHP Bugs, meanwhile details for 11 Vulnerabilities were disclosed, including 2 Bonus vulnerabilities covering local root vulnerabilities in the Zend Platform.
He mentions that, on the whole, the reaction has been positive, with those few out there that have their own thoughts on the bugs (such as one issues causing two bugs or that other bugs aren't viable because they're not included in a released version of PHP).
|
|
|
In a new post to the JSLabs blog today, Justin Silverton mentions a FTP server that's been created entirely in PHP nanoFTP.
nanoFTPd is an ftp daemon written in php. as of version 4.2.0, php supports the commandline interface (stable since 4.3.0), which nanoFTPd relies on. nanoFTPd is modular, so it?s easy to add custom modules and other stuff, like different database interfaces (currently supports mysql and postgresql).
Features of the app include user authentication via a database or text file, dynamic IP support, and most of the usual FTP goodies you're used to in a server. You'll need at least PHP 4.2.0 to get it up and running, but configuration is simple and installations it just as easy. You can grab the software from their website.
|
|
|
Richard Thomas has decided to change the name of his project from the generic Pjq to something a bit more distinctive jQPie.
I have expanded on this further, found a tastier name and now have a project page up http://projects.cyberlot.net/trac/jqpie/wiki. Added an cheesy jQuery/Interface autocomplete example although I would of preferred a json approach to the xml but it works never the less.
The jQPie project provides a way to link Javascript and PHP easily through the jQuery library with simple requests to use things JSON statements and direct output in your Javascript application.
|
|
|
Latest PEAR Releases:Services_Technorati 0.7.0alphaImage_Barcode 1.1.0Text_Wiki_Creole 0.5.0XML_RPC2 1.0.1pearweb 1.9.0 |
|
|
From the DevChix website, there's this new post that helps introduce developers (both in PHP and Rails environments) to hos to use the Yahoo! UI connection manager in their applications.
This post is geared towards folks who haven't done the A part of AJAX before (And I mean the first A, as in Asychronous); are new to Yahoo's implementation of the XMLHttpRequest object (The Yahoo! Connection Manager) and would like added information on how that works; or both.
Sarah starts off slow with an example of making a connection to a backend PHP script as called by a HTML form. The simple example is fleshed out with a database backend (via PEAR::DB) and the Javascript to handle the response and the errors that might arise. Finally, a request can be made and the result evaled to give the client a nice, simple Javascript object to work with.
|
|
|
From the DevChix website, there's this new post that helps introduce developers (both in PHP and Rails environments) to hos to use the Yahoo! UI connection manager in their applications.
This post is geared towards folks who haven't done the A part of AJAX before (And I mean the first A, as in Asychronous); are new to Yahoo's implementation of the XMLHttpRequest object (The Yahoo! Connection Manager) and would like added information on how that works; or both.
Sarah starts off slow with an example of making a connection to a backend PHP script as called by a HTML form. The simple example is fleshed out with a database backend (via PEAR::DB) and the Javascript to handle the response and the errors that might arise. Finally, a request can be made and the result evaled to give the client a nice, simple Javascript object to work with.
|
|
|
Stuart Herbert has posted about an opening with the company he works for in the UK that's looking for developers/managers/etc to help fill out their new expansion:
We're expanding the team in our Cardiff citycentre office (right in the heart of Europe's youngest capital city). We're looking for exceptional people with a proven track record in designing, delivering, and managing webbased solutions to large organisations. If you're a project manager, software developer, web site designer with XSL experience, or a systems administrator, maybe we have the right opportunity for your next role.
You can get all of the details about the company from from their website.
|
|
|
Even though it's technically March, we still wanted to announce that the latest issue of the International PHP Magazine (the February 2007 edition) has been published.
Volume 14 of the International PHP Magazine is now available on virtual newsstands. Spam prevention, Web 2.0 security challenges, refactoring, PHP functions, Rich Internet Application (RIA) implementation, and open source licensing are the topics covered by experts in Issue 02.07 of PHP Magazine.
The cover story for this issue is from Steph Fox concerning methods that developers can use for preventing spam on their site. You can get full details on the rest of the issue from its announcement on their site.
|
|
|
As mentioned in this new post to the Zend Developer Zone, the Zend Framework has been set up on an unofficial PEAR channel you can install the popular framework from.
The author, Geoffrey, with some help from Arnaud Limbourg, has created a PEAR channel to use in installing Zend Framework. As with any PEAR channel, the first thing you have to do is tell PEAR to go discover the channel.
Cal gives the simple commands to get the process underway, showing both how to discover and install the framework from this new resource.
|
|
|
Those attending this year's International PHP Conference will be happy to know that Sebastian Bergmann will be there and will be presenting two talks:
I will present two sessions, Testen von PHPAnwendungen mit PHPUnit 3 and GraphOriented Programming with PHP, at this year's Spring Edition of the International PHP Conference that takes place in Ludwigsburg, Germany (near Stuttgart) from May 21 to May 23 2007.
Check out the conference website for more of the great speakers that will be presenting at this three day conference, including Tobias Schlitt, Ben Ramsey, Glen Campbell (Yahoo! Inc), and Dustin Whittle (Symfony Project).
|
|
|
Paul Jones has released two new concurrent versions of the Solar framework today:
Yesterday, I released Solar 0.27.0, then quickfixed two minor bugs and released 0.27.1 an hour later. It feels so good to be back doing releases on a monthly basis.
Some of the updates/changes in these new releases include:
The use of spl_autolaod to load classes
Locale functions have a new home
a superfast JSON encoder/decoder
a modification to the SQL adapter for PDO
A new bit of functionality in Solar_Url that can find the .ext filename extension in a URL automagically
You can download this latest update(s) from the framework's main website.
|
|
|
The PHP group has released the latest version of the PHP 4.4.x series today PHP 4.4.6:
The PHP development team would like to announce the immediate availability of PHP 4.4.6. The main issue that this release addresses is a crash problem that was introduced in PHP 4.4.5. The problem occurs when session variables are used while register_globals is enabled. Details about the PHP 4.4.6 release can be found in the release announcement for 4.4.6, the full list of changes is available in the ChangeLog for PHP 4.
Head on over to your local downloads page to get this new release in either:
tar.bz2 format
tar.gz format
Windows binaries
|
|
|
)