Archive for August 19th, 2006
PHP Developer - August 19th, 2006
On Jemjabella.co.uk, there’s a quick post with a few helpful hints of spotting the insecurity inside of some scripts.
With the current surge in “hackings” (or rather: script kiddies exploiting known holes to deface websites that don’t support their view on the war) I’ve been going through a lot of scripts to find common and easy to fix vulnerabilities. With my fingers crossed, and perhaps a naive hope that people don’t release scripts with massive holes anymore, I’ve been sorely disappointed.
They list out a few different things to watch out for, including potential SQL injection points and the unchecked inclusion of files via include(). It’s some pretty basic stuff, so don’t expect much new from the post, but it’s a good reminder of some of the simple things we all, as developers, need to watch out for.
Continue Reading ·
PHP Developer - August 19th, 2006
Derick Rethans talks about something he noticed when working with backwards compatibility to PHP 5.1 for the eZ components project - the first of which is that __get doesn’t behave itself in some situations.
The first issue is an extra notice in some cases. In our (ezcMailTools) class we implement a method that allows you to “reply” to a parsed e-mail message. you can see we loop over one of the seemingly public variables of the $mail class. However, the ezcMail class does not have this as a public member variable, but instead uses overload.
This all works ‘fine’ with PHP 5.1, however with PHP 5.2 the following notice was generated for this code:
Notice: Indirect modification of overloaded property ezcMail::$to has no effect in ../Mail/src/tools.php on line 364
The reason for this is that __get() only returns variables in read mode, while foreach() wants a variable in read/write mode as it tries to modify the internal array pointer. As it can’t do this PHP 5.2 will now throw a warning on this.
The mentioned code examples are included and he includes the work-around that he found to help keep the issue from popping up again.
Continue Reading ·
PHP Developer - August 19th, 2006
In his latest blog post, Jacob Santos takes a look at a common request PHP developers hit after a while - is it possible to multitask processes/actions in php?
The ability to run two or more commands in parallel is totally sexy, but the Web is a different playing field and it doesn’t make complete sense.
PHP loses control, once the output is sent and the connection is closed. Multithreading would probably make sense in streaming, but PHP already handles that for you where it makes sense for the function. Furthermore, mulithreading has its purpose in applications that continue to run and not something that closes and cleans up everything after the last command is issued.
He continues talking more about what multitasking is, a more real life example, the goods, the bads, and some of the issues that can come along with it. Finally, he suggests a feature to be added to the core of PHP - an “internal multitasking mechanism” to help aid these kinds of processes.
Continue Reading ·
PHP Developer - August 19th, 2006
Mike Wallner has posted his own roundup of some of the happenings going on in his PHP world behind the scenes.
He talks about the work he’s been doing with PHP6 (rewriting an output control layer), with PHP 5.2 (fixes for an Apache issue and the error_get_last function), as well as with pecl/http (new documentation and new updates).
He lists out some of these updates, including improved response preformance, the addition of ArrayAccess to interfaces, and bug fixes on http_parse_cookie, http_build_url, and HttpQueryString failures.
Continue Reading ·
PHP Developer - August 19th, 2006
Stephan Schmidt has posted some great news to the PHP-Tools blog today - the O’Reilly book he’s been working on “PHP Design Patterns” has been completed and sent off to press.
The work of the last six months is finally bearing fruit and I will be able to spend my spare time on coding again instead of just writing. If you wondered, why patTemplate or any of my other open source projects did not show any progress, this announcement should answer your questions.
I put nearly all of my thoughts on software architecture, OO design and patterns into this book and thus it consists of 370 pages dealing with OO development in PHP 5.1, creational patterns, structural patterns, behavioural patterns as well as enterprise patterns and MVC architectures. Furthermore it covers SPL, Propel and patTemplate to provide some real-life examples of the patterns.
A note to all readers out there, though - the book is in German (despite the English title). If you want to check out a sample bit of code from the book or just want to get more information on it, check out it’s website.
Continue Reading ·