Archive for September, 2006
PHP Developer - September 29th, 2006
The Hardened-PHP Project has released a new vulnerability for the PHProjekt groupware software.
While searching for applications that are vulnerable to a new class of vulnerabilities inside PHP applications we took a quick look into the current PHProjekt source code and discovered that a (remote) include vulnerability had been (re)introduced.
By overwriting a variable with user input it is possible to inject and execute arbitrary PHP code. Overwriting this variable is possible regardless of the register_globals setting.
They give a few more details further down the posting and note that users should download and install the latest version (at the time of this post, 5.1.2).
Continue Reading ·
PHP Developer - September 29th, 2006
The Zend Developer Zone has posted a new book review of one of SitePoint’s web development related titles - “Building Your Own AJAX Web Applications”.
I’m way behind on my book reviews. I’ve got a stack that’s still knee-high and I know that there are more on the way. So let’s pop one off the stack and take a peek into it shall we? This time it’s “Building Your Own AJAX Web Applications” by Matthew Eernisse and published by SitePoint.
He details the contents, including the Preface. The book gives:
- an overview of Ajax
- an inside look at the XMLHttpRequest object
- the asynchronous nature of it
- making POST requests
- making applications compatible with screen readers
- and a deeper look at what Ajax is and does
Of course, Cal explains them all in the post, giving a more complete look at each of the topics.
Continue Reading ·
PHP Developer - September 29th, 2006
In his latest blog entry on the ThinkingPHP Blog, Felix Geisendörfer continues on with the series started here and shows that there’s more to learn from the CakePHP source code.
In the previous post I was showing how to use the Dispatcher::dispatch() function. Now what’s more interesting, is what it actually does and in what order.
He lists out the order of the process the Dispatcher follows:
- Build the $params array
- Find the base url
- Load/Include the requested Controller
- Possible Plugin Logic
- Executing the Admin Route
- Render a possible missingController error
- Action exists? Action private?
- Set Controller variables
- Load Components & Models
- Render possible missingAction/privateActione errors
- Invoke the controller
It seems like a long way to go to just get the request to the right Controller, but it all happens in the blink of an eye when the page request is made.
If you’ve enjoyed the look at the Dispatcher, let Felix know - especially if you’d like to see other parts covered.
Continue Reading ·
PHP Developer - September 29th, 2006
Ben Ramsey has posted “live” from the PHP Appalachia (un)conference on his blog today, and talks about the “community of diverse backgrounds” that’s come up there at the conference.
To me, it’s always very interesting to hear to the pre-PHP stories of other PHP programmers-the days before they programmed in PHP, what they did and how they came to call themselves PHP programmers. The stories vary greatly from programmer to programmer, and almost none begin with: “I was working toward a degree in computer science ….”
In fact, the more people I talk with, the more I’m convinced that the typical PHP programmer, in fact, sort of got to where they are by an odd arrangement of life circumstances we call coincidences. Almost none elected to be where they are, but nearly all enjoy the work they do, many to a great degree of passion.
He talks about the conversation serveral attendees had, mentioning some of their backgrounds (anything from marine biology to organizational behavior).
Continue Reading ·
PHP Developer - September 29th, 2006
Chris Hartjes has posted an update on the Zend_Service_Audioscrobbler package for the Zend Framework, including writing the unit tests to ensure it’s complete functionality.
In my spare time I’ve been banging away at writing the required unit tests for the Zend_Service_Audioscrobbler component that Derek and I had started. I finished all the unit tests for the user based functions, which is a nice milestone. Then I decided to go back and actually read the comments made from the proposal. Oops. I discovered there were a bunch of changes that the folks at Zend said needed to be made in order to accept them. I agree with most of them.
He also lists some of these comments/changes/suggestions for the package that were given to help it fit in better with the rest of the framework.
Continue Reading ·