Archive for November, 2006
PHP Developer - November 30th, 2006
According to this advisory on the FrSIRT website, users of the P-News package have two somethings to worry about - a file upload and remote information disclosure vulnerability.
Multiple vulnerabilities have been identified in P-News, which could be exploited by remote attackers to compromise a vulnerable server or disclose sensitive information.
The file upload issue has to do with the ability to upload an Avatar to the system that doesn’t validate the file extension and the second is a design flaw for the location of the user information (a text file) inside the document root.
Unfortunately, so official patch has been supplied at this time, but a few quick edits to the code can make these issues go away.
Continue Reading ·
PHP Developer - November 30th, 2006
Frédéric G. Marand has pointed us to a great community site for those out there working with or interested in the PHP-GTK project - PHP-GTK.eu.
The site features original articles entirely devoted to that extension of PHP, and theses receives new articles on an almost daily basis: tips, code fragments, application examples…
Some of the latest articles posted include:
There’s tons of great information in all sections of the site so if PHP-GTK’s what your into, you definitely need to check out the PHP-GTK Community Site.
Continue Reading ·
PHP Developer - November 30th, 2006
According to this post on the Zend Developer Zone (and the original post by Greb Murray), the jMaki project has announced that they will support PHP as a part of their Ajax framework.
am proud to announce that jMaki now has a server runtime that fully supports jMaki for PHP 5. This is in addition to JSP, JSF, and Phobos.
The jMaki project is an Ajax framework that gives the developer some lightweight, reusable widgets either they can make or that can be inherited from something like the Dojo toolkit, Yahoo UI, Scriptaculous, and many other libraries. This new PHP integration makes it as easy as a simple PHP call to integrate it into your application.
Check out Greg’s blog entry for more details and an example of how to use this new functionality.
Continue Reading ·
PHP Developer - November 30th, 2006
In a note submitted by the folks over at PHPClasses.org, there’s details on a change in their book review section. It’s no longer just limited to the reviewers the site picks out. Instead, anyone can submit a book review to the site on their choice of PHP book.
Writing books often does not pay enough to compensate the time and skill it takes. Many authors write one book and then move on working on paid consulting as it often pays much better. But writing good books also gets authors good reputation.
The general idea of this effort is to promote more good PHP books thus encouraging more authors out there to get up and get out and write their own quality resources.
Continue Reading ·
PHP Developer - November 29th, 2006
On reading a message on the CakePHP mailing list about the web services built into the framework, Chris Hartjes decided to embark on his own look at what functionality the framework offers and how easy it is to use.
Might I add that until I tried this, I had never built a web service with CakePHP before. I found that by turning on the debug mode and actually following the instructions that were in the error messages (best undocumented feature of CakePHP if you ask me) I was able to build.
His code, while it worked, was one-upped by another’s submitted to the mailing list (Samuel DeVore) so he’s included that code in his example rather than the original. His example makes a TestController, an XmlComponent, and an XmlHelper to vary the output from a normal HTML to an XML format based on if “xml” is included in the path of the location.
Continue Reading ·