Archive for May 1st, 2007
PHP Developer - May 1st, 2007
TCExam users will definitely want to pay attention to this latest advisory posted by Secunia detailing a PHP code execution and cross-site scripting issue that’s been found:
rgod has discovered two vulnerabilities in TCExam, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system.
The two issues is related to two different inpus not being handled properly - the mishandling of the SessionUserLang cookie and the _SERVER[SCRIPT_NAME] value. Neither of these are being sanitized.
This issue effects users of the TCExam 4.x series but a new version, 4.1.000, has already been released and made available for download.
Continue Reading ·
PHP Developer - May 1st, 2007
Gregory Szorc has posted his look at the “many untapped features” that PHP has to offer that the masses can tend to overlook when developing applications, specifically when dealing with object versus procedural programming.
The more interesting topic is why these applications have not made the jump to utilize PHP 5’s features. Others have speculated, and I tend to agree, that application developers are worried that PHP 5 adoption is too low and requiring its use will turn away users. Now, considering the improvements of the PHP 5 engine, both from a performance and security standpoint, there is no reason in my mind why a sane system administrator wouldn’t be running PHP 5.2.1 (most recent at the time of this entry).
He looks at applications like WordPress, Drupal and Gallery and note how they haven’t made the move to true PHP5-style code. Adoption has a lot to do with this, but he brings up the point of the article - that developers are “ignorant” to what they’re missing.
Continue Reading ·
PHP Developer - May 1st, 2007
Terry Chay has some of his own comments surrounding the latest episode of the Pro::PHP Podcast, an interview with Ed Finkler about the state of PHP security.
Ed Finkler agrees with me. Thanks Ed. 
Listen to the podcast. It’s a realistic assessment of the state of security in PHP.
He also includes a favorite quote from the podcast (as said by Ed):
If web developer doesn’t understand common security issues they shouldn’t be considered developers…[Web applications] essentially are dealing with data that someone is inputting there. As a developer of web applications, you are essentially stewards of that data.
Continue Reading ·
PHP Developer - May 1st, 2007
As posted about on his blog today, David Coallier and others have been voted into the new PEAR group’s team:
I would like to say thanks to everyone who has voted for both the rest of the Team, and I . So the new PEAR Group team is built of the following members: Martin Jansen, Arnaud Limbourg, Joshua Eichorn, Christian Weiske, Helgi Thormar, Paul M. Jones, Justin Patrin and finally myself David Coallier.
Team, here we go, let’s get some good and solid work done! I am looking forward for such cooperation with both PEAR contributors and other frameworks out there!
He also includes a lengthy listing of some of his personal work for the upcoming months, including work on several of the PEAR pcakges - MDB2, Text_CAPTCHA_Numeral, pearweb (the PEAR website), Image_Transform, and HTML_AJAX.
Continue Reading ·
PHP Developer - May 1st, 2007
From the Venture Skills blog today, there’s a tutorial that aims to help you develop a Digg-like site without any of the messy programming that can be involved - with a little help from Drupal.
Digg is a user content driven site, users submit links to article and sites that interest them and other uses either give it the thumbs up or the thumbs down. The most popular sites get onto the front page and can have literally thousands of hits this is reffered to as the Digg effect. We are going to go step by step how you can develop such a site using Drupal CMS which is available from drupal.org if your unfamiliar with Drupal we have an overview here.
The real key to it all comes in with the plugins you install into your Drupal setup:
They walk you through the set up of Drupal first (screenshots show a Windows environment, but it can be any supported OS) before going into the admin for it and installing the plugins.
This article is just the first part in the series - check out part two and part three for the rest of the installation.
Continue Reading ·