89 items tagged “php”
2008
csrf_protect.php. A PHP class for applying CSRF protection to existing PHP applications, using output buffering to rewrite any POST forms on a page. Heavily inspired by Django’s CSRF middleware. Tell me if you spot any bugs!
End of Life for PHP 4. Apparently 8/8/8 marks the end of the line for PHP 4—no new releases, no support, not even security patches.
Facelift Image Replacement. Like sIFR but with JavaScript and a PHP text rendering component. I question the need for the JavaScript if you’re already generating the images on the server, but the actual generation script is nicely done—it makes smart use of ImageMagick and caches the generated images.
php: rfc: closures (via) I never thought I’d see the day, but a patch adding closures to PHP has been both proposed and accepted! Looks like a solid implementation—the syntax is similar to JavaScript but makes explicit which variables are to be captured. As with much of PHP, values are copied in to the closure by default but you can use an ampersand to specify JavaScript-style pass-by-reference instead.
Spicing Up Embedded JavaScript. John Resig collects the various ways in which a JavaScript interpreter can be hosted by Python, PHP, Perl, Ruby and Java. There are full JS implementations in PHP, Perl and Java; Ruby and Python both have modules that use an embedded SpiderMonkey.
Facebook Open Platform. Facebook have open-sourced (under a modified MPL, does it still fit the OSI definition?) the code for the Facebook Platform, including their implementations of FBML, FQL and FBJS. This is no small release; the tarball weighs in at 40MB and includes libfbml, which depends on Firefox 2.0.0.4 for its HTML parser!
On-board vs. Off-board Comet. Useful distinction. On-board comet runs on the same server as the rest of your application; Off-board comet is served from a separate server (generally a subdomain) and a separate stack. If you want to stick with PHP, Rails or Django for the rest of your site off-board comet looks like the way to go.
Windows Live ID Delegated Authentication. Would make life a lot simpler if they just supported OAuth, but at least they include sample code in Python, Ruby and PHP.
Symfonians (via) Similar concept to Django People but for Symfony developers—coincidentally launched within the past week as well.
2007
Hacky holidays on OS X. Jeremy Keith documents how to get PHP 5 and Apache 2 virtual hosts running on Leopard.
The backdooring of SquirrelMail. A SquirrelMail developer’s account was compromised and used to insert a backdoor: the other developers initially missed the hole because it used $_SERVER[’HTTP_BASE_PATH’], which can be set with a Base-Path: HTTP header.
The Web Application Scale of Stupidity goes from OGF (One Giant Function) to OOP (Object Oriented Programming), like this: OGF ——– sanity ——— OOP
— Cal Henderson, paraphrased
Cruciforum (via) Stuart’s new PHP forum—single script, stores threads as static HTML on the filesystem (no database), installation is a one-step process.
Getting from point A to B (the right way)
If your laptop is relatively recent it might have hardware support for virtualization (Intel Core Duo chips do, for example). If so, it’s worth looking in to using VMWare or Parallels to run a virtual linux server locally on your machine. You’ll need a fair amount of RAM for this as well—2 GB minimum probably.
[... 194 words]Becoming PHP 6 Compatible. According to this article, I’ve been writing PHP 6 compatible code since about 2002.
7 reasons I switched back to PHP after 2 years on Rails. After two years working on a Rails rewrite of CD Baby, Derek Sivers scrapped it and instead rewrote the PHP version using Rails-inspired design principles. Derek would still use Rails for a greenfield project though.
J4P5: Javascript For PHP 5 (via) “J4P5 is a JavaScript interpreter written in PHP 5, that allows to run untrusted scripts in a sandbox on your server. It aims to implement most of Ecma-262 3rd edition.”
GoPHP5.org. A campaign to encourage a mass switchover from PHP 4 to PHP 5 on February 8th 2008, by co-ordinating both hosting companies and PHP projects.
Index of /drupal/modules/openid. Drupal’s OpenID implementation in CVS.
Drupal 6 and OpenID. “The implementation is all Drupal native code—no third party libraries were used.”
Python 3000 Status Update. Doesn’t look like we’ll get multiline lambdas, but the other stuff looks great. I’m not looking forward to years of Python 2 and Python 3 co-existing and splitting the community though (ala PHP 4 and 5).
Unsettling. Sounds like there might be a massive scripted hack going on against out of date WordPress installs on Dreamhost. Check your site. See also discussion in the comments attached to this post.
A brief unofficial history about register_globals in PHP. It’s been more than five years since register_globals was disabled by default in PHP 4.2.0.
phpbb-openid first beta. A fully functional OpenID consumer for phpBB 2.0, implemented as a set of patches.
Quercus: PHP in Java (via) A “fast, open-source, 100% Java implementation of the PHP language”, built to run on top of Resin. Claims to be compatibly with MediaWiki, Drupal, Wordpress, Gallery2 and DocuWiki.
phpsh. An interactive shell for PHP, developed at Facebook and written mostly in Python. Facebook are really pushing their open-source stuff at the moment.
ANN: PHP OpenID 1.2.2 released. Includes a fix to a bug that was causing some consumers to be incompatible with the WordPress.com OpenID provider. If you’re using this in a PHP OpenID consumer you should upgrade now.
OmniTI_OpenID. OmniTI’s PHP OpenID 1.1 consumer library. Much less full featured than the JanRain library, but it’s good to have more than one.
PHP 4 phpinfo() XSS Vulnerability. Another reason not to run an open phpinfo() page on your server.
PHP and “OpenID authentication failed: Bad signature”. If you’re seeing a “Bad signature” error in your PHP OpenID application it could be down to a miscompiled GMP library.