PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information
PhpRiot Latest Blog Posts
Displaying blog posts 161 to 180 of 199

OSInet library converted to PSR0 / PSR1

OSInet library converted to PSR0 / PSR1
Over the last few days, I finally decided to revisit the old OSInet PHP library, to dust it off somehow, and convert the class-based parts to PSR0 and the whole to what seems to be liable to become PSR1 at some point. This library contains a zoo of function helping with PHP-GTK development, and three packages with their demo application: Class Grapher Build a graph of inheritance and interface implementations on a directory (and subdirectories) of PHP code read more

PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)

PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)
PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected. One way to address these CGI issues is to reject the request if the query string contains a '-' and no '='. It can be done using Apache's mod_rewrite like this:...

Site News: Job Postings for the week of 04.29.2012

Site News: Job Postings for the week of 04.29.2012
Job postings for the past week:Job Posting: RealPage, Inc. Seeks PHP Developer (Carrolton, Tx)

New HTTP status codes

New HTTP status codes
RFC 6585 has been published quite recently. This document describes 4 new HTTP status codes. So in case you were wondering, yes.. HTTP is still evolving :), and these new statuses may be quite useful for developing your REST, or otherwise HTTP-based service. This post describes why they are important, and when you should use them.428 Precondition RequiredA precondition is something a client can send along with a HTTP request. This condition needs to be met in order for the request to complete.A good...

PHPMaster.com: REST - Can You do More than Spell It? Part 2

PHPMaster.com: REST - Can You do More than Spell It? Part 2
On PHPMaster.com today they've posted their series on "speaking REST" (part one is here), developing a PHP-based RESTful framework.In the first article of his series, David explained how REST is more than an architectural pattern. It's a set of guiding principles that, if followed, can help you write scalable and robust applications. In the following articles, David will resume the discussion by looking at REST from the client-side of the equation. In this article though I'd like to focus on the...

Fawad Hassan's Blog: Load More Using KnockoutJS, PHP/CodeIgniter (Part 1)

Fawad Hassan's Blog: Load More Using KnockoutJS, PHP/CodeIgniter (Part 1)
In this new post to his blog Fawad Hassan shows you how to combine the Knockout.js Javascript library that helps you implement a more powerful, MVVM application on top of the CodeIgniter PHP framework.Everyone has used social networking sites and almost all of them implement Load More functionality to load additional posts/messages. Load More is actually alternate way of pagination. There are two kinds of Load More functionality. First is to load additional content when the user hits the scrollbar at the...

Lorna Mitchell's Blog: Tips on Writing an API for a Smartphone App

Lorna Mitchell's Blog: Tips on Writing an API for a Smartphone App
Lorna Mitchell has a recent post to her blog with some handy tips for building an API for a smartphone app and some key points to focus on.Yesterday, I saw this tweet: "@lornajane @nabeels tips on starting to write an API to interact with Smartphone App?" I have lots of advice for Olly (whom I know personally) but there's no way it will fit into a tweet! So here it is, in rather longer form :)She touches on five different things to help you on the road to success: Be consistent Fail really really...

Larry Garfield's Blog: readfile() not considered harmful

Larry Garfield's Blog: readfile() not considered harmful
In this new post to his blog Larry Garfield tries to dispel a common misconception in the PHP development world - that the readfile function should be considered harmful and can cause memory issues in your code.If you're like me, you've probably read a dozen or two articles about PHP performance in your career. Many of them are quite good, but some are simply flat out wrong, or misinformed. One of the old truisms that has been repeated for as long as I can recall is "don't use readfile() if you have big...

PHP-Security.net: New PHP-CGI Exploit (CVE-2012-1823)

PHP-Security.net: New PHP-CGI Exploit (CVE-2012-1823)
The PHP-Security.net site has two posts related to the recently discovered bug in PHP (hence the new versions) related to the CGI handling in certain server configurations.In the first they detail more of what the bug is, how it could be exploited and link to the original advisory for the problem. Also included are more details on the issue, including sample avenues of attack.In the second post they look at the recent PHP release and note that it does not completely rid the language of the problem. They...

PHP.net: PHP 5.3.12 and PHP 5.4.2 Released!

PHP.net: PHP 5.3.12 and PHP 5.4.2 Released!
The PHP project has officially released the latest versions in both the 5.3.x and 5.4.x series in response to a bug that was found in the CGI setup of certain server+PHP configurations.There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years. Section 7 of the CGI spec states: 'Some systems support a method for supplying a [sic] array of strings to the CGI script. This is only used in the case of an `indexed'...

Site News: Popular Posts for the Week of 05.04.2012

Site News: Popular Posts for the Week of 05.04.2012
Popular posts from PHPDeveloper.org for the past week:Marcelo Gornstein's Blog: PHP Continuous integration, with Jenkins and Phing SitePoint.com: Sneak Peek at Kevin Yank's New Book 'PHP & MYSQL: Novice to Ninja' Kevin Schroeder's Blog: ZF2 Dependency Injection - Multiple Object Instances Kevin Schroeder's Blog: ZF2 Dependency Injection: Managing Configuration - Part 2 PHPMaster.com: REST - Can You do More than Spell It? Part 1 PHPMaster.com: PHP Security: Cross-Site Scripting Attacks (XSS) /Dev/Hell...

Introduction to wsunit

Introduction to wsunit
Testing interactions with data providers via Http (e.g. webservices) is an essential thing to ensure the service has not changed it's dataformat or even worse is not reachable at all. In both cases you want to be the first to now and probably be able to fix this before your customer finds out. So you write integration tests and run then as a different job in youe continous integration environment. So far so good. But then you are as lazy as I am and hate doing work more than once. This is where WSUnit...

readfile() not considered harmful

readfile() not considered harmful
If you're like me, you've probably read a dozen or two articles about PHP performance in your career. Many of them are quite good, but some are simply flat out wrong, or misinformed. One of the old truisms that has been repeated for as long as I can recall is "don't use readfile() if you have big files, because it reads the whole file into memory and your server will explode." The usual advice is to manually stream a file, like so: $fp = fopen('bigfile.tar', 'rb');while (!feof($fp)) { print fread($fp,...

Web and PHP Magazine: Issue #2 Released - "PaaS with Flying Colors"

Web and PHP Magazine: Issue #2 Released - "PaaS with Flying Colors"
The latest issue (second) of the "Web and PHP Magazine" has been released. Articles in this issue include: An interview with Colin Hayhurst, co-founder of StackBlaze, on running a PHP startup A preview of PHP Summit 2012 UK Stefan Priebsch (thePHP.cc) on how to see the bigger picture (application architecture) 'PaaS: The Cloud On-Ramp For PHP Developers' (by Lucas Carlson of AppFog) 'Cryptography In PHP' (by Enrico Zimuel of Zend) Once again, you can download this issue for free to enjoy!

PHP-Security.net: Suhosin 0.9.34-DEV Installation HowTo

PHP-Security.net: Suhosin 0.9.34-DEV Installation HowTo
On the PHP-Security.net blog today there's a new post showing how to get the latest version of the Suhosin security patch for PHP installed.With the recently released PHP 5.4, the Suhosin patch and extension were removed from many Linux distribution packages (i.e., Debian et al.) and until three weeks ago, there was no possibility to compile and run the Suhosin extension under PHP 5.4. This little howto shall serve as installation instruction for Debian Wheezy users - your mileage may vary. I blogged...

PHP 5.3.12 and PHP 5.4.2 Released!

PHP 5.3.12 and PHP 5.4.2 Released!
There is a vulnerability in certain CGI-based setups that has gone unnoticed for at least 8 years. Section 7 of the CGI spec states: Some systems support a method for supplying a array of strings to the CGI script. This is only used in the case of an `indexed' query. This is identified by a "GET" or "HEAD" HTTP request with a URL search string not containing any unencoded "=" characters. So requests that do not have a "=" in the query string are treated differently from those who do in some CGI...

Attack against PHP-CGI - DoS, Code disclosure and more...

Attack against PHP-CGI - DoS, Code disclosure and more...
There is a new PHP bug that just became public today (leaked accidentially, it seems...). A flaw in the PHP CGI's input sanitation process allows attackers to set command-line options via the query string.This behavior seems to be an oversight / misplaced design decision from 2004 and is only exploitable in specific web servers. Apache is one of them... This opens interesting opportunities. I have blogged about those here: New Exploit @ php-security.net By the way, Suhosin partially mitigates one of the...

Software Development Video & Tutorials: PHP and Couchbase

Software Development Video & Tutorials: PHP and Couchbase
On the Software Development Video & Tutorial site they've shared a video that introduces the PHP to Couchbase connection from Jan Lenhardt.Couchbase Server is a fully memcached API compatible database that solves performance, scaling and querying needs. It relies on proven technologies like memcached and Apache CouchDB along with a chunk of open source components that make the whole thing work. Couchbase developed a PHP extension to work with Couchbase Server. This video discusses the architecture of the...

PHPMaster.com: An Introduction to Redis in PHP using Predis

PHPMaster.com: An Introduction to Redis in PHP using Predis
On PHPMaster.com today there's a new tutorial by Daniel Gafitescu showing you how to work with Redis (a key-value store) via PHP with the help of the Predis library.There is a lot of argument whether Redis or Memcache is better, though as the benchmarks show they perform pretty much on par with each other for basic operations. Redis has more features than Memcache has, such as in-memory and disk persistence, atomic commands and transactions, and not logging every change to disk but rather server-side...

Making the Web Faster with HTTP 2 Protocol

Making the Web Faster with HTTP 2 Protocol
Making the Web Faster with HTTP 2 Protocol By Manuel Lemos The HTTP protocol version 2.0 is in the process of being defined. There was a call for proposals and several researchers submitted specifications and ideas that can make the Web faster and better in several other aspects. Read this article to learn about the details of these proposals and what Web developers can expect to prepare to take advantage of the planned improvements of the HTTP 2.0 protocol.