PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information
Displaying news posts 1581 to 1600 of 6889

PHP.net: PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823)

PHP.net: PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823)
The PHP.net site as new post with some supplemental information for those users of the PHP CGI that might be effected by the recently announced bug, the reason for the most recent release. Unfortunately, this patch only fixes some of the cases of the problem, so they've amended their instructions to included a more effective mod_rewrite rule to help protect your applications. PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that...

Kore Nordmann's Blog: PHP Subconference at FrOSCon 2012

Kore Nordmann's Blog: PHP Subconference at FrOSCon 2012
Kore Nordmann has a new post to his blog today about the officially announced PHP subconference happening at this year's FrOSCon (in August near Bonn, Germany).For the seventh time we will be at the Free and Open Source Conference (FrOSCon) in St. Augustin, near Bonn. This time we will organize a full fleged PHP subconference agian. We also offer space to discuss PHP related topics, or just hack with other open minded people around you. We would love to welcome you at the PHP subconference.Speakers for...

Community News: Latest PEAR Releases for 05.07.2012

Community News: Latest PEAR Releases for 05.07.2012
Latest PEAR Releases: Auth_PrefManager 1.2.2

Will it ever Matter if PHP Sucks? - Lately in PHP podcast episode 23

Will it ever Matter if PHP Sucks? - Lately in PHP podcast episode 23
Will it ever Matter if PHP Sucks? - Lately in PHP podcast episode 23 By Manuel Lemos Once in a while we see fans of other languages writing long articles on why PHP sucks and you should not use it. But will that ever matter? That is one of the main topics discussed by Manuel Lemos and Ernani Joppert in the episode 23 of the Lately in PHP podcast, for the first time also recorded in video using Google Hangouts On Air. They also covered other polemic ideas for future PHP versions like the pure PHP...

PHP Subconference at FrOSCon 2012

PHP Subconference at FrOSCon 2012
This years FrOSCon - one of the most awesome open source software conferences - is right ahead and we are organizing a PHP ubconference gain this year. Read more for details.

PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)

PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)
PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected. One way to address these CGI issues is to reject the request if the query string contains a '-' and no '='. It can be done using Apache's mod_rewrite like...

OSInet library converted to PSR0 / PSR1

OSInet library converted to PSR0 / PSR1
Over the last few days, I finally decided to revisit the old OSInet PHP library, to dust it off somehow, and convert the class-based parts to PSR0 and the whole to what seems to be liable to become PSR1 at some point. This library contains a zoo of function helping with PHP-GTK development, and three packages with their demo application: Class Grapher Build a graph of inheritance and interface implementations on a directory (and subdirectories) of PHP code read more

PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)

PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)
PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected. One way to address these CGI issues is to reject the request if the query string contains a '-' and no '='. It can be done using Apache's mod_rewrite like this:...

Site News: Job Postings for the week of 04.29.2012

Site News: Job Postings for the week of 04.29.2012
Job postings for the past week:Job Posting: RealPage, Inc. Seeks PHP Developer (Carrolton, Tx)

New HTTP status codes

New HTTP status codes
RFC 6585 has been published quite recently. This document describes 4 new HTTP status codes. So in case you were wondering, yes.. HTTP is still evolving :), and these new statuses may be quite useful for developing your REST, or otherwise HTTP-based service. This post describes why they are important, and when you should use them.428 Precondition RequiredA precondition is something a client can send along with a HTTP request. This condition needs to be met in order for the request to complete.A good...

PHPMaster.com: REST - Can You do More than Spell It? Part 2

PHPMaster.com: REST - Can You do More than Spell It? Part 2
On PHPMaster.com today they've posted their series on "speaking REST" (part one is here), developing a PHP-based RESTful framework.In the first article of his series, David explained how REST is more than an architectural pattern. It's a set of guiding principles that, if followed, can help you write scalable and robust applications. In the following articles, David will resume the discussion by looking at REST from the client-side of the equation. In this article though I'd like to focus on the...

Fawad Hassan's Blog: Load More Using KnockoutJS, PHP/CodeIgniter (Part 1)

Fawad Hassan's Blog: Load More Using KnockoutJS, PHP/CodeIgniter (Part 1)
In this new post to his blog Fawad Hassan shows you how to combine the Knockout.js Javascript library that helps you implement a more powerful, MVVM application on top of the CodeIgniter PHP framework.Everyone has used social networking sites and almost all of them implement Load More functionality to load additional posts/messages. Load More is actually alternate way of pagination. There are two kinds of Load More functionality. First is to load additional content when the user hits the scrollbar at the...

Lorna Mitchell's Blog: Tips on Writing an API for a Smartphone App

Lorna Mitchell's Blog: Tips on Writing an API for a Smartphone App
Lorna Mitchell has a recent post to her blog with some handy tips for building an API for a smartphone app and some key points to focus on.Yesterday, I saw this tweet: "@lornajane @nabeels tips on starting to write an API to interact with Smartphone App?" I have lots of advice for Olly (whom I know personally) but there's no way it will fit into a tweet! So here it is, in rather longer form :)She touches on five different things to help you on the road to success: Be consistent Fail really really...

Larry Garfield's Blog: readfile() not considered harmful

Larry Garfield's Blog: readfile() not considered harmful
In this new post to his blog Larry Garfield tries to dispel a common misconception in the PHP development world - that the readfile function should be considered harmful and can cause memory issues in your code.If you're like me, you've probably read a dozen or two articles about PHP performance in your career. Many of them are quite good, but some are simply flat out wrong, or misinformed. One of the old truisms that has been repeated for as long as I can recall is "don't use readfile() if you have big...

PHP-Security.net: New PHP-CGI Exploit (CVE-2012-1823)

PHP-Security.net: New PHP-CGI Exploit (CVE-2012-1823)
The PHP-Security.net site has two posts related to the recently discovered bug in PHP (hence the new versions) related to the CGI handling in certain server configurations.In the first they detail more of what the bug is, how it could be exploited and link to the original advisory for the problem. Also included are more details on the issue, including sample avenues of attack.In the second post they look at the recent PHP release and note that it does not completely rid the language of the problem. They...

PHP.net: PHP 5.3.12 and PHP 5.4.2 Released!

PHP.net: PHP 5.3.12 and PHP 5.4.2 Released!
The PHP project has officially released the latest versions in both the 5.3.x and 5.4.x series in response to a bug that was found in the CGI setup of certain server+PHP configurations.There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years. Section 7 of the CGI spec states: 'Some systems support a method for supplying a [sic] array of strings to the CGI script. This is only used in the case of an `indexed'...

Site News: Popular Posts for the Week of 05.04.2012

Site News: Popular Posts for the Week of 05.04.2012
Popular posts from PHPDeveloper.org for the past week:Marcelo Gornstein's Blog: PHP Continuous integration, with Jenkins and Phing SitePoint.com: Sneak Peek at Kevin Yank's New Book 'PHP & MYSQL: Novice to Ninja' Kevin Schroeder's Blog: ZF2 Dependency Injection - Multiple Object Instances Kevin Schroeder's Blog: ZF2 Dependency Injection: Managing Configuration - Part 2 PHPMaster.com: REST - Can You do More than Spell It? Part 1 PHPMaster.com: PHP Security: Cross-Site Scripting Attacks (XSS) /Dev/Hell...

Introduction to wsunit

Introduction to wsunit
Testing interactions with data providers via Http (e.g. webservices) is an essential thing to ensure the service has not changed it's dataformat or even worse is not reachable at all. In both cases you want to be the first to now and probably be able to fix this before your customer finds out. So you write integration tests and run then as a different job in youe continous integration environment. So far so good. But then you are as lazy as I am and hate doing work more than once. This is where WSUnit...

readfile() not considered harmful

readfile() not considered harmful
If you're like me, you've probably read a dozen or two articles about PHP performance in your career. Many of them are quite good, but some are simply flat out wrong, or misinformed. One of the old truisms that has been repeated for as long as I can recall is "don't use readfile() if you have big files, because it reads the whole file into memory and your server will explode." The usual advice is to manually stream a file, like so: $fp = fopen('bigfile.tar', 'rb');while (!feof($fp)) { print fread($fp,...

Web and PHP Magazine: Issue #2 Released - "PaaS with Flying Colors"

Web and PHP Magazine: Issue #2 Released - "PaaS with Flying Colors"
The latest issue (second) of the "Web and PHP Magazine" has been released. Articles in this issue include: An interview with Colin Hayhurst, co-founder of StackBlaze, on running a PHP startup A preview of PHP Summit 2012 UK Stefan Priebsch (thePHP.cc) on how to see the bigger picture (application architecture) 'PaaS: The Cloud On-Ramp For PHP Developers' (by Lucas Carlson of AppFog) 'Cryptography In PHP' (by Enrico Zimuel of Zend) Once again, you can download this issue for free to enjoy!

Latest PHP Tweets