A big advantage to using the front controller in the Zend Framework is the ability to create nicely formatted urls. [...] The implementation of the default router in the Zend Framework (Zend_Controller_Router_Rewrite) does not allow for passing arrays in this manner though, since previously set keys get overwritten if they are declared more than once. This is somewhere between semi-annoying to very annoying, so lets get straight to hacking it into submission.

His patch only changes one line in the Zend_Controller_Router_Route_Module component - changing it from assigning to a conditional checking for the existence of an array and setting it appropriately.

The issue Derick pointed out:

In PHP 5.3 this would alias the class Interval in the namespace PEAR::Date to the class Interval. For now, this code would work just fine. However, if PHP would introduce a class "Interval" at some point in the future (and PHP can do this as it owns the global namespace) then the above code would suddenly stop working.

Greg's patch makes it possible to "override" the internal class if need be, making it so that code currently working wouldn't break. All it takes is to "use" is like you normally would and and the magic happens behind the scenes.

Now that I am actually using the Zend Framework on my first project, hitting bugs/limitations in Zend_Feed and therefore looking at the code, I must say I am seeing feature duplication with internal PHP features that does not quite fit in with the KISS principle.

He points out a few things that illustrate his point - the use of Zend_Http_Client instead of a strea context, passing XML contents into loadXML instead of just load. As a replacement, he's considered a Feed component from the eZ components system, but it hasn't been released (officially) yet. So, as an alternative, he's come up with a patch to fix a few things in the Zend_Feed component to make it a bit more KISS-friendly.

Suhosin is a great and simple way of increasing your security without having a large impact on overall performance. In this tutorial I will cover the installation and configuration of Suhosin on both debian etch and centos 5. I may cover mod_security in a later tutorial.

They apt-get the packages needed for the patch in examples for two different distributions - Debian (etch) and CentOS. They also show how to set up some basic configuration to get the patch installed and working with your PHP installation.

This is not much of a problem if you have only a few models but when you start to work on several dozen models in a project it becomes very tedious to open each and every model file to make changes.

The result of his frustration has come out in the form of a patch as a part of a new ticket in the CakePHP request submission process.

This weekend I wrapped up a few small tests and sent the patch in and it was subsequently pushed to php 5.3 and php 6.0. Now, this is not at all the way I wanted things to work, in all honesty I think the patch is pretty hokey but unfortunately nobody really spoke up in support of the changes I wanted to make to parent:: in regards to LSB.

His example shows how to override a static method and push that new method's execution to the parent class (in two ways - safe using forward_static_call and the not so safe calling itself with a parent:: override).

It's pretty rare that I encounter a bug in the software I run that hampers my ability to work or my server environment's ability to function normally. However, I encountered one last week that has taken me and several Rackspace support technicians nearly a week to figure out, namely PHP bug #43677.

The issue was that PHP seemed to be "forgetting" the include_path in the current script (not Apache). The bug has been found in PHP 5.2.5 (and possible in all of the 5.2.x releases as well). The problem has been fixed in the latest CVS version and a patch has been created for those that want to correct the problem right away.

I've recently been wrapped up in an effort to design and implement a RESTful API using the Atom Protocol for a project at work. We are using the Zend Framework as the underlying framework for the project, so, in order to follow the Atom Protocol, I needed to support the HTTP methods PUT and DELETE

Since the Zend Framework has been playing such a prominent role in the development, he's been digging into the Zend_Rest_Server component code and isn't too happy about its support for PUT and DELETE. As a result, he's proposed methods that might help resolve things such as isGet, isDelete, isOptions and getEntityBody. He' even created a patch to make the needed changes.

When it comes to PHP security, you often think of input filtering, SQL injection prevention, XSS in user submitted content and so on. Well, forget about that. They're all pretty trivial compared to what I feel is by far the most important security issue of any web application. Read on to find out why.

Their number one thing to do to keep safe and secure? "Keep your systems updated." They point out that security a web site is one thing but securing the system that it runs on/has been developed on is another (and improperly patched, it could cause some huge problems).

Now, the best way to keep on top of potential vulnerabilities in your underlying systems is with updates. Sometimes, however, you need to go a little further. [...] Watching the web is also a good idea; major security vulnerabilities generally make it to the front page of Digg.

When PHP is done with the temporary LOB, it needs to tell Oracle to destroy it. If this isn't done, then the temporary LOB will hang around using DB space until the connection is closed. I just merged a fix worked on by Krishna Mohan and myself for bug 43497.

Example code is included showing two instances of its use - a normal use that frees the memory correctly and the other showing how to create the temporary lob to hold the data as needed.