On DZone.com Giorgio Sironi has written up a post about some testing he's done with the ""PHP Refactoring Browser" (more on that here) on some basic code examples.

IDE proponents love, in fact, an Integrated Development Environment that provides all the functionalities you need while writing and editing code; the followers of the Unix way typically write code in Vim while augmenting it via plugins where feasible and leveraging external tools that do one thing, and do it well. [...] Automated refactorings in PHP were out of the league of Vim and Unix users; thanks to Qafoo, however, a new open source tool is able to edit code with predefined refactoring recipes: PHP Refactoring Browser.

He goes through some of the basic features and functionality of the browser, setting expectations a bit. He shows how to get it installed (via Composer) and the results of some of his testing. Rather than including them all in the post, he opted to make actual commits on github of the changes.

On the QaFoo blog today the company is introducing a new tool to help PHP developers write better, more optimized code - the PHP Refactoring Browser (written in PHP too).

Without continuous refactoring, code maintainability and extensibility will start to decrease fast, even if it has tests. Until now, only IDEs contained functionality to perform automated refactorings. And then even only PHPStorm contains the most important refactorings such as "extract method". Today we release the PHP Refactoring Browser, a refactoring tool written completely in PHP. It is based on several outstanding open-source libraries.

The browser currently supports multiple refactoring methods including the extract method, renaming of local variables and converting a local variable to an instance. They include some example code and the result from the execution of the tool. The output shows where refactoring would work best with some color coding and formatting.

You can find more about this new tool over on its github repository.

Gareth Heyes has posted about some bypasses that he's found for getting around the XSS Auditor functionality in some browsers:

I had a look at XSS Auditor for a bit of fun because Mario said it's getting harder to bypass. Hmmm I don't agree. I seem to remember the same flaws are present from the last time I checked it with a little variation. It is also a very limited XSS filter not supporting detection of script based attacks (very common).

He includes three of his own bypasses - using a "formaction" on the submit input in a form, using "target" to override the iframe external resource restriction and the injection of a specially placed anchor tag. Each of these comes with a proof-of-concept example and another is also included courtesy of Mario Heiderich.

On the QaFoo site they've shared a tool they use for doing code reviews in a new post to their blog. The tool, just called review, lets you run several different metrics on the code including the PHP "mess detector", PDepend and PHPCPD (copy & paste detector).

We, at Qafoo, do Code Reviews quite often together with our customers. This often focusses on dicussing metrics, browsing the associated code and discussing solutions for the issues found. We started using a bunch of shell scripts for that, like everyone else, but at some point we came up with a webinterface to do this in a more comfortable way. Now we want to share this tool with you.

Included in the post are several screenshots showing the results of the different types of evaluations - the ones mentioned above as well as things like "methods per class", cyclomatic complexity and NPath complexity. There's also a source code browser and a visual class structure generation tool (UML). It's under a AGPLv3 license and can be found on their site.

NetTuts.com has continued their look at testing in PHP applications with this new screencast showing how to combine one of the most popular PHP unit testing tools, PHPUnit, with the Selenium frontend testing tool for automated application testing.

In this lesson, we will learn how to work with Selenium 2 directly within PHPUnit. For those unfamiliar, Selenium gives us an easy way to automate the browser. This makes it perfect for writing user acceptances tests.

You can download the source for the files and tests that they use in the demo. You can find links to the other articles in their testing series here (covering things like TDD, basic PHPUnit testing and definitions of some of the most common testing terms).

Henry Hayes has a recent post to his blog looking at a the change for the user agent support for the browser detection functionality in the Zend Framework.

Recently it has come to light that Zend Framework are dropping support for the WurflApi Features Adapter in the Zend_Http_UserAgent component. This is due to licensing issues. As of version 1.12 Zend_Http_UserAgent_Mobile constant DEFAULT_FEATURES_ADAPTER_CLASSNAME now specifies that Zend_Http_UserAgent_Features_Adapter_Browscap is now the default mobile adapter.

He shows you how to get the browscap support set up and configured for your PHP installation and what needs to be done to a pre-1.12 ZF release application (using this library) and in a post-1.12 application (almost nothing).

In a new post to his blog, Oliver John Tibi has the first part of a series looking at mobile-izing your CakePHP application, making it mobile friendly when a mobile browser is detected.

I'll be writing a short series of posts on how to create a mobile version of your CakePHP app. I've always been bragging to my peers how awesome CakePHP is, and so now I'm writing a short tutorial on how to create a mobile-friendly version of a CakePHP app. I promise to make this as easy as possible.

In this first part of the series he helps you do two things - set up some custom routes for the mobile version of the site ("/m") and add in browser detection using the RequestHandler's "isMobile()" method.

On PHPClasses.org today they've released their latest episode of their "Lately In PHP" podcast - episode #17. In this new episode Manuel and Ernani talk about PHP-GTK in a web browser and the proposed PHP 5.4 release date.

PHP 5.4 beta 2 was just released, so the final version of 5.4.0 is coming soon. Many PHP Developers want to know when it will be the final PHP 5.4 release date. Manuel Lemos and Ernani Joppert talk about this and other interesting PHP related topics in episode 17 of the Lately in PHP podcast.

You can listen to this latest episode either through the in-page player, by downloading the full mp3 or by subscribing to their feed to get this and past episodes (including ones about MODX and PHPFog).

In a recent post to his blog Anson Cheung guides you through another tool that can help you optimize your web applications - using YSlow for the frontend to detect trouble spots early (whether they're actually caused by the frontend or not).

He goes through the thirteen rules to help improve your website's performance including:

• Make fewer HTTP requests
• Gzip components
• Make JS and CSS external
• Remove duplicate scripts
• Configure ETags

For more information about the YSlow extension (available for Firefox, Chrome, Opera and mobile devices), check out the project's page on Yahoo's Developer section (including ten more rules it checks).

On DZone.com today there's a new post written up by Mike Bernat about making web test cases for CakePHP applications with SimpleTest.

Most of the applications I work on have very straight-forward components and not a lot of complex functions/methods. I would only be testing whether or not they worked at all, rather than if they worked in a wide-array of situations. [...] For example, unit-testing a simple news list and detail page is probably overkill. Sure, you can test your classes by simple instantiating them but that only goes so far. My new method involves using SimpleTest's Scriptable Browser to actually crawl webpages and ensure that the proper data is being displayed.

He includes a few snippets of code to show how to implement SimpleTest's web test functionality - one that just checks a HTTP response values, another that checks for text on the page, one testing for a login on an admin page and a test for add/edit pages to ensure valid loading based on URLs/links.