News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPClasses.org:
OpenSSL Serious Security Bug Does it Affect Your PHP sites?
April 10, 2014 @ 11:55:37

In the wake of the announcement of the Heartbleed vulnerability in the widely used OpenSSL software, the PHPClasses blog has posted a look at how it relates to PHP applications and how you can see if your application is effected.

Just a few days ago it was publicly announced a serious security bug called Heartbleed that affects secure sites based on the OpenSSL library. Read this article to learn more about this security problem, how to test if your Web server or SSH server is vulnerable, how it may affect your PHP sites, what you should do to fix the problem.

They start with a look at the bug, what it is and why it's such a big problem. It talks about what kinds of applications are vulnerable (hint: it has nothing to do with the PHP) and how you can test to see if your server is secure. The rest of the post talks about how to resolve the issue and how it relates to OpenSSL connections to other servers and SSH.

0 comments voice your opinion now!
openssl bug heartbleed security effect webserver

Link: http://www.phpclasses.org/blog/post/231-OpenSSL-Serious-Security-Bug-Does-it-Affect-Your-PHP-sites.html

Evert Pot:
Composer's bug now fixed
February 24, 2014 @ 12:38:06

Evert Pot has posted an update to a previous post around Composer's vulnerability around installing the wrong packages in the case of a conflict. In this latest post he points out, however, that the bug is now fixed.

As an update to my previous post, the composer security problem now appears fixed. Good to see that a quick response was possible after all.

The original issue was caused by the "replace" functionality, allowing the possibility for an incorrect package to be installed instead of the one requested. Other posts with more details include this one from Pádraic Brady and Nils Adermann. if you're a Composer user, it's highly suggested you update your currently installed version (run a "composer self-update").

0 comments voice your opinion now!
composer bug security vulnerability fix selfupdate

Link: http://evertpot.com/composer-bug-fixed

Christian Weiske:
PHP 5.6 Large file upload support
December 11, 2013 @ 11:09:47

Christian Weiske has posted information about a feature in the upcoming PHP 5.6 version of the language - large file upload support. This new feature allows files over 4GB to be uploaded correctly.

PHP version 5.6 brings support for file uploads larger than 2GiB. We can say "thank you" to Ralf Lang for the initial patch that fixes bug #44522 , which was open since 2008. During testing uploads of files with a size of 4 - 11GiB on my PHP-CGI setup, I noticed that files above 4GiB did not get uploaded correctly. Michael Wallner was quick to fix that bug, and now 5.6 has fully working support for big files.

PHP 5.6 is still in development and some other new features are slated to be added to it. You can find some of them listed in the RFC section of the PHP wiki.

0 comments voice your opinion now!
php56 large file upload bug patch

Link: http://cweiske.de/tagebuch/php-large-file-uploads.htm

Joshua Thijssen:
PHP's Resources and garbage collection
July 12, 2013 @ 10:54:34

Joshua Thijssen has put together a new post with details about garbage collection in PHP and a "nice bug/feature/whatsmathing" he found related to it and its performance.

I was playing around with writing a daemon and if you have any experience writing daemons (in any language), there are a few rules you have to live by. For instance, setting your effective uid and gid to a non-privileged user (in case you needed to do some privileged initialization, like opening a socket on a tcp port < 1024), setting the process as a group leader with posix_setsid(), and redirecting stdio file descriptions. And here something went wrong which took a while to find and fix..

He was creating a daemon and the script would just exit without a warning and not continue running. He narrowed down the issue to a few lines (with fopen and fclose) and went to debug it with strace to really see what was happening. He found some unexpected calls in the stack trace and, after some more digging, finally figured out it was a problem of both scope and cleanup that was resulting in the extra calls.

0 comments voice your opinion now!
garbage collection resource stdin stdout stderr bug

Link: http://www.adayinthelifeof.nl/2013/07/10/phps-resources-and-garbage-collection

PHP.net:
PHP 5.5.0 Alpha2 released
December 27, 2012 @ 10:22:13

If you'd like to help with testing for the upcoming PHP 5.5.0 version, they've announced the release of the latest alpha on the PHP.net site, ready for download and test execution.

The PHP development team announces the immediate availability of PHP 5.5.0alpha2. This release adds new features and fix some bugs from alpha1. All users of PHP are encouraged to test this version carefully, and report any bugs in the bug tracking system.

You can see the full list of the changes in 5.5.0 (so far) in the NEWS file including things like using empty on return values, enabling systemtap by default for dtrace probes and optimized variable accessing. They need your help to make this upcoming release even better, so if you'd like to help out and test, go grab the download (Windows builds).

0 comments voice your opinion now!
alpha release test language bug tracking


Matt Frost:
TDD For the Unconverted
November 20, 2012 @ 12:45:46

Matt Frost has a new post today helping to explain test-driven development (TDD) for the unconverted and some of the things that come with it in practice.

You've heard of Test Driven Development, but you think; "I've got a horrifying monstrosity for a codebase, it's not testable so I can't do TDD". Let me be the first to tell you that you're wrong. I'm not into writing really controversial pieces, castigating people for not doing things a certain way. If you've considered TDD at any point in time, it's because you understand (at least in the theoretical sense) that having predictable software is beneficial. So this is for you, unconverted developer...

He talks about how using TDD can help you build confidence in your code, make debugging issues easier in the project simpler and how - despite the initial time it takes to implement it in the process - it's worth it in the end. He also includes a few helpful suggestions when your team doesn't want to follow the method.

0 comments voice your opinion now!
tdd testdriven development opinion bug confidence process


MaltBlue.com:
4 Keys to a Great Software Development Methodology
June 28, 2012 @ 09:26:00

On the MaltBlue.com blog Matt has posted four different keys he sees to making a good software development environment and make for happier developers (and managers).

A lot of the time when we're developing applications they're likely to be based around customizing or extending an existing application, such as WordPress, Joomla, Oxid eSales et al. In these cases, there's a clear set of rules and guidelines to work with. [...] But what about when we're building our own applications, bespoke ones, from scratch. [...] What do we do then? How do we set up a great software development methodology or set of processes to ensure that we develop cleanly, clearly and efficiently? In today's post, I'm going to go through 4 areas which can serve as a solid and reliable basis for us to do just this.

The four key elements he sees are:

  • Organized Development Environment
  • Organized Deployment Approach
  • Organized Testing Approach
  • Have a Professional Bug/Issues Database

For each of these elements, he describes some of the methods and tools that can help make them possible.

0 comments voice your opinion now!
software development method environment deployment testing bug issue


Gonzalo Ayuso's Blog:
Strange behavior in PHP with method visibility
May 28, 2012 @ 18:09:08

In his recent post Gonzalo Ayuso shares some "strange behavior" he found with method visibility in his recent development:

Normally I feel very comfortable with PHP, but not all is good. There's some things I don't like. One is the lack of real annotations and another one is this rare behaviour with visibility within the OO. Let me explain this a little bit.

The problem came up as a part of a recent refactor where a protected method, when called from an object injected into another class, threw an "access" error that it was called from the wrong context. He reported it as a bug but was reminded of how PHP handles exposure - on the class level, not the instance of a class level.

0 comments voice your opinion now!
behavior method visibility bug refactor


PHP.net:
PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823)
May 07, 2012 @ 09:03:59

The PHP.net site as new post with some supplemental information for those users of the PHP CGI that might be effected by the recently announced bug, the reason for the most recent release. Unfortunately, this patch only fixes some of the cases of the problem, so they've amended their instructions to included a more effective mod_rewrite rule to help protect your applications.

PHP 5.3.12/5.4.2 do not fix all variations of the CGI issues described in CVE-2012-1823. It has also come to our attention that some sites use an insecure cgiwrapper script to run PHP. These scripts will use $* instead of "$@" to pass parameters to php-cgi which causes a number of issues. Again, people using mod_php or php-fpm are not affected.

The rewrite rule is there in the post, ready for copy and pasting into your config. Even if you're running the latest PHP 5.3.12 and 5.4.2., be sure to use this rule as a stop-gap measure for now. Another release is planned for tomorrow to fully correct the CGI flaw.

0 comments voice your opinion now!
cgi flaw bug rewrite rule protect release


PHPClasses.org:
Lately in PHP Podcast Episode 21 - Is PHP Source Quality Really Good?
March 01, 2012 @ 10:17:08

On PHPClasses.org today they've posted their latest "Lately in PHP" podcast - episode 21, "Is PHP Source Quality really Good or is it still Insecure?".

A study from Coverity claims that the source code of Open Source projects such as PHP has a low defect rate. Meanwhile, a few weeks ago, the security expert Stefan Esser claims that PHP source security bug prevention has a lot to be desired because PHP core developers do not have the habit of using source code auditing tools to prevent security bugs. The matter of the PHP source code quality and security bug prevention was one of the main topics discussed by Manuel Lemos and Ernani Joppert in episode 21 of the Lately in PHP podcast.

You can listen to this latest episode either via the in-page player or by downloading the mp3 directly. You can also subscribe to their feed to get this episode automatically (and past/future ones too).

0 comments voice your opinion now!
latelyinphp podcast code quality language secure bug prevention



Community Events





Don't see your event here?
Let us know!


code wordpress release threedevsandamaybe library application introduction bugfix framework laravel list project community interview developer series configure language podcast api

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework