News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Educate, Don't Mediate
October 21, 2014 @ 11:53:55

In his latest post Anthony Ferarra makes a suggestion about teaching developers how to solve problems via a "quick fix" versus educating them about the real problem: educate, don't mediate.

Recently, there has been a spout of attention about how to deal with eval(base64_decode("blah")); style attacks. A number of posts about "The Dreaded eval(base64_decode()) - And how to protect your site and visitors" have appeared lately. They have been suggesting how to mitigate the attacks. This is downright bad. The problem is that these posts have been suggesting things like "Disable eval()" and "Disable base64_decode()" as possible solutions. And while technically that would work, it completely misses the point, and does nothing to protect users

He suggests that developers shouldn't just look for a "quick fix" solution posted in a tutorial somewhere and go on their merry way. One danger in this is that those instructions could only be patching part of the problem, not all of it. In this case, the disable eval/base64 handling is only a code-level fix. If this exploit exists in your application, the attacker was able to get to the local file system - a much bigger problem.

0 comments voice your opinion now!
educate mediate opinion bugfix quickfix eval base64 encode decode

Link: http://blog.ircmaxell.com/2014/10/educate-dont-mediate.html

PHP.net:
PHP 5.4.34 & 5.6.2 Released
October 17, 2014 @ 10:14:07

On the main PHP.net site an announcement has been posted about the release of the two latest versions in the PHP 5.4.x and 5.6.x series - PHP 5.4.34 and 5.6.2

These releases fix several bugs in both versions including several security-related issues including CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. In the 5.4.34 release there was also a fix put in to correct a regression issue in the OpenSSL functionality.

As both of these contain security-related fixes, it's strongly recommended that you upgrade as soon as possible. As always, you can find the latest downloads on the main downloads page or windows.php.net for the Windows users. The full list of changes in each of the versions can be found in the Changelog.

0 comments voice your opinion now!
language release bugfix security update openssl

Link: http://php.net/archive/2014.php#id2014-10-16-3

PHP.net:
PHP 5.6.1 released
October 03, 2014 @ 10:40:32

The PHP development group has officially released the latest version in the PHP 5.6.x series today: PHP 5.6.1, largely a bugfix release.

The PHP development team announces the immediate availability of PHP 5.6.1. Several bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

Changes in this release include updates to the language core, DOM handling, GD image functionality and a change with the new built-in debugger, phpdbg. You can see the full list of changes in the Changelog for this release. As always, you can download this latest release either from the main downloads page or from windows.php.net for the Windows users out there.

0 comments voice your opinion now!
language release bugfix php56 update

Link: http://php.net/index.php#id2014-10-02-1

PHP.net:
PHP 5.4.33 Released
September 19, 2014 @ 10:18:06

The PHP development group has officially release the latest in the PHP 5.4.x series today - PHP 5.4.33. This is largely a bugfix release, but all users are encouraged to update to this latest version.

The PHP development team announces the immediate availability of PHP 5.4.33. 10 bugs were fixed in this release. All PHP 5.4 users are encouraged to upgrade to this version. This release is the last planned release that contains regular bugfixes. All the consequent releases will contain only security-relevant fixes, for the term of one year. PHP 5.4 users that need further bugfixes are encouraged to upgrade to PHP 5.6 or PHP 5.5.

Updates in this release include bugs fixed in the OpenSSL handling, the GD graphics functionality and the language core. As always, the latest source for this version can be downloaded from the main downloads page or from windows.php.net for Windows users. If you're in interested in the full set of changes, check out the Changelog for the release.

0 comments voice your opinion now!
language release bugfix update

Link: http://php.net/index.php#id2014-09-18-2

PHP.net:
PHP 5.5.17 is available
September 18, 2014 @ 12:27:11

The PHP development group has just released the latest in the PHP 5.5.x series today - PHP 5.5.17.

The PHP development team announces the immediate availability of PHP 5.5.17. Several bugs were fixed in this release. All PHP 5.5 users are encouraged to upgrade to this version.

Bugs fixed include updates in the core language, the COM extension, GD image handling, OpenSSL functionality and the SPL. You can download this latest release (source) from the main downloads page or Windows users can use windows.php.net. You can get the full list of changes and the bugs they relate to in the latest Changelog.

0 comments voice your opinion now!
language release php55 bugfix download update

Link: http://php.net/archive/2014.php#id2014-09-18-1

Ben Ramsey:
Learning a New Codebase
September 18, 2014 @ 09:38:51

In a new post to his site Ben Ramsey shares a few suggestions around things to ask and do to learn a new codebase (whether that means in a new job or coming into a new open source project).

A few days ago, my friend Ed Finkler started a new job. Earlier this week, he posted on Twitter: "First days humble us all." Having begun a new job myself, I shared Ed's sentiment. Last weekend, while at the Madison PHP Conference, we were discussing what developers can do during the interview process to get an idea of the kind of codebase a company has.

He includes a few questions for developers to ask, either during the interview or once hired, about the codebase itself including:

  • what coding standards the company follows
  • how much of the code is covered by tests
  • have the company's deployment process described

He also recommends learning the codebase by diving in and either writing tests for untested areas or work through bug reports and fix (then test) them.

0 comments voice your opinion now!
learn new codebase tips questions bugfix unittest

Link: http://benramsey.com/blog/2014/09/learning-a-new-codebase/

Community News:
Laravel Framework Introduces Liferaft
September 12, 2014 @ 09:25:04

The development group behind the Laravel framework have introduced a new tool that aims to make it easier to report bugs with the framework (not the applications built with them): Laravel Liferaft.

To encourage active collaboration, Laravel currently only accepts pull requests, not bug reports. "Bug reports" may be sent in the form of a pull request containing a failing unit test. [...] A failing unit test or sandbox application provides the development team "proof" that the bug exists, and, after the development team addresses the bug, serves as a reliable indicator that the bug remains fixed.

Following along with this method, Liferaft provides a simple way to download a clean copy of the framework, make the needed changes for the pull request and automatically submit it via GitHub back to the project for handling. In this video on Laracasts Taylor Otwell walks you through a simple example of using it to submit an issue back (and what happens behind the scenes).

0 comments voice your opinion now!
liferaft laravel framework bugfix unittest pullrequest

Link: https://laracasts.com/lessons/introducing-laravel-liferaft

PHP.net:
PHP 5.4.32 Released
August 22, 2014 @ 12:48:52

The PHP development team has officially announced the release of the latest version in the PHP 5.4.x series that fixes several security issues: PHP 5.4.32.

The PHP development team announces the immediate availability of PHP 5.4.32. 16 bugs were fixed in this release, including the following security-related issues: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120. All PHP 5.4 users are encouraged to upgrade to this version.

You can view the full list of changes and what part of the language they effect in the changelog. To download this latest version, you can get the source from the downloads page or windows.php.net for Windows users.

0 comments voice your opinion now!
release language php54 security bugfix upgrade

Link: http://php.net/index.php#id2014-08-21-1

PHP.net:
PHP 5.6.0RC4 is available
August 15, 2014 @ 10:58:13

The PHP development group has announced the release of the latest Release Candidate in the PHP 5.6.x series - PHP 5.6.0RC4. This is a not-for-production release of 5.6 prior to the stable version being released.

The PHP development team announces the immediate availability of the fourth and hopefully lates release candidate of PHP 5.6.0. As we entered the feature freeze with beta1, this is a bugfix-only release. All users of PHP are encouraged to test this version carefully, and report any bugs in the bug tracking system.

This latest release candidate includes changes related to the Fileinfo handling, GD functionality, an OpenSSL socket issue and many more. You can download this latest release from the QA downloads page (or here for Windows users).

0 comments voice your opinion now!
language release releasecandidate php56 test bugfix

Link: http://php.net/index.php#id2014-08-14-2

Johannes Schlüter:
PHP 5.3 - Thanks for all the Fish
August 15, 2014 @ 09:42:56

Johannes Schlüter has a new post on his site today saying "so long and thanks for all the fish" to the PHP 5.3.x series of releases. With PHP 5.3.29 being released yesterday, that marks the end of the release cycle for the 5.3 series. He takes a bit to look back and reflect on how far things have come during the 5.3.x series, its history and his role as the release master.

PHP 5.3's history starts somewhere in 2005. We knew what a pressure point of PHP was - a language made for solving The Web Problem needs a good Unicode story. [...] As this was a big and pressing issue and the need was obvious and the solution looked promising it was quickly areed on making that the base for a future PHP 6. And then time passed, initial enthusiasm passed and the sheer amount of work became obvious. Two years in we noticed that the ongoing PHP 6 work blocked other work - new features couldn't be added to 5.2, the current version at that time, and adding them to (at that time) CVS's HEAD.

He talks about Lukas Smith getting involved as the "co-release manager" for the series and the contribution he made to the project. He mentions the over five thousand commits and around eighty people that contributed to the releases and the over ten thousand files that were changed. Major features were introduced during this series including namespacing, anonymous functions, goto and late static binding. He also talks more meta about the process the PHP development follows and how things changed over the 29 bugfix releases in the 5.3.x series.

Thank you Johannes and Lukas for all that you've done to get PHP 5.3 to where it is today and your work ensuring the introduction of these major features made it out in a timely manner.

0 comments voice your opinion now!
release manager retrospective php53 language bugfix

Link: http://schlueters.de/blog/archives/178-PHP-5.3-Thanks-for-all-the-Fish.html


Community Events





Don't see your event here?
Let us know!


zendserver language podcast series release interview library api framework unittest update package community deployment install tips laravel symfony opinion introduction

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework