Vikram Vaswani passed on a link to a recording of a webcast the folks over at Liip did about using the PHPCR (content repository for PHP) along with the Magnolia CMS.

PHPCR enables developers to use Magnolia CMS within a PHP application. Common scenarios include editing Magnolia CMS pages and creating or updating CMS page properties through a PHP front-end. With PHPCR and the PHP Jackalope implementation, PHP developers can interface with Jackrabbit, the JCR implementation in Magnolia CMS and can connect their Web applications with Magnolia CMS without any special Java training or knowledge.

You'll need to register to view the webinar, but it's an interesting look at integrating this (PHPCR) with a major system to house its content.

As Chris Jones has posted on his Oracle blog, there's been a recent update to the Underground PHP and Oracle Manual with a complete refresh of content from more recent versions of the powerful database.

The Underground PHP and Oracle Manual is designed to bridge the gap between the many PHP scripting language and the many Oracle Database books available. It contains unique material about PHP's OCI8 extension for Oracle Database, and about other components in the PHP-Oracle ecosystem. It shows PHP developers how to use PHP and Oracle together, efficiently and easily.

Updates include new content related to the Oracle XE 11g release and the latest updates to their OCI8 extension for PHP. Other updates include information about using PHP with Oracle TimesTen, NetBeans and Oracle Tuxedo as well as getting PHP installed on the Oracle Solaris operating system.

On PHPMaster.com today there's a new tutorial for the WordPress users out there looking to work with dynamic content and shortcodes to make your site easier to use and to bring more content to user's attention.

The advantages to using shortcodes are obvious. First and foremost, it allows page designs to become far more unique. It also relieves the website administrator from having to create a large list of custom fields in order to perform basic content insertion. [...] And, finally, shortcodes allow a design to come alive and be truly dynamic and interesting to the end user. Too many WordPress blogs and magazine websites have adhered to the format of a big title, a standard block of text, and comments. That no longer has to be case.

They talk about using the "functions.php" file for the custom functionality, who to use them in your posts and how to use them in the theme-specific instances. Using the "add_shortcode" you can relate these custom functions to their codes for both simple and more advanced calls (code included).

Pádraic Brady has a new post to his blog about the state of output escaping in PHP and the steps that need to be taken to help prevent and protect applications from the real threat of cross-site scripting.

Automatic escaping has a certain appeal given its goal of removing the need to type escape() all over your templates. Funny thing, though, is that this is basically its one and only advantage. The second claimed goal is to remove a factor of human error (i.e. forgetting to type escape() somewhere), however, this hasn't posed an issue for me in the past where simple analysis of templates can quickly locate such omissions. And no, using automatic escaping does not remove the need to analyse templates for security issues - that's still needed regardless.

He goes on to define what "automatic escaping" is and isn't and how it relates to the context of the information (the same data may not always be filtered the same way in every place). He talks about scope-limited escaping, context-aware escaping and an idea that could help make life easier - a content security policy defining how the client should behave when interpreting HTML.

On the WebSpeaks.in site, there's a recent tutorial posted showing how you can extract the contents of a zip file from inside a PHP application.

Sometimes you may want the users on your site to upload the zip file and then check what are the contents of that zip file. In this article I will tell you how to extract the contents of the zip file. I temporarily extract the zip files to a directory and then delete it afterwards. You can chose to keep the extracted content if you want.

The tutorial walks you through the code, showing you how to use their "ZipArchive" class to grab the file, extract the contents and display a list of the "child files" inside it. You can see a live demo of it in action or just download the source and dive right in.

In this new post to his blog Henri Bergius shows you how to run the Symfony CMF with Midgard2 content repository.

I've written about Decoupled Content Management before. As the Symfony Live event in Paris is nearing, I thought to give Symfony CMF a spin. Symfony CMF is a new approach at building PHP content management systems, and adheres quite well to the principles of decoupled CMS.

He helps you set up the needed dependencies and content schemas as well as the YML configuration you'll need to set up to get the content repository backend working and integrated. Some command line calls are included to "prime" the database and the application should be ready to go.

Ed Finkler has a new post today showing how he's created a tumbleblog using the Gimmie Bar API and backend as a source for the posts. For the curious, the code for his simple blog can be found here.

One of the coolest things about working on Gimme Bar has been the opportunity to build a platform. While most folks interact with our service via the web site, the site is just one application built on top of the Gimme Bar content collection and curation system. Our web site interacts with the system via our HTTP API, which is open to everyone, not just our internal team. That means that anyone can build applications on top of our platform to suit their own needs or interests.

This simple blog (demo here grabs items from his Gimmie Bar feed and posts them. He includes complete installation instructions and a brief overview of how the parts work together.

On PHPMaster.com today there's a new article emphasizing something that lots of developers forget to make a part of their process when writing code - creating useful documentation to help make your code that much clearer.

If you're writing code that will be shared with others, put yourself in their shoes. Don't let your project lose potential users, community members, and possible contributors all because of insufficient documentation.

He (Matthew Turland) suggests a few things to keep in mind as you're writing up your documentation - the content is "king" (an emphasis on good descriptions/examples/use cases), open it up to external contributions using things like wikis (or even stored in the source code repository) and a focus on technical writing skills. Even the best tools out there can suffer if there's poor or no documentation.

New from the Decal blog today there's a general post about testing, not writing tests for your code but testing methods for your site as a whole (like A/B testing). This is the first part of a series.

For a long time, we here at Working Software have been strong believers in the "content precedes design" philosophy, as famously espoused by Jeffrey Zeldman and summarised here on UX Myths. [...] We are relaunching this website so we'd gone through the process of creating our "content first" wireframe using Decal Mockups.

They go through their entire process - how they decided what to test on the site, the methods they chose for the testing (including PickFu and Feedback Army) and some of the results of the feedback from each.

Related to this other post about content security policies in PHP sites, DashExamples.com has a quick new post about what you'll need to add to your application to implement a policy of your own.

Content Security Policy(CSP) is a mechanism in the browser that restricts what content will be requested and run by the browser. CSP does this by passing in a specific response header that tells the browser what resources (images, javascript, css, frames, etc) can be requested and accepted to execute. There are multiple ways to setup CSP for your web site, you can use your web server configuration like I showed in a previous example or use a dynamic scripting language like PHP.

What it really boils down to is setting a header, either X-Content-Security-Policy or X-Content-Security-Policy-Report-Only, to tell the browser what security policy to use and how to honor it. You can find out more about content security policies from this page on the Mozilla wiki. CSPs allow you to define how your site's content interacts and help to prevent issues like XSS and data injection.