Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

RIPSTech.com:
WARNING: WordPress File Delete to Code Execution
Jun 27, 2018 @ 10:29:26

On the RIPSTech.com site they've posted a warning to the WordPress users out there about a vulnerability that would allow a malicious user to delete any file in the WordPress installation, not just file uploads.

At the time of writing no patch preventing this vulnerability is available. Any WordPress version, including the current 4.9.6 version, is susceptible to the vulnerability described in this blogpost.

For exploiting the vulnerability discussed in the following an attacker would need to gain the privileges to edit and delete media files beforehand. Thus, the vulnerability can be used to escalate privileges attained through the takeover of an account with a role as low as Author, or through the exploitation of another vulnerability/misconfiguration.

The post includes more details around the impact of the issue and where in the code the problem lies. It also offers a temporary "hotfix" as a way around the issue by adding a new filter that uses the basename function to reset the thumbnail data.

tagged: security wordpress delete file vulnerability code execution

Link: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

Sergey Zhuk:
Working With FileSystem In ReactPHP
Feb 28, 2018 @ 10:29:16

Sergey Zhuk has posted another ReactPHP tutorial to his site, this time focusing on working with the filesystem from a ReactPHP application.

I/O operations in the filesystem are often very slow, compared with CPU calculations. In an asynchronous PHP application this means that every time we access the filesystem even with a simple fopen() call, the event loop is being blocked. All other operations cannot be executed while we are reading or writing on the disk.

[...] So, what is the solution? ReactPHP ecosystem already has a component that allows you to work asynchronously with a filesystem: reactphp/filesystem. This component provides a promise-based interface for the most commonly used operations within a filesystem.

He starts the code with a bit of setup, creating the initial event loop, the related Filesystem instance and a pointer to a "test.txt" file. He then walks through the basic filesystem operations and the code required: reading in the file contents, creating a new file and writing content back out to a file. The next section goes through the same functionality for directories. He ends the post with a look at symbolic link creation, read and delete operations.

tagged: reactphp tutorial filesystem file directory symboliclink

Link: http://sergeyzhuk.me/2018/02/27/reactphp-filesystem/

Laravel News:
Creating Your Own PHP Helpers in a Laravel Project
Dec 11, 2017 @ 11:16:36

The Laravel News site has a quick post sharing a helpful topic for the Laravel users out there. In the tutorial they show how to create custom helpers for use across the entire application in any scope.

Laravel provides many excellent helper functions that are convenient for doing things like working with arrays, file paths, strings, and routes, among other things like the beloved dd() function.

You can also define your own set of helper functions for your Laravel applications and PHP packages, by using Composer to import them automatically.

If you are new to Laravel or PHP, let’s walk through how you might go about creating your own helper functions that automatically get loaded by Laravel.

The tutorial starts off by recommending the placement of the custom helper file and how to ensure it's autoloaded when the application is bootstrapped. It then covers the creation of the helper functions including the use of if checks to ensure there's not a function naming collision. Finally the post includes an example of a helper file, sharing the creation of two methods: show_route and plural_from_model. The post ends with a look at packages and how to include helper files inside of them for use in your application.

tagged: helper laravel tutorial introduction project file autoload

Link: https://laravel-news.com/creating-helpers

SitePoint PHP Blog:
How to Read Big Files with PHP (Without Killing Your Server)
Nov 21, 2017 @ 13:19:27

On the SitePoint PHP blog, there's a tutorial posted showing you how to deal with large files without "killing your server". In this case, it's not about the upload process but about the handling of large files on the server side.

It’s not often that we, as PHP developers, need to worry about memory management. The PHP engine does a stellar job of cleaning up after us, and the web server model of short-lived execution contexts means even the sloppiest code has no long-lasting effects.

There are rare times when we may need to step outside of this comfortable boundary — like when we’re trying to run Composer for a large project on the smallest VPS we can create, or when we need to read large files on an equally small server. It’s the latter problem we’ll look at in this tutorial.

They start off by describing how they plan to measure the success of the improved file handling, mostly around the memory usage required to work with the file. It then gets into some of the options available including:

  • reading files line by line
  • piping between files
  • using filters

The last option, the filters, seems to be the best one. He uses this one and customizes the handling with different configurations and custom protocols. All related code is included in the post and is avaialble on GitHub.

tagged: read big file memory consumption filter stream tutorial

Link: https://www.sitepoint.com/performant-reading-big-files-php/

Jeff Madsen:
PhpStorm: Tasks & Contexts with Your Git Branches
Sep 26, 2017 @ 09:37:29

On his Medium.com site Jeff Madsen shows you how to use contexts in the PhpStorm IDE to switch between environments or current work using a more streamlined process.

Switching context is a pain.

Not just because you need to mentally switch the complex web of ideas in your head. Think about all the physical files on different git branches you have to remember in order to answer a “quick question about task #123”. [...] PhpStorm has a lot of great context links and shortcuts to help you navigate among all these, but it is still a royal pain whenever you need to put one set of files aside and work in a different area of the codebase.

[...] When I finished something and pushed it up for review if there was even a small request to change a default or label I had to reopen the branch and track down the correct files where the work was done. How could I turn that all into a single, easy step?

Enter Contexts and Tasks!

He starts off by defining what a "context" is in the world of PhpStorm - a group of open files with a name attached - and how they can be created/saved inside the IDE. Next is the idea of "tasks" that help with performing operations and relating them to contexts and groupings of files. He then shows how to switch between tasks related to a certain feature and how to close it out when you're done.

tagged: phpstorm custom task context group file switch tutorial

Link: https://medium.com/@codebyjeff/phpstorm-tasks-contexts-with-your-git-branches-92d9d1c5a34b

Rob Allen:
Slim's route cache file
May 31, 2017 @ 09:35:15

In a new post to his site Rob Allen talks about how you can speed up the routing in your Slim framework based application using the route cache file.

When you have a lot of routes, that have parameters, consider using the router's cache file to speed up performance.

To do this, you set the routerCacheFile setting to a valid file name. The next time the app is run, then the file is created which contains an associative array with data that means that the router doesn't need to recompile the regular expressions that it uses.

He gives an example of how to enable the setting and makes the recommendation that it's only used in production. He includes a simple example that defines "25 groups, each with 4000 routes, each of which has a placeholder parameter with a constraint." The first run on a route responds in 2.7 seconds but, once the cache file is created, it drops down to just 263 milliseconds - a major improvement.

tagged: slim route cache file tutorial example performance

Link: https://akrabat.com/slims-route-cache-file/

TutsPlus.com:
Programming With Yii2: Using Amazon S3
Dec 08, 2016 @ 11:27:16

The TutsPlus.com site has continued their series of posts in the "Programming with Yii2" series with this new tutorial covering the use of the Amazon S3 service for sorting files remotely in your application.

In today's tutorial, I'll walk you through the basics of browsing, uploading and downloading files to and from Amazon's cloud-based S3 storage service. Essentially, I've created a simple storage model and controller as examples which you can extend for your needs.

He starts with a brief introduction to the S3 service (including a video from Amazon themselves) and what kinds of things it could be used for. He helps you get started via the AWS web GUI, creating an S3 "bucket" and viewing their contents. He shows how to get the credentials you'll need to connect to the bucket and defining them in the ini configuration file. The tutorial then shows how to use this AWS extension for Yii2 to connect to and work with the S3 bucket you've created. This includes browsing the content, uploading new files and downloading current ones.

tagged: yii2 framework series amazon s3 file storage download upload tutorial

Link: https://code.tutsplus.com/tutorials/programming-with-yii2-using-amazon-s3--cms-26347

Laravel News:
Laravel 5.4: JSON Based Language Files
Nov 22, 2016 @ 09:44:33

The Laravel News site has a new post today describing a feature of the upcoming Laravel 5.4 release: the ability to define language files with JSON formatted files.

One of the most wanted requests we receive at Laravel is introducing better support for multilingual web applications, there are already packages out there that add some nice functionality to Laravel for better handling of multilingual projects requirements, but one of the painful issues when building such applications is managing translation keys.

Previously the trans/trans_choice helper to reference the value defined in the PHP array from your language files by a key name. With this new functionality, a new __() helper method is defined that will look through the English translation file, locate the correct key and find the matching record in the requested language to return. They also show how to pass in some parameters into the translator and how to use it directly from Blade.

tagged: laravel json language file helper tutorial parameter blade

Link: https://laravel-news.com/2016/11/json-based-translations/

Master Zend Framework:
The 3-Step Guide to Downloading Files in Zend Expressive
Aug 29, 2016 @ 10:37:44

On the Master Zend Framework site there's a tutorial posted showing you how to set up file download functionality in a Zend Expressive-based application.

A common requirement of web-based applications is to upload and download files. But, out of the box, there’s no simple way to download them in Zend Expressive. This tutorial shows you how - step-by-step.

Recently, I was asked on Twitter by @dgoosens, about how to download files using Zend Expressive. The timing was pretty good, as I’d done a simple implementation in a recent Zend Expressive project. So I knocked up a quick example and he, @acelayaa, and I talked it over, making various changes and suggestions along the way.

So, In today’s tutorial, I’m going to walk through a 3-step process for downloading files when using Zend Expressive.

He breaks the process down into three parts:

    1. The Download Functionality
    1. Using the Download Method
    1. Running the Application & Downloading the File

He includes code or commands for each step, showing you exactly how to set up this simple piece of functionality. Additionally it's implemented as a (mostly) self-contained method using the Stream handler to set the required headers and body.

tagged: zendframework zendexpressive file download tutorial stream

Link: http://www.masterzendframework.com/downloading-files-in-zend-expressive/?platform=hootsuite

Zend Framework Blog:
End-to-end encryption with Zend Framework 3
Aug 22, 2016 @ 11:56:35

With the recent release of the latest version of the zend-crypt package, the Zend Framework has announced that it's possible to use it to create end-to-end encryption in your applications (Zend Framework based or not).

Recently, we released zend-crypt 3.1.0, the cryptographic component from Zend Framework. This last version includes a hybrid cryptosystem, a feature that can be used to implement end-to-end encryption schema in PHP.

A hybrid cryptosystem is a cryptographic mechanism that uses symmetric encryption (e.g. AES) to encrypt a message, and public-key cryptography (e.g. RSA) to protect the encryption key. This methodology guarantee two advantages: the speed of a symmetric algorithm and the security of public-key cryptography.

He starts with a brief overview of how the system works and the flow of the request/response messaging. With this base in place, he gets into the code required to perform the encryption, first generating the keys needed for the encryption (and why he chose the mode/cypher he did for each). Then, using these keys, he shows how to use zend-crypt and its "Hybrid" handling to encrypt and decrypt a simple message. He also shows how to encrypt the contents of a file using a password.

tagged: endtoend encryption zendcrypt zendframework encryption tutorial string file

Link: https://framework.zend.com/blog/2016-08-19-end-to-end-encryption.html