Robert Basic has put together a new post to his blog about a hack he's found for the Zend Framework translated route segments when a "gotcha" popped up when he was trying to use them in a multi-language website.

The web site's default locale, language, is English. If the user has no locale in the session/cookie, she, or he, will get the English version of the web site. [...] But! If the user's first visit is on the http://example.com/vesti URL ("vesti" is "news" in Serbian), the router can't route that because it depends on the locale and the default locale is English and not Serbian, thus directing the user to the 404 page.

To get around this issue he created a front controller plugin that fires in the postDispatch hook to change the locale manually if the current request's isn't found to be English. It then redirects the user to the correct location for the new language and things proceed normally.

On the Web Builder Zone today there's a new article that talks about five things that, while they may seem like hacks in your development, they might come in very handy in the right situations.

Ilia is one of the people that get his hands dirty in the PHP core, and PHP has indeed many overlooked features. [...] However, thinking about this load of features inspired me to write this article: I'll include here 5 features that at first seem an hack, but can save your life while coding in PHP. In fact, you probably use or will use them every day without noticing.

His list of five is made up of the access our scripts have to private properties via Reflection, using eval, the __DIR__ constant, the fact that a closing "?>" isn't needed and the fact that PHP has "__sleep()".

The Cats Who Code blog has some handy WordPress tips for those out there using the popular software to power their sites. These ten tips cover a wide range of subjects, so hopefully you'll find one of use to you in the list.

WordPress is the platform of choice for most bloggers, and WordPress hacks is one of the most popular topics on CatsWhoCode. This is why I've decided to compile 10 new and extremely useful hack for WordPress.

Here's their list of ten - some most include code snippets you can cut&paste into your existing site for easy use.

• Remove comments autolinks
• Automatically notify your users of new posts
• Twitter style "time ago" dates
• Display post thumbnail in your RSS feed
• Block external requests
• Easy debug mode
• Use WordPress shortcode in theme files
• Allow upload of more file types
• Google Docs PDF viewer shortcode
• Detect the visitor browser within WordPress

On the Security Musings blog today there's a new post from Anurag that walks you through the process, step-by-step, of how he exploited an image gallery written in PHP (including the tools he used).

I always read, PHP applications are a security guy's nightmare. Always thought why, Coming from a world of packets and frames code made lesser sense. Until I stumbled upon this application. The application was an Image gallery, with a lot of nice cool pics and an option to share and upload pics. This was a PHP application. Oh, it was fun! I thought of playing with it. As soon as I checked the Image upload option, the security freak in me took over.

Using tools like BURP, Extplorer and Fgdump he was able to find a hole that let him upload whatever he wanted including full access to the machine and the Windows admin password.

WordPress users, listen up, Alison Gianotto has a few suggestions you should listen to (and maybe prepare for ahead of time) to do when your WordPress blog gets hacked.

It happens to most bloggers at some point your Wordpress blog gets pwned, and you're not sure where to even start. [...] This article will deal with how to restore your Wordpress install, and perhaps more importantly, where to look to try to determine the nature of the attack so that you can make sure it won't happen again.

She talks about what kind of impact a hack could entail - lost time spent restoring, site downtime, etc - and a few things you can do to help minimize these problems:

• Keep Wordpress and Plugins Up to Date
• Ask Your Web Host Where Your Log Files Live
• Backup, Backup and Backup again
• Early Detection Equals Better Reputation Damage Control

She also talks about what to do in the aftermath - finding out exactly what happened, disable all incoming traffic, check modifications dates and record the information. Only then should you restore from backups and keep an eye on the logs for anything suspicious.

On the NETTUTS.com site today there's a new tutorial with a few tips (six of them) for CodeIgniter sites to give them a bit of extra performance.

CodeIgniter is a simple and powerful open source web application framework for PHP. Today, we'll do some core "hacks" to this framework to change and improve its functionality. In the process, you'll gain a better understanding of the intricacies of CodeIgniter.

Thier six tips, while not the most idea for production systems (at least not until tested on a development site), can help out your application in a few different ways. Here's their list:

• Autoloading Models PHP 5 Style
• Prevent Model-Controller Name Collision
• Form Validation for Unique Values
• Running CodeIgniter from the Command Line
• Adding Doctrine ORM to CodeIgniter
• Running Multiple Sites

From the CatsWhoCode.com blog there's a new list of ten things you can do to help improve the performance and add extra functionality to your WordPress installation's dashboard.

The dashboard is a very important part of a WordPress blog. In fact, it allows you to control your posts, your blog design, and many more things. When building a site for a client, it is especially important to be able to control WP's dashboard. In this article, let's have a look at 10 extremely useful hacks for WordPress' dashboard.

Some of their hacks include:

• Remove dashboard menus
• Replace dashboard logo with yours
• Disable the "please upgrade now" message
• Add custom widgets to WordPress dashboard
• Provide help messages

On the CatsWhoCode.com blog there's their list of top "hacks" for WordPress that can add that little extra boost your site might be needing.

2009 has been a very prolific year for WordPress hacks. In this article, I'll show you the most useful hacks I came across during the whole year. Enjoy!

Some of the suggestions include:

• Monetizing your old blog posts
• Detect the visitor browser within WordPress
• Get short urls for social bookmarking
• Use SSL on wp-admin directory
• Post on your WordPress blog using PHP

Fabien Potencier has a suggestion for developers out there - don't just look at what you write as something functional that just does a job, be an artist!

Hacking is an art, and hackers should act as artists. Hackers and painters have a lot in common but I won't talk about the analogy too much as Paul Graham wrote an excellent essay and a whole book on this topic. I recommend you to read both of them if you are a hacker or a developer.

He points out that "beautiful code" is a good thing - unfortunately developers for companies may not have the luxury of writing it. He does suggest hacking on your own time, though. Not only is it good for you, getting out those ideas into working code, but it can also positively effect the applications you develop at your work.

Some of you might have heard about the hacking of the phpBB.com website earlier this week. Well, Stefan Esser has posted a bit more about the vulnerability in the PHPList software that lead to the problem.

A few days ago phpbb.com was hacked through a super-globals-overwrite vulnerability in PHPList that was used by an attacker for a local file inclusion exploit. Details about the whole attack, written down by someone who claims to be the attacker, can be read here.

Stefan talks about the superglobal problem PHPList had - allowing the superglobal information to overwrite the variables inside the script without so much as a check. Example code shows how it was possible for the attacker to provide their own configuration file value to be opened via a stream wrapper.