Matt Farina has a new post today looking at an "underutilized gem" he's found in the offerings of the Standard PHP Library (SPL) - the SplFixedArray.

Arrays in PHP are not arrays per the typical array data type. Instead, as Matt Butcher recently pointed out arrays in PHP are similar to hashes in other languages. This can be a very important point to know when tracking down bugs in code and to programmers coming to PHP from other languages. But, what if we wanted something like a traditional array data type? Maybe something that preserved numeric order. Enter SplFixedArray.

He gives an example of using the SplFixedArray object versus the normal array variables in a simple PHP snippet showing the preservation of numbering order. He also touches on the memory consumption difference between the two, with the fixed array coming in quite a bit lower than the normal array data type (around 25% based on his basic testing). There are some catches to using it, though including incompatibility with array methods and the fact that it doesn't implement things like Iterator or Countable interfaces.

In a new post to the Zend Developer Zone, Ralph Schindler has posted about this month's Bug Hunt Days for the Zend Framework. They start today (Thursday, February 17) and run through Saturday.

For those who haven't put the reoccurring event in their calendar, this announcement is for you: Zend Framework Monthly Bug-hunt is here again! This Thursday, Friday and Saturday of February (the 17th, 18th and 19th 2011), we'll be hosting our monthly bug hunt. For those of you unfamiliar with the event, each month, we organize the community to help reduce the number of open issues reported against the framework.

Last month the event closed 24 issues with a tie for first. If you're wanting to get involved and close even more of those issues, the post has the steps you'll need (including filing a CLA with Zend).

Lorna Mitchell has a handy tip for those PHPers out there that use Github and want to pull off the issues from their project's Issues List quickly and easily - use their API (super simple).

I looked around for some export functionality for github but I got a lot of posts complaining it wasn't there. Since I hate applications that take your data and refuse to let you remove it, I was disappointed by this news but further inspection showed that although there might be no "export from github" button, there's an API that more than has it covered.

She gives an example of how to fetch only the currently open issues (the important ones) and pull then back through the API as a JSON message. Her little code snippet uses file_get_contents, but this can obviously be adopted to whatever use you might want. You can find out more about the things you can do with the Github API on the develop.github.com site including features to work with organizations, users, pull requests and gists.

Lukas Smith has a new post to his blog looking at some of his experiences with working with JSON in the upcoming version of the Symfony framework (Symfony2), specifically in using the DoctrineUserBundle and load views via JSON.

Unfortunately right now there are quite a few issues with taking a 3rd party Bundle which wasn't specifically build to be accessible via JSON. So in the end I build a MultiplexController that can JSON-ify any controller. The name derives from the fact that it also supports calling multiple routes at once and returning all the data from all these routes in one request. But being good OSS citizens here at Liip, we decided to use this opportunity to try and come up with a more sustainable solution. The goal would be to make it essentially possible to have a 3rd party controller return JSON without having to do anything on the controller level.

He talks about the "magic" that lets you define the output format you'd like and how it works on the backend with the templating system to use templates based on the requested file. He points out a few issues with the method - a form request problem and that there's no good way to call json_encode from inside a twig template (as well as redirecting after submission).

On the Blue Parabola blog Keith Casey asks the question "how do you measure an individual's contribution?"

In the past few weeks, I've been working fast and furious at getting web2project to our v1.0 milestone. As part of that effort, I track open issues, problematic modules, community feedback via the forums, death threats via all methods, and other related aspects.

He suggests a few different ideas for measuring how much a user has contributed: lines of code, commit count, issues they've reported, number of issues closed or community involvement. Of course, none of these can truly measure how much an individual has participated in a project, especially since it could be a mix of several of them combined into a whole as the "involvement persona" of any given person.

In his search for "contact grabber" classes, Jonathan Street came across one posted to the PHPClasses.org website recently, the Contact Grabber class, and decided to give it a shot and report back his findings.

I haven't tried it yet but apparently it can connect to hotmail, yahoo, gmail, orkut, rediff and myspace. It is an impressive collection of scripts. [...] Generally speaking I wouldn't have a problem with the script being included in another project. In fact I would encourage it. In this instance though there are a few problems.

He breaks it up into a few different kinds of issues: inaccuracies, updates, licensing problems, and that the author wouldn't make contact back to Jonathan about some of his problems.

Stefan Esser has officially kicked off his "Month of PHP Bugs" for the month of March (get more details here).

You might have realised it already. March 2007 has begun and so has the long awaited Month of PHP Bugs. The initiative is hosted on dedicated servers, because serendipity cannot handle the traffic. You can reach it at http://www.php-security.org.

As of the time of this post, there are currently three bugs posted - two dealing with stack overflows (one in the variable destructor and one in the executor) and a overflow issue in the ZVAL reference counter. Detailed descriptions of the issues are just a click away and, where is it needed, an explain example is provided.

There's a new article on The Register about a topic that's constantly argued in any language, much less PHP - application security.

PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web.

They talk first about the "great rise of PHP" on the web and how this surge of popularity also helped to show the great number of PHP security issues - both in applications written in it and in the language itself.

There's a mention of some of the upheaval that the PHP security community has had this year as well. They talk about the security of a LAMP installation versus a Windows machine, and their suggestions on helping to make the PHP world a better place.

The latest version of both major branches of PHP have been released - PHP 4.4.4 and PHP 5.1.5 - fixing some of the major security problems that have been found in recent versions.

PHP development team would like to announce the immediate availability of PHP 5.1.5 and 4.4.4. The two releases address a series of security problems discovered since PHP 5.1.4 and 4.4.3, respectively.

Some of these problems included:

• Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
• Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
• Fixed a buffer overflow inside sscanf() function.
• Fixed memory_limit restriction on 64 bit system.

All information about the updates for these versions can be found in the Changelogs - PHP 4.4.4 and PHP 5.1.3. It's recommnded that you download these new versions and update your installation.

According to this new post on DynamicWebPages.de today, Ilia Alshanetsky has pushed the latest release candidate for PHP 5.1.x series out the door - version 5.1.5RC1.

This release was needed to clean up some of the problems found while working towards PHP 5.2. Among others, there were issues with the URL extension and parts of the Zend Engine 2 that needed correcting.

Complete information and a list of changes can be found in the Changelog and you can download this package here. As always, the development team requests any kind of testing that developers can do on this release candidate to find the bugs quickly.