PHPUnit, the popular PHP unit testing tool, has undergone some changes in its methods of deployment. First it was integrated into the Composer/Packagist dependency management system and now it's been implemented as a phar archive. Sebastian Bergmann explains how to use it in his latest post.

Downloading a single file to use PHPUnit? Not an idea that is too phar out anymore! Starting with version 3.7.5, PHPUnit seems to finally work correctly when packaged as a PHP Archive (PHAR).

He includes a list of steps you can follow to pull down the latest code and use the phar branch that executes with the archive file instead of the local "phpunit" executable. Of course, you can still (as always) install PHPUnit via the PEAR process as well.

There's a new project on Github that wants to help making your phar archives for your PHP applications. The process is a little obtuse right now and Box wants to simplify it.

Box is a library and command line application for simplifying the PHAR creation process. [Features include] creating new PHARs with a simple configuration file, add and replace files in existing PHARs, extract existing PHARs, with option to cherry pick files and verify PHAR signatures.

The project is still relatively young but it looks like it's off to a good start. Phar files are a powerful tool to have in a PHP developer's arsenal but developing them can be a pain. Hopefully something like this can make life easier.

As reported in this new post on PHPBuilder.com, there are two new security issues that could allow an attacker to execute their own code (note: these are fixed by the latest releases, PHP 5.4.4 and PHP 5.3.14).

The flaws are related to each other, with the primary issue being an insecure implementation of the DES within the crypt() function. In his eSecurityPlanet article about recent PHP security updates, Sean Michael Kerner provides the details of these two security flaws.

The issue stems from a flaw in the DES implementation where certain keys are truncated before the DES digestion and a problem in the phar extension that could allow for arbitrary code execution. You can find more on these security issues here.

On the 7php.com blog today they've posted the latest in their series of PHP community interviews - a few questions with Davey Shafik, the original author of phar.

In this edition I talked with Davey Shafik (@dshafik), who is one of the Founding Contributor of PHP Zend Framework. He has been a co-author of several prominent books, namely: php|architect's PHP 5 Zend Certification Study Guide, PHP Master: Write Cutting Edge Code, The PHP Anthology: 101 Essential Tips, Tricks & Hacks. He is also a well-known speaker at several world-wide PHP Conferences - You can find his incoming conference schedules on his website.

In his answers we find out about:

• Where he feels his place is in the PHP community
• What he's excited about in PHP 5.4
• Some advice to beginners about "scratching an itch"
• Recommendations about profiling your code
• Resources he suggests
• His admiration of Sebastian Bergmann for the hard work he does

You can read more about these and the rest of his answers in the full interview.

Vance Lucas has a new post sharing some of his experience in setting up nginx+PHP-FPM with phar packages that he recently had with setting up a new server instance for a company. The problem showed itself as blank pages, apparently due to a feature in the Suhosin security package.

Ran into this issue when setting up a new VPS for AutoRidge. This happens when using Nginx and PHP-FPM with PHP 5.3+ and the Suhosin patch when trying to run a PHP script using a PHAR package. From what I can gather, the Suhosin patch basically blocks PHP include/require functions from executing files ending with .phar, which results in a PHP segfault that leaves no trace of any error at all.

His solution is a pretty simple one - edit the "suhosin.ini" file to allow for the opening of includes in phar files (suhosin.executor.include.whitelist). You can find out more about the Suhosin security tool on the project's website.

On PHPMaster.com today there's a new tutorial showing you how to package up your applications using the phar functionality that's bundled in to recent PHP versions.

PHAR ("Php ARchive") is analogous to the JAR file concept but for PHP. If you have PHP 5.3 or greater, the Phar extension is built-in and enabled; you can start using it without any additional requirements. This article is intended to shed some light on this important feature for those who haven't used it before. Hopefully you'll find it a very helpful tool and have a better and faster deployment experience.

They show you how to create a sample project to build the phar from - a simple application that prints out a message and the contents of a configuration file. Code is included to help you build the phar file and how to define the stub file to pull in your application's files and folder.

Till Klampaeckel has a new post about replacing the now-missing phar port on FreeBSD installations with a custom compile work-around.

I noticed that archivers/pecl-phar vanished from the ports tree on one of my FreeBSD servers. Problem? Reasons to remove the port were: the port is unmaintained, the port was based on the outdated phar extension from pec and that phar (in pecl) contains open security issues. The simple solution is to create a new port which of course will use the phar which is bundled in PHP's core.

He includes the simple five or six step process you'll need to follow to compile your own phar extension for your installation - grabbing the latest source, compiling (configure/make) and putting the resulting shared object (.so) in the right place for PHP to find it. All that's left then is to enable it in the php.ini. Phar is an archive creation tool that (normally) comes bundled with versions of PHP and can be used to both read and write to compressed packages.

On the ZendCasts.com site there's a new screencast posted looking at autoloading in phar, the packaging tool built into PHP. This is a continuation of the series started here.

Building on the foundation from the previous screencast, he shows how to enhance it and allow it to autoload based on an autoloader defined in a "stub.php" file.

You can grab the complete source for this screencast over on github.

In a recent post to his blog Christian Schaefer shows how to use the Goutte tool (a web scraper) to pull information from one site and use it in another Silex-powered one. His tutorial uses a custom service provider for the integration.

Since I discovered the free Facebook App hosting by heroku I keep wanting to make something useful out of it. So I thought about a small service app. Without going into details yet about its nature there was one immediate problem to be solved. How to get hold of the data? So I thought to scrape it off some website. I know this isn't very nice but unfortunately there is no feed I can use.. And how to best scrape a website? Use Goutte!

All you'll need is two things - the goutte.phar and Silex phar files. The code for the service provider is a simple registration of namespaces. With that integrated, it's as simple as making a client object and calling it with a URL.

New today on ZendCasts.com there's a screencast tutorial about using phar archives in your applications.

Phar is a new thing that's developed on the horizon over the last few years that's essentially a PHP archive or library.

He shows how to set up a basic application (non-Zend Framework) that does a "hello world" sort of output showing a date "next week". Also included are the commands to bundle it up into a phar archive using the features already built into PHP. The build stub uses the buildFromDirectory and compression/buffering. He also points out a common problem with the default settings on many PHP installed - an INI setting that disables phar creation. Thankfully, it's easy to change via a ini_set call updating the "phar.readonly" setting.