As Ars Technica reports, there was a recent exploit found on the SourceForce website's installation of phpMyAdmin that allowed an attacker to POST anything to the site to be executed.

Developers of phpMyAdmin warned users they may be running a malicious version of the open-source software package after discovering backdoor code was snuck into a package being distributed over the widely used SourceForge repository. The backdoor contains code that allows remote attackers to take control of the underlying server running the modified phpMyAdmin, which is a Web-based tool for managing MySQL databases. The PHP script is found in a file named server_sync.php, and it reads PHP code embedded in standard POST Web requests and then executes it. T

The backdoor was somehow snuck into the code of phpMyAdmin on one of the mirrors and distributed to those downloading version 3.5.2.2. They think that the only downloads that were tainted with this issue were on the "cdnetworks" mirror site. You can find out more about the issue in this advisory - be sure you check your installation for a "server_sync.php" file and remove it if it exists.

Sad news today from PHPBuilder.com - Tim Perdue, the founder of the PHPBuilder.com site and contributor to the SourceForge project as one of the original developers has passed away at 37.

The PHPBuilder staff was saddened to learn that the founder of our site, Tim Perdue, passed away on September 16 , 2011, after a battle with cancer. At only 37 years of age, Tim's passing came much too soon, but his contributions to the PHP and open source communities assure him a lasting legacy.

Related posts include this tribute from his company, GForge and this article from Jake Ludington on LockerGnome. Digging through our own archives, I found this interview with him back in 2002 (an archive.org link, the original is no longer there).

Christian Weiske has a new post about a move the phpfarm tool has made over to SourceForge for its project page. phpfarm makes it simple to switch between multiple versions of PHP on the same server to make debugging and development a much simpler task (especially if you're not in a homogeneous environment).

phpfarm, the tool that lets you install multiple PHP versions beside each other, finally got a proper project page on SourceForge. By moving from svn.php.net to SF, phpfarm got a nice git repository, a wiki and a ticketing system. It also has a Phing build file now which generates and uploads release files, so people don't have to install git to get phpfarm.

His post also includes some of the changes made in the latest release (0.1.0) and how you can clone the code from the SF.net repository.

As mentioned on the symfony blog, the framework has been nominated as a finalist for the SourceForge Community Choice awards in three different categories:

• Best Project
• Best Tool or Utility for Developers
• Best Project for the Enterprise

If you'd like to help the framework (and the team behind it) win an award in this year's competition, head over and vote for them in each of the three categories.

Popescu Valentin has submitted a tool that he and and Radu Gasler have created to help you run your PHPUnit tests via a web interface.

I made a web interface for runing PHPUnit test suites and seeing the results in a cool environment of AJAX. Features Runing speciffic tests or whole suite, seeing the errors and thrown exceptions connected to the test that thrown them, ability to see the code coverage result for the test suite. All these done in an interactive interface allowing run of the tests where the user can not interract with the system command line (web server). The software is totally free.

You can find complete details about the tool (and downloads) on its SourceForge page (as well as donate if you like it!)

SourceForge is holding their Community Choice Awards again this year and they've opened it up so that you can nominate your favorite project, PHP or not, to be considered for an award.

The awards program allows the community to recognize open source software projects that are built with the highest quality, creativity and ingenuity. [...] Nominations will be accepted until May 29th, and the ten projects with the most nominations in each category will become finalists. The winners will be announced at a party, held at the Agenda Lounge in San Jose, CA, starting at 6:00 pm PT on the night of July 23rd, during the week of OSCON.

PHP-related nominations include the web2project web-based project management solution and the Symfony framework (in a few different categories).

In a new post to his blog Andi Gutmans mentions how the Zend Framework was "well represented" in this year's SourceForge Awards.

The Zend Framework team will be watching closely, since no fewer than two (!) new ZF-based projects have made it in to the finals: Magento and Tine 2.0.

Magento is a very popular eCommerce application that makes setting up an online shop quick and easy. It's well designed and has been nominates to several community spots like "Best Project for the Enterprise" and "Most Likely to Change the World".

Time 2.0 is focused on intranet collaboration and is a rewrite of the eGroupWare project (a collaboration suite allowing for instant access of any data from just about anywhere there's an internet connection).

You can cast your vote for these and other great community projects by logging in to SourceForge and selecting your favorites from the lists.

The Zend Developer Zone has come across an interesting face about the SourceForge website - it uses the Zend Framework to add OpenID functionality to its pages.

According to the press release from SF about their OpenID support:

OpenID is getting tremendous traction and we're happy to be jumping into it. it's bringing us back in touch with fresh web (2.0) technology. [...] We've spent the past couple weeks on it - integrating the Zend Framework OpenID component into our site code. we like the framework as a whole and I personally hope to use more of it in the future.

There might be a few kinks in the process, so if you're seeing issues with your OpenID working on their site, check out the FAQ they've posted to help.

Vinu Thomas has proposed a replacement for the usual var_dump or print_r sort of debugging developers tend to do - Krumo.

To put it simply, Krumo is a replacement for print_r() and var_dump(). By definition Krumo is a debugging tool (now for PHP5 only), which displays structured information about any PHP variable [...] it does the same job, but it presents the information beautified using CSS and DHTML.

It also supports output of other data in a "pretty format" like backtraces, included files and a listing of all constants. You can check out a demo of it in action here.

On his blog, Vinu Thomas has posted a guide to installing the Java bridge for PHP on an Ubuntu system:

If you're looking for the easiest way to install the PHP Java Bridge in Ubuntu, follow these simple steps...

The basic steps are quick and easy - be sure you have Java installed on your system (commands to install are included), download the Java bridge from Sourceforge and issue the commands (again, included) to install it into your apache2 package.