On the PHPClasses.org blog today there's a new post looking at the security vulnerability that effected not only PHP but lots of other languages making them susceptible to attack from the outside.

In PHP and several other languages used to implement Web applications, arrays are used to store the values of request variables such as $_GET, $_POST, $COOKIE, etc.. IF you receive a request with a large number of request values, until recent versions PHP may run into trouble.

He goes on to explain why there's an issue with the array overloading and what PHP has done in recent releases to help correct the issue - the max_input_vars setting in the php.ini. He also points out that this is not a new issue - it was originally identified back in 2003 (with a video of the original presentation). He points out that the most recent releases of the PHP language have this fix in them and, if at all possible, you should upgrade to protect your applications.

In a quick note from the PHP.net site, they have a warning for those running PHP 5.3.7 (the most recent release) - there's a bug that's serious enough (with crypt) to where upgrades should probably wait until 5.3.8.

Due to unfortunate issues with 5.3.7 (see bug#55439) users should wait with upgrading until 5.3.8 will be released (expected in few days).

The issue causes the crypt() function to only return the (MD5-only) salt it was given instead of the correctly hashed string. If you need to replace this immediately, you can pull the latest from the snaps site (or binaries for Windows). Keep an eye out for PHP 5.3.8 in the near future.

Mike Purcell has a recent post to his blog looking at the rumors of a Symfony 1.x fork and some of his own thoughts on the matter.

It's amazing that we are even having this type of discussion. We opted to use Symfony back in 0.x for some high traffic projects. [...] And now here we are on 1.4. Content and happy with the throughput the dev team is able to maintain. But now Symonfy says that 2.0 will be released and is completely different than 1.x? How is that fair to the companies, individuals, and hobbyists who have sunk time over the last four years ramping up to a point where we can take advantage of RAD (rapid app development) approach that Symfony provides?

He wonders if this same discussion will be being had years down the line when Symfony3 decides to come up on the horizon. Will there be such a major change in the architecture that developers, only a few years earlier making the major change to to Symfony2, will get burnt again?

In a new post to his blog Ruslan Yakushev points out a new build of WinCache (the Windows caching tool for PHP) that makes life easier for WordPress users who want it to be able to to the auto-upgrade correctly.

The WinCache extension 1.1 for PHP has been released last year. Since then several customers reported a bug in the extension that prevents WordPress and other PHP applications from performing automatic upgrades or their plugins. This was reported on WordPress forum as well as on WinCache forum. The new build of WinCache with the fix for this problem is available now at the following location: https://sourceforge.net/projects/wincache/files/development/

He asks for feedback if things still don't work - either as a comment in the WinCache forum or as a bug to the PECL database. This will help them improve the support in future releases and make it even easier for those running WordPress on Windows to keep their sites running smoothly.

Elliot Haughin has posted some of his thoughts about the huge amount of changes the CodeIgniter framework project has been going through lately including moves to Bitbucket, the "Core" versus "Reactor" branches and how he sees it all as "rather messy".

It was just a few months ago that the CodeIgniter community began to explode with a torrent of frustration that CodeIgniter simply wasn't progressing as a framework. There were also a few prominent developers considering abandoning the framework in favour of more active alternatives. [...] Before we go patting ourselves on the back, and heralding the reactor as a great success, there's a much wider question we need to look at: 'Are people actually upgrading?'.

He notes that, based on his experiences, people don't seem to be upgrading to this latest release and that several people still see Reactor as a "beta" and not a viable upgrade alternative. He suggests three things he think could help - a good upgrade guide, a stop of support in libraries for non-Reactor codebases and encouragement to use mercurial more (cloning the repo).

On PHPEverywhere John Lim has posted some of his experiences in his migration up from PHP 5.2 to version 5.3 for his site, including code issues and how he upgraded.

Now that PHP 5.2 is at the end of life, we are starting to migrate to PHP 5.3.

Things he mentions are:

• The deprecation of session_register
• The change of creating a new object by reference
• Other deprecated functions listed here
• His commands to upgrade his Zend Server instance from 5.2 to 5.3

In this new post to his blog today, Wim Godden looks at how you can use the PHPUnit unit testing framework to be sure your applications are ready to move to a PHP 5.30-only world.

So you or your team has built anywhere between 5 and 500 projects in PHP 4, 5.1 and 5.2 over the past 5 years. And now PHP 5.3 is there, offering a lot of very interesting features, including namespace support, late static binding (finally !), closures, nested exceptions and a bunch more (see the new feature list). So naturally, you'd like to upgrade. But doing so might break some old code.

He suggests a few different options - just run your unit tests and hope for the best, test the application's code directly or, his preference, run compatibility tests with the help of PHP_CodeSniffer and this new sniff he created. The sniff finds things like deprecated functions hanging around from pre-5.3 times as a part of a subset that the code sniffer can easily find.

If you've been having issues upgrading to the latest version of PHPUnit (v3.5), Sebastian Bergmann might have the answer to your problems that's related to the PEAR installer and this bug.

The new dependencies of the PHPUnit package, such as PHPUnit_MockObject for instance, are installed first. The PHPUnit package itself is installed last. And herein lies the problem: PHPUnit_MockObject installs the new version of MockObject/Generator.php before the PHPUnit package is upgraded. This upgrade deletes the MockObject/Generator.php file as it previously belonged to the PHPUnit package.

He includes two complete file listings showing the difference in the structure before and after the upgrade. The PEAR installer is at fault due to a misunderstanding it has about where the MockObject/Generator.php file belongs. The only way to fix this, currently, is to force install the new subpackages instead of just an update - DbUnit, PHPUnit_MockObject and PHPUnit_Selenium. Instructions and a resulting files tree are included so you can insure your install is correct.

Chris Jones has a new post to his Oracle blog about the latest release of the OCI8 for PHP drivers to connect Oracle and PHP - version 1.4.3 - now available on PECL.

Why the two releases so close in time? The OCI8 extension is one of the few extensions that has a dual identity, being in both the PHP bundle and in the PECL repository. OCI8 1.4.2 contains the same code as in the recent PHP 5.3.3 release. The PECL bundle was made for anyone who wants a PHP 5.5.3-identical version of OCI8 when installing via PECL.

He describes some of the bugfixes that comes with this release (and what specific circumstances if effects) as well as the requirements you'll need to be able to upgrade to this new version.

On PHPBuilder.com there's a recent article detailing some of the updates in the latest version of the ExpressionEngine product (CMS) from EllisLab.

This popular Web development solution recently took another major step forward with the July 12 release of ExpressionEngine 2.1, the product's first major upgrade in several years. Version 2 sports a number of new features and significant improvements over its predecessor, many of which I'll highlight in this article.

He touches on a few of the updates in this latest revision:

• CodeIgniter Integration
• Redesigned Control Panel
• Improved Template Management
• Integrated File Manager and Image Editor
• Accessories (a sort of add-on feature)

You can find out more about ExpressionEngine on its site.