This paper will give an overview on XPath an addressing language for XML documents. XPath is a W3C recommendation currently in version 1.0. XPath was created in relation to the XSL recommendation and is intended to be used with XSLT and XPointer. Beside that, XPath can be used in a variety of programming languages, commonly in combination with a DOM API.

The article starts with an introduction to the concept of XPath, moves on to addressing, talks about XPath axes, mentions functions/operators/conditions and looks at styling XML with XPath and XSLT.

Just got bitten by this one when updating to the latest version of CakePHP. If you use code [checking to see if the return from a save() is true] in your app, you're in for a surprise. Because as of revision 5895 Model::save() now returns Model::data on success if its not empty.

He notes that most developers don't seem to do it this way, but it tripped him up enough to where he wanted to share it with the CakePHP community so they'd know. Check out the comments on the post for other issues that might be caused by the change.

One of the problem with race conditions is that it is often difficult to actually witness the ramifications of one when it happens, especially if you are not aware of it. If you've used PHP's built-in, default session handling (that uses files), you'll never come across the problem. However, things get interesting once you start using session_set_save_handler to write your own session handler.

He breaks it down into some more manageable chunks:

• A Multi-processing but non-Threaded Environment
• The Default PHP Session Handler
• Observing the Race Condition
• The Demo App Interface
• Resource Contention
• Minimizing Lock Holding Time
• Why is per-variable locking important?
• Rolling Your Own Session Handler
• The Code

One of the things I don't see getting to much coverage is how to create good templates when working with CakePHP. Since those are written in plain PHP, this does not apply to CakePHP only. So I'm sure many people have already developed their own style that they are comfortable with and I don't ask for them to change it. However, maybe some people new to the framework / language can benifit by taking a look at the one I'm using.

He covers a few different topics:

PHP tags
• Conditions
• Loops
• the linebreak issue
• avoiding multi-line statements
• Creating Zebra striped table rows

The design of the open_basedir feature of PHP that is meant to disallow access to files outside a set of configured directories is vulnerable to race conditions.

It was discovered that this design flaw can be exploited with the usage of PHP's symlink() function in a very easy way. We believe that the only solution to this problem is disabling the function symlink() while open_basedir is used (this feature was therefore added to our Suhosin PHP Security Extension).

They also note, unfortunately, that the problem may not be fixable due to how it can be implemented. They provide a more detailed explaination and some PHP psuedo-code to help illustrate the point.