PHPCR enables developers to use Magnolia CMS within a PHP application. Common scenarios include editing Magnolia CMS pages and creating or updating CMS page properties through a PHP front-end. With PHPCR and the PHP Jackalope implementation, PHP developers can interface with Jackrabbit, the JCR implementation in Magnolia CMS and can connect their Web applications with Magnolia CMS without any special Java training or knowledge.

You'll need to register to view the webinar, but it's an interesting look at integrating this (PHPCR) with a major system to house its content.

The Underground PHP and Oracle Manual is designed to bridge the gap between the many PHP scripting language and the many Oracle Database books available. It contains unique material about PHP's OCI8 extension for Oracle Database, and about other components in the PHP-Oracle ecosystem. It shows PHP developers how to use PHP and Oracle together, efficiently and easily.

Updates include new content related to the Oracle XE 11g release and the latest updates to their OCI8 extension for PHP. Other updates include information about using PHP with Oracle TimesTen, NetBeans and Oracle Tuxedo as well as getting PHP installed on the Oracle Solaris operating system.

The advantages to using shortcodes are obvious. First and foremost, it allows page designs to become far more unique. It also relieves the website administrator from having to create a large list of custom fields in order to perform basic content insertion. [...] And, finally, shortcodes allow a design to come alive and be truly dynamic and interesting to the end user. Too many WordPress blogs and magazine websites have adhered to the format of a big title, a standard block of text, and comments. That no longer has to be case.

They talk about using the "functions.php" file for the custom functionality, who to use them in your posts and how to use them in the theme-specific instances. Using the "add_shortcode" you can relate these custom functions to their codes for both simple and more advanced calls (code included).

Automatic escaping has a certain appeal given its goal of removing the need to type escape() all over your templates. Funny thing, though, is that this is basically its one and only advantage. The second claimed goal is to remove a factor of human error (i.e. forgetting to type escape() somewhere), however, this hasn't posed an issue for me in the past where simple analysis of templates can quickly locate such omissions. And no, using automatic escaping does not remove the need to analyse templates for security issues - that's still needed regardless.

He goes on to define what "automatic escaping" is and isn't and how it relates to the context of the information (the same data may not always be filtered the same way in every place). He talks about scope-limited escaping, context-aware escaping and an idea that could help make life easier - a content security policy defining how the client should behave when interpreting HTML.

Sometimes you may want the users on your site to upload the zip file and then check what are the contents of that zip file. In this article I will tell you how to extract the contents of the zip file. I temporarily extract the zip files to a directory and then delete it afterwards. You can chose to keep the extracted content if you want.

The tutorial walks you through the code, showing you how to use their "ZipArchive" class to grab the file, extract the contents and display a list of the "child files" inside it. You can see a live demo of it in action or just download the source and dive right in.

I've written about Decoupled Content Management before. As the Symfony Live event in Paris is nearing, I thought to give Symfony CMF a spin. Symfony CMF is a new approach at building PHP content management systems, and adheres quite well to the principles of decoupled CMS.

He helps you set up the needed dependencies and content schemas as well as the YML configuration you'll need to set up to get the content repository backend working and integrated. Some command line calls are included to "prime" the database and the application should be ready to go.

One of the coolest things about working on Gimme Bar has been the opportunity to build a platform. While most folks interact with our service via the web site, the site is just one application built on top of the Gimme Bar content collection and curation system. Our web site interacts with the system via our HTTP API, which is open to everyone, not just our internal team. That means that anyone can build applications on top of our platform to suit their own needs or interests.

This simple blog (demo here grabs items from his Gimmie Bar feed and posts them. He includes complete installation instructions and a brief overview of how the parts work together.

If you're writing code that will be shared with others, put yourself in their shoes. Don't let your project lose potential users, community members, and possible contributors all because of insufficient documentation.

He (Matthew Turland) suggests a few things to keep in mind as you're writing up your documentation - the content is "king" (an emphasis on good descriptions/examples/use cases), open it up to external contributions using things like wikis (or even stored in the source code repository) and a focus on technical writing skills. Even the best tools out there can suffer if there's poor or no documentation.

For a long time, we here at Working Software have been strong believers in the "content precedes design" philosophy, as famously espoused by Jeffrey Zeldman and summarised here on UX Myths. [...] We are relaunching this website so we'd gone through the process of creating our "content first" wireframe using Decal Mockups.

They go through their entire process - how they decided what to test on the site, the methods they chose for the testing (including PickFu and Feedback Army) and some of the results of the feedback from each.

Content Security Policy(CSP) is a mechanism in the browser that restricts what content will be requested and run by the browser. CSP does this by passing in a specific response header that tells the browser what resources (images, javascript, css, frames, etc) can be requested and accepted to execute. There are multiple ways to setup CSP for your web site, you can use your web server configuration like I showed in a previous example or use a dynamic scripting language like PHP.

What it really boils down to is setting a header, either X-Content-Security-Policy or X-Content-Security-Policy-Report-Only, to tell the browser what security policy to use and how to honor it. You can find out more about content security policies from this page on the Mozilla wiki. CSPs allow you to define how your site's content interacts and help to prevent issues like XSS and data injection.