On the SaniSoft blog Tarique Sani has posted about (and made available for download) some code sniffs for the CakePHP framework. Some problems arose with some of the naming that the framework uses, but with some "tinkering around"...

[It became] apparent that I had to have my own set of Cake sniffs to manage this but a separate standard just for this seemed an over kill and the simplicity of code made it kind of fun to add more standards which I liked but were in different set of sniffs.

You can grab the whole list of sniffs from their downloads. They implemented them as a pre-commit hook on their SVN server even so that developers could not violate the coding standards when they submit their code.

The mentor list for this year's TestFest 2008 has been started (as mentioned by Ligaya Turmelle on her blog). The list so far includes people from the community like:

• Elizabeth Smith (near Chicago)
• Pierre Joye (Munich)
• Sebastian Bergmann (Cologne)
• David Coallier (Ireland & various others)

Local organizers are still being assigned. Those considered must already committers at PHP.net and will be available to answer questions for their given areas. Ultimately, they will do the final commits of the resulting tests.

Resulting from a conversation among developers at this year's PHP Quebec 2008 conference, a new event has been created to help test PHP against as many different configurations as it can be - TestFest.

The TestFest is an event that aims at improving the code coverage of the test suite for the PHP language itself. As part of this event local UG are invited to join the TestFest. All it takes is a local organizer to spear head the event and to get others involved in writing phpt tests. The submissions will then be reviewed by members of php.net before getting included in the official test suite.

The even will be announced sometime in March and its hope is to get as many people in the community involved to improve the language. There'll also be a raffle to give away 10 of the stuffed elePHPants as well as, for the ones who are "test worthy" and seem able to write up good tests on their own - commit CVS access to php.net as well as an official php.net account.

For more details on the event, check out this page on the (new) PHP.net wiki.

Michael Kimsal has posted some more thoughts on what he calls the "sad state of PHP development" pointing out some of the practices of the PHP group surrounding the development of the language.

Every few months there's a release, whether large or small, which introduces new features and bug fixes. However, with every release also comes fears of tiny, sometimes undocumented, changes that break existing code, and often for no solid reason other than someone with commit access decided they liked the 'new' way better than the old way.

He points out a specific example, get_object_vars and how its return values were changed in an earlier release as well as the update to glob made recently to change its return types.

In his opinion:

No changes should be made to the PHP core without an issue being opened, either in the 'bug' tracker or some other issues tracker.

Be sure to check out the comments for other great opinions on the topic.

The Internet Super Hero blog has two happy announcements posted today - the new mysqlnd driver has officially been committed to the branch for the next major PHP release - PHP 5.3 and their renewed support for PDO.

First, we are proud to announce that one year after the announcement to develop a new MySQL native driver for PHP (mysqlnd), the new driver has been committed into the 5.3 branch of the PHP project.

The second news is that we will strengthen our commitment into PHP by improving our support for PHP Data Objects (PDO). We will work on a PDO/mysqlnd driver, both for PHP 5.3 and PHP 6.0. Development starts in these days and will include QA, testing and documentation as we go forward.

For those not familiar with the driver, they also have a brief overview of what it is and what it does differently than the normal MySQL driver as well as a look at which driver they consider the best for which PHP version.

David Coallier has some happy news for PHP developers all over - namespaces have officially been committed to to HEAD branch:

This means that the next PHP version (5.3) will have namespaces. The patch by Greg Beaver to allow multiple namespaces has not been applied yet but I sure do expect it to be applied to 5_3 and HEAD soon.

More technical details can be found via the patch details and some basic articles on how to use them in your code.

In a new post to the PHP Security Blog, Stefan Esser points out a recent commit to the PHP core as a fix to the session handling in PHP:

I just came back home and saw a very recent commit to PHP's session management. It is another attempt to fix the session cookie attribute injection that the PHP developers already tried to fix in PHP 5.2.3 without giving any credits. [...] their new fix that consists of blacklisting a bunch of legal characters from the session id, will most probably result in hundreds or thousands of broken sites.

Stefan points out that the fix blocks several valid characters that sites could potentially use in their session IDs, and that with this new code in place, it could drastically effect those site's functionality.

As of the time of this post, however, it seems that the issue has been recognized and corrected so as not to cause the above mentioned issue in future updates.

Secunia has a new advisory posted concerning an issue discovered with PHP's SOAP extension's HTTP authentication mechanism:

The weakness is caused due to the use of an uninitialized variable within the function "make_http_soap_request()" of the SOAP extension when calling "php_rand_r()" to generate the nonce for the digest authentication, which may result in a weak and predictable nonce.

The issue is marked as "less critical" but should still be taken into consideration. The issue has been corrected in the latest CVS commit.

The results from the latest poll the International PHP Magazine conducted this past week are in. The question they asked developers to respond to was "Which One of the Following Ensures Smooth Implementation of PHP Sessions?".

Options this time were:

• Don't use underscore in host names
• Commit your session before it redirects
• Prevent session fixation
• Don't expose session_id's

The results were pretty close for all of the options with one coming out on top (committing the session) and two tying for second - preventing session fixation and not exposing session IDs.

Subversion and Symfony users should cast their votes in this week's poll. It asks, of the four options given, which is your favorite "trick" to running the Symfony framework with Subversion.

On his blog today, Ilia Alshanetsky has posted an update on one of the last issues before PHP 5.2 is released - the Filter extension - and some of the problems that have surrounded it.

If you have been monitoring PHP's internal mailing list you probably know that over the last few weeks we've been locked in a stalemate in regard to the API revision of the filter extension brought to light by Dan from our documentation team. This is also the reason why despite this being early October PHP 5.2 is still not out.

Fortunately, after mediation with Derick and Pierre the two protagonists of the filter conundrum a compromised was finally reached.

He mentions the commit that was made to include it into the current build, and no complaints have been lodged against it. He also comments that, with this isse out of the way, developers can look for PHP 5.2RC5 out as soon as this Thursday (10.05.06). Ilia also gives a brief tour of the filter extension's functions.