Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Symfony Blog:
Cross Application Links
Feb 19, 2009 @ 18:56:08

Fabien Potencier has recently posted a tutorial over on the symfony blog about using cross-application links in your application:

A symfony project is made of one or more applications. Applications share nothing, but the model classes. But, even if the symfony documentation is crystal clear on the subject, many developers want to share more than just the model. The most requested feature being the ability to create links to a frontend application from a backend one.

This sort of linking is relatively simple in the 1.1 release of the framework - its instances of sfRoutingConfigHandler and sfPatternRouting that let you create the configuration classes (and code) to grab information and functionality from one application to another.

tagged: symfony cross application link route configuration

Link:

Hardened-PHP Project:
phpMyAdmin - error.php XSS Vulnerability
Nov 02, 2006 @ 19:04:00

The Hardened-PHP project has released another vulnerability today, this time for the popular phpMyAdmin database management package concerning an issue with the "error.php" file being open to an XSS vulnerability.

It was discovered that phpMyAdmin comes with a script to display error messages that supports displaying the error in a user supplied charset. Unfortunately the encoding of the error message is not taking the charset into account which can result into XSS when UTF-7 is selected. (Other charsets like US-ASCII can also be used to exploit this in some browsers.)

There is no proof of concept posted for this exploit and, since it only effects phpMyAdmin versions 2.9.0.2 and lower, it's suggested that you update to the latest release as soon as possible to correct the issue.

tagged: vulnerability phpmyadmin error cross site scripting download vulnerability phpmyadmin error cross site scripting download

Link:

Hardened-PHP Project:
phpMyAdmin - error.php XSS Vulnerability
Nov 02, 2006 @ 19:04:00

The Hardened-PHP project has released another vulnerability today, this time for the popular phpMyAdmin database management package concerning an issue with the "error.php" file being open to an XSS vulnerability.

It was discovered that phpMyAdmin comes with a script to display error messages that supports displaying the error in a user supplied charset. Unfortunately the encoding of the error message is not taking the charset into account which can result into XSS when UTF-7 is selected. (Other charsets like US-ASCII can also be used to exploit this in some browsers.)

There is no proof of concept posted for this exploit and, since it only effects phpMyAdmin versions 2.9.0.2 and lower, it's suggested that you update to the latest release as soon as possible to correct the issue.

tagged: vulnerability phpmyadmin error cross site scripting download vulnerability phpmyadmin error cross site scripting download

Link:

Greg Beaver's Blog:
phpDocumentor and PEAR - interesting crossing of paths
May 03, 2006 @ 03:06:50

Greg Beaver has a new post today on his blog concerning the interesting crossing paths of the phpDocumentor project and PEAR.

Yesterday and today I released phpDocumentor 1.3.0RC6. Aside from a number of exciting features and many important bug fixes, including some bugs opened over 2 years ago (!) this release is unique in another way: in addition to working as a PEAR-installable package, it also works as an extracted file.

He notes that this improvement not only makes installing the phpDocumentor package more flexible, but it also makes it a snap to get up and running. Those used to the PEAR package system will be happy to know it's a simple "pear " command away. It makes full use of the package.xml 2.0 features to really make the install nice and clean.

tagged: pear phpdocumentor cross paths install phpdoc package pear phpdocumentor cross paths install phpdoc package

Link:

Greg Beaver's Blog:
phpDocumentor and PEAR - interesting crossing of paths
May 03, 2006 @ 03:06:50

Greg Beaver has a new post today on his blog concerning the interesting crossing paths of the phpDocumentor project and PEAR.

Yesterday and today I released phpDocumentor 1.3.0RC6. Aside from a number of exciting features and many important bug fixes, including some bugs opened over 2 years ago (!) this release is unique in another way: in addition to working as a PEAR-installable package, it also works as an extracted file.

He notes that this improvement not only makes installing the phpDocumentor package more flexible, but it also makes it a snap to get up and running. Those used to the PEAR package system will be happy to know it's a simple "pear " command away. It makes full use of the package.xml 2.0 features to really make the install nice and clean.

tagged: pear phpdocumentor cross paths install phpdoc package pear phpdocumentor cross paths install phpdoc package

Link:

Marcus Whitney's Blog:
Microsoft Teaches PHP, JSP and ColdFusion With "Cross Training"
Feb 28, 2006 @ 12:35:11

According to this post on Marcus Whitney's blog, it seems that Microsoft has been listening to the various other web development communities (PHP, Ruby on Rails, etc) and has started an initiaitive to inform developers about the integration of their favorite language with .NET rather than assaulting them with more ".NET is the way of the future" marketing.

Windows is making a strong play for the server market with their "Cross Training for Developers" program. And look at the co-sponsors: O'Reilly and Dr. Dobbs. Not too shabby.

Oh, and if you dig around on the site you will see tutorials on PHP, Java and Coldfusion. You will also see that if you sign up for three of their webcasts you will get a free copy of Visual Studio 2005, a free book and some other stuff that they don’t tell you about. What better way to fend off the IBM/Eclipse onslaught than start giving away Studio. Whoever said Microsoft wasn’t getting smarter with age was wrong.

It's an interesting tactic, and it'll be interesting to see how it turns out. So far, from what Marcus has said, it seems like a half-hearted effort - but that might just be because it's just getting the ball rolling.

tagged: jsp coldfusion java teach collaboration cross training jsp coldfusion java teach collaboration cross training

Link:

Marcus Whitney's Blog:
Microsoft Teaches PHP, JSP and ColdFusion With "Cross Training"
Feb 28, 2006 @ 12:35:11

According to this post on Marcus Whitney's blog, it seems that Microsoft has been listening to the various other web development communities (PHP, Ruby on Rails, etc) and has started an initiaitive to inform developers about the integration of their favorite language with .NET rather than assaulting them with more ".NET is the way of the future" marketing.

Windows is making a strong play for the server market with their "Cross Training for Developers" program. And look at the co-sponsors: O'Reilly and Dr. Dobbs. Not too shabby.

Oh, and if you dig around on the site you will see tutorials on PHP, Java and Coldfusion. You will also see that if you sign up for three of their webcasts you will get a free copy of Visual Studio 2005, a free book and some other stuff that they don’t tell you about. What better way to fend off the IBM/Eclipse onslaught than start giving away Studio. Whoever said Microsoft wasn’t getting smarter with age was wrong.

It's an interesting tactic, and it'll be interesting to see how it turns out. So far, from what Marcus has said, it seems like a half-hearted effort - but that might just be because it's just getting the ball rolling.

tagged: jsp coldfusion java teach collaboration cross training jsp coldfusion java teach collaboration cross training

Link:


Trending Topics: