Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pádraic Brady:
A Secure Wrapper For Downloading HTTPS Resources Using file_get_contents()
Feb 05, 2015 @ 15:57:41

Pádraic Brady has a new post today sharing a tool he's created to enhance the current PHP file_get_contents function with a safer, more secure alternative, the humbug_get_contents library.

With the release of PHP 5.6, there was a significant security improvement in how PHP handled SSL/TLS protections, namely that it enabled a secure set of default options. Previously, SSL/TLS was disabled by default. No peer verification, no certificate checking, and a lack of configuration options had combined to create a serious problem. You can find this problem easily by searching for file_get_contents() on github and locating a call to this function used to retrieve any HTTP resource while also having zero configuration.

An excellent example of this is Composer which uses file_get_contents() instead of curl to ensure maximum compatibility with using systems. Of course, this beggars a question. If all the SSL/TLS protections are off by default in PHP 5.3-5.5…what’s stopping some irksome hacker from injecting bad code into our Composer downloads? Answer: Nothing.

The package provides a drop-in solution to the possible man-in-the-middle issues that could be caused by the native functionality. It enhances the current function with additional TLS/SSL checking for HTTPS requests on current PHP versions.

tagged: filegetcontents security wrapper https tls ssl library

Link: http://blog.astrumfutura.com/2015/02/a-secure-wrapper-for-downloading-https-resources-using-file_get_contents/

PHPMaster.com:
5 Inspiring (and Useful) PHP Snippets
Jul 02, 2012 @ 15:58:45

On PHPMaster.com there's a new tutorial that shares some useful PHP snippets that you could use in your development.

"X PHP Snippets" type articles abound on the Internet, so why write another one? Well, let's face it… the PHP snippets in them are generally lame. Snippets that generating a random string or return $_SERVER["REMOTE_ADDR"] for the IP Address of a client really aren't that interesting and are of modest usefulness. Instead, here's five snippets that you'll no doubt find interesting and useful, presented along with the problems that inspired them. I hope the creativity in many of them inspire you to write better and more creative code in your own day-to-day endeavors.

Their "five tips" are about:

  • Generating CSV files from an array of data
  • Autoloading classes (in a PSR-0 way)
  • Parsing data with the unpack function
  • Templating in HTML (creating a "View" object)
  • Using file_get_contents as a cURL Alternative
tagged: snippets csv autoload unpack template filegetcontents

Link:

Lorna Mitchell's Blog:
Fetching Your Talks from the Joind.In API
Jun 11, 2012 @ 13:31:30

If you're a speaker (or even if you're not and just want to play with the API) and have information on Joind.in, Lorna Mitchell has a quick way you can pull you information from the site into an easy to use format.

I've recently been thinking that I should also do a better job of linking through to the various talks I'm giving/have given - and at around the same time I was contacted by the good folk at mojoLive about integrating against joind.in. To cut a long story short, the joind.in API now has the functionality for users to retrieve their list of talks!

Her example just uses a file_get_contents to pull the data from the remote URL in a JSON format. You don't need to be logged in to get to the talk information, though, so you won't need to bother with OAuth for this one. A snippet to loop through the results is also included.

tagged: joindin api talk speaker filegetcontents json tutorial

Link:

Lorna Mitchell's Blog:
Gthub API: Issues List
Jan 11, 2011 @ 15:56:26

Lorna Mitchell has a handy tip for those PHPers out there that use Github and want to pull off the issues from their project's Issues List quickly and easily - use their API (super simple).

I looked around for some export functionality for github but I got a lot of posts complaining it wasn't there. Since I hate applications that take your data and refuse to let you remove it, I was disappointed by this news but further inspection showed that although there might be no "export from github" button, there's an API that more than has it covered.

She gives an example of how to fetch only the currently open issues (the important ones) and pull then back through the API as a JSON message. Her little code snippet uses file_get_contents, but this can obviously be adopted to whatever use you might want. You can find out more about the things you can do with the Github API on the develop.github.com site including features to work with organizations, users, pull requests and gists.

tagged: github api issues json tutorial filegetcontents

Link:

Quinton Parker's Blog:
Try-catch suppress?
Mar 20, 2009 @ 12:56:13

In this new entry to his blog Quinton Parker looks at some strangeness he's found around the try/catch functionality in PHP. His specific example involves file_get_contents.

PHP never ceases to amaze me. Just the other day a colleague discovered that you can suppress error messages reported by file_get_contents() using the try-catch statement. That should’ve raised an eyebrow.

His sample code shows the normal error that a file_get_contents on a nonexistent file would give then wraps it in a try/catch. The same path is put into the file_get_contents but, because of some sort of interesting handling, isn't reported in the catch. He's at a loss and is asking for help figuring this one out from the readers out there. Be sure to leave a comment if you have more info.

tagged: try catch exception handling supress filegetcontents

Link:

Kae Verens' Blog:
efficient JS minification using PHP
May 21, 2008 @ 15:25:35

In a new post today, Kae Verens takes a look at a method for easy and quick javascript minification with help from a little bit of PHP.

A useful part of minification is that during the act of compiling your minified source, you can also pull in other JavaScript files and compiled them all into one single source. This has a major advantage that there is only one file to download.

The method runs a file_get_contents on each of the javascript files, and pulls their content into a single PHP variable. This value is then just echoed out after it's passes through this minimizer class.

Kae also offers an alternative to performing this expensive operation each time - caching then checking the md5 hash of the cache to see if it's different than the current version. Example code is included.

tagged: efficient minification filegetcontents caching javascript

Link:


Trending Topics: