In a new post to his blog today, Ken Guest talks about the split that's been made in a PEAR package for calculating the dates of holidays (Date_Holidays) for localization reasons.

We decided that this one package should be split into subpackages: one subpackage per region/country. Some advantages of this approach are that each driver / filter / subpackage gets it's own stability and version number - we wouldn't have to keep increasing the version number of Date_Holidays each time a new driver is added or when an existing driver gets a significant number of fixes.

To replace your current version of the package (with all of the regions built in) with a new version that still contains all versions, uninstall the Date_Holidays and grab the "Date_Holidays#all" package. Otherwise, you can check out the PEAR page for the main package and see the subpackage list if you only need one for your area.

Padraic Brady has noted that the latest release candidate of the HTMLPurifier software has been posted for download:

HTMLPurifer is possibly the most understated underpublicised quality library in PHP today. I consider it a fundamental standard library that is automatically included in every PHP web application I start these days.

This latest release candidate (their first!) includes updates on two major features - the use of autoloading and a change to the way you use the filters. Check out a demo of it in action or just download this latest release and try it out for yourself.

Ed Finkler has released the latest version of his Inspekt input filtering/output validation library for PHP5:

I've uploaded the 0.3 release of Inspekt, the input filtering and validation library for PHP4 and 5. With this release, Inspekt completes the goals of the original specification for the OWASP SpoC007 project. I believe it is ready for "real-world" use.

Along with the new code being released there's also more documentation, API docs, a PEAR channel and a mailing list.

Michael Girouard has a post on his blog about something that's becoming more and more wide-spread in the PHP community (thankfully) - filtering input from users and escaping the output to ensure the safety of your application.

The idea itself is simple. When data comes into your application, it must be filtered prior to it actually being used for any reason. This means all data. Form values, URL values, and yes, even the values in the forever useful $_SERVER superglobal. [...] Before leaving your application, data should be properly escaped with the specific output medium in mind.

Previously he showed how, using an interceptor method in PHP5, you could build "collections of data". He uses the same sort of method here, appling custom filters to the data based on the output call. Code is included for both the filtering interface and two example filters - one for SQL and the other for HTML.

You can also grab the code if you just want to play with that.