Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Evozon Blog:
GDPR – a brief reality check
Nov 03, 2017 @ 11:18:45

On the Evozon blog there's a post that provides "a brief reality check to developers about GDPR" and how it effects them and their applications. GDPR (General Data Protection Regulation) is a regulation passed in Europe that enforces certain requirements about personal data and how it should be handled.

If you`re reading this, it means you`ve already heard about it or you`re about to receive some flash-news: there`s a new all-encompassing data privacy regulation in the EU. Ready or not, 25th of May 2018, the date when the General Data Protection Regulation (GDPR) becomes effective, will wait for nobody. If there’s any buzz around it, it`s because of a good reason: businesses will have to comply, software will have to evolve.

While there is still some uncertainty around certain parts, the article goes through some things you can do to help you prepare and make your application compliant including:

  • discovering and documenting the purpose of the data that is being collected
  • providing clear notification of data collection for the user
  • define retention periods and deletion policies
  • tracing any changes that happen with the data

The article does a good job providing a "checklist" of sorts you can use to ensure you're compliant. Of course, it's by no means an actual method of compliance but it does provide a good list to guide you in the right direction.

tagged: gdpr data protection personal information europe regulation

Link: https://magento.evozon.com/gdpr-a-brief-reality-check.html

Mattias Geniar:
Mitigating PHP’s long standing issue with OPCache leaking sensitive data
Feb 28, 2017 @ 11:39:33

In a new post to his site Mattias Geniar looks at an old security issue in PHP, opcache information leakage and how to mitigating the issue.

A very old security vulnerability has been fixed in PHP regarding the way it handles its OPCaches in environments where a single master process shares multiple PHP-FPM pools. This is the most common way to run PHP nowadays and might affect you, too.

He starts by talking about the vulnerability itself, that the PHP process doesn't validate the userid when fetching cached bytecode. This could result in information from other operations/scripts being exposed to other processes in a PHP-FPM pool. His solution? Upgrade PHP (the bug is fixed back in PHP 5.6.5) and set a few additional opcache ini settings to enforce the validation. Besides 5.6.29, it was also corrected in the PHP 7 releases (7.0.14 and 7.1.0). The post then talks about the potential exploit - an indirect local privilege escalation to root where the shared memory is read and access to outside information is possible.

tagged: opcache bytecode security issue leak sensitive information mitigation

Link: https://ma.ttias.be/mitigating-phps-long-standing-issue-opcache-leaking-sensitive-data/

Laravel News:
Laravel Cheat Sheet
Apr 07, 2016 @ 11:20:09

As is mentioned in this new post to the Laravel News site, there's a handy Laravel Cheat Sheet that's been published to help keep relevant Laravel information at your fingertips.

The Laravel Cheat Sheet is a new project from the EST Group that shows you many of the Laravel features from a filterable web app. For those that have used Laravel for a few years, you may notice the similarities to Jesse O’Briens.

Jesse hasn’t had time to keep his version up to date which left an opening for this new one. However, I’m disappointed in the similarities. Even though both are open source it just feels odd to me that this one looks so much like Jesse’s.

You can view the project directly (via GitHub pages) or grab the source if you'd like to check it out.

tagged: laravel cheatsheet project github information quick reference

Link: https://laravel-news.com/2016/04/laravel-cheat-sheet/

Damien Seguy:
Prepare for PHP 7 error messages (Series)
May 26, 2015 @ 09:35:11

For those looking forward to PHP 7, there's a new series of posts from Damien Seguy that can help you with some of the newer error messages and what might be causing them.

The first step to prepare for PHP 7 is to lint it : using the command line instruction ‘php -l script.php’, one can easily check that every file in a current application compile with PHP 7. The second step is to run the application and the unit tests : in short, execute it with PHP 7. And this is where we’ll learn about the new errors that PHP has prepared for us. In order to be one step ahead of the migration, this article will help you prepare here is a panorama on PHP error messages.

In part one he looks at some of the most often raised errors including the incorrect use of "$this" and undefined offsets. Part two gets into a few more complex messages about return type hinting, the constant scalar expression and using temporary expressions in a write context. Finally, part three looks at messaging around redefinition of identical parameters, bit shifting by a negative number, named constructor deprecation and strict typing. Each part of the series covers a few more than just the ones listed here too, so be sure to check each for more helpful error messages and solutions.

tagged: php7 error message help series part1 part2 part3 resolve information

Link: http://www.exakat.io/php-7-error-messages-part-1/

Derick Rethans:
Xdebug 2.3: Moar var_dump()
Feb 27, 2015 @ 09:58:40

Derick Rethans has a new post to his site starting a series of posts about the new features of Xdebug 2.3. In this new post he talks about an improvement that's been made to the output provided by var_dump with more information than before.

One of the new features relates to one of the first things that I added in the original Xdebug: making the var_dump() output "pretty". Xdebug replaces PHP's standard var_dump() function with its own version, as long as the xdebug.overload_var_dump setting is not set to 0. [...] Xdebug 2.3 enhances the overloading of var_dump() with the inclusion of the file name and line number where var_dump() is called at. This has been a long standing feature request.

He provides a few sample screenshots comparing the old and new output formats and mentions another handy setting, xdebug.file_link_format, that makes the resulting filename a link in a browser and lets you customize the format.

tagged: xdebug vardump overload file path information output improvement release

Link: http://derickrethans.nl/xdebug-2.3-overload-vardump.html

NetTuts.com:
A Practical Use of WordPress Global Variables
Sep 23, 2014 @ 11:54:09

On the NetTuts.com site there's a new post (a part of a series) that introduces you to the global variables available in WordPress and provides a practical use for them.

In the first article in this series, we reviewed an introduction to WordPress global variables. Specifically, we said that they are variables that hold a variety information that can be accessed from anywhere in the WordPress page lifecycle. We learned how to access a global variable and display various details about the latest post using the $post global variable. In today’s article, we will dive further into global variables by learning how to access them to display the author information.

In this post they focus on extracting user (author) data from the system via the "authordata" global variable. He shows an example of a print_r output of the data it contains and use this to filter posts, only showing three per-author.

tagged: wordpress global variable author information authordata

Link: http://code.tutsplus.com/tutorials/a-practical-use-of-wordpress-global-variables--cms-20854

SitePoint PHP Blog:
PHP and WMI – Dig deep into Windows with PHP
Dec 24, 2013 @ 12:30:25

On the SitePoint PHP blog they've posted a new tutorial that "digs deep" into PHP on Windows with WMI, the Windows Management Instrumentation functionality - a web-based architecture information gathering system.

There are many devices (servers, desktops, laptops, tablets, phones, etc) running a Windows operating system. Many of us who live in the nix based world have to work in this OS, or if we don't, we will, sooner or later. Besides the regular tools we can expect from a *nix system (say Apache, PHP, MySQL, C/C++ compilers, etc), Windows offers a set of unique features not present in any other OS, and WMI is one of them. In this article, we will address the questions like: What is WMI? How to use WMI with PHP? We will have some minimal sample codes to go through the basic programming techniques.

He starts off the post briefly explaining what WMI is and what kinds of problems it solves. He shows you how to check if it's installed (it probably is on most recent Windows machines) and that it's enabled. He also shows how to configure the firewall to allow WMI connections and the library you'll need to get the PHP support functional (php_com_dotnet.dll). He then gets into what kind of information you can get from WMI including local hardware information, BIOS details and memory usage. Some simple code is included using the COM functionality to connect to the server and run a query.

tagged: windows wmi information tutorial introduction com

Link: http://www.sitepoint.com/php-wmi-dig-deep-windows-php

Liip Blog:
How to preload ACL in order to get good performances
Oct 09, 2013 @ 10:40:34

On the Liip blog today Jean-Christophe Zulian shares an idea about gaining performance in your access controlled section of your application. He suggests preloading ACL information in Symfony2-based applications.

Symfony2 comes with an ACL mechanism that can help you whenever you need to add some permissions in your system. [...] Unfortunately we came across a situation where we had to do this kind of permission check on a very long list of items. [...] erformance will go bad (or very bad in our case) and as the system keep storing more and more of the same kind of data it become slower and slower. [...] Luckily for us Sf2 ACL system provides a way out of this. You can in a small amount of query load all the ACLs that are related to some given objects.

He includes a small snippet of code that takes in a set of blog posts (as an example) and calls a "findAcls" method to pre-fetch the information. That information is then available for the rest of the request. The fetch is done by packet instead of via one large query, making it a bit more performant.

tagged: symfony2 preload acl information performance

Link: http://blog.liip.ch/archive/2013/10/09/how-to-preload-acl-in-order-to-get-good-performances.html

PHPMaster.com:
6 Things to Consider when Choosing a Framework
Apr 08, 2013 @ 11:29:07

PHPMaster.com has posted a list of six things they think you should think about as you're selecting the framework for your next application.

You've decided that it makes sense to use a framework when writing your next new application, and chances are that if you're already familiar with a specific framework, then you'll probably be leaning towards using that one when you start. But are you sure it's really the most appropriate for the task at hand? In the name of due-diligence, here are some of questions that you should ask yourself before settling on a particular framework to make sure you're not programming "against the grain" and also to make sure it will be able to meet your needs now and in the long-term.

He doesn't get into any specifics of any PHP frameworks out there, but suggests general questions to ask even before getting too deep into the technology:

  • What do I need from the framework?
  • Do I expect the framework to help manage consistency?
  • Is good documentation available?
  • Is the framework actively developed, and does it have an active user base?
  • Does the framework work in what I run in production?
  • What business factors are influencing my decision?
Not every application needs to be written using a framework. But if you've decided that yours does, then it's beneficial to compare your needs against the features and benefits of the various framework offerings.
tagged: framework choice advice questions information

Link: http://phpmaster.com/6-things-to-consider-when-choosing-a-framework

PHPBuilder.com:
Talking to Facebook's Social Graph with PHP
Nov 21, 2011 @ 11:26:54

On PHPBuilder.com there's a recent post showing you how to connect your application with Facebook's graph API and grabbing the current user's public profile information.

In recent years, [Facebook's] influence has dramatically grown thanks to the Facebook Platform, a set of APIs which third-parties can use to create or extend applications which tightly integrate with Facebook.com's features and users. [...] PHP-minded developers are particularly fortunate, as the Facebook PHP SDK doesn't only provide users a powerful solution for interacting with the social graph, but because it's actively maintained by the Facebook development team is often the first of several available APIs to offer the latest features and bug fixes.

He points out the github repostory for grabbing the Facebook SDK, the information you'd get (at a minimum) from the API and the sort of detail you can expect from a user logged into your application. Sample code is included for this last example.

tagged: facebook social graph api tutorial public information

Link: