In his search for "contact grabber" classes, Jonathan Street came across one posted to the PHPClasses.org website recently, the Contact Grabber class, and decided to give it a shot and report back his findings.

I haven't tried it yet but apparently it can connect to hotmail, yahoo, gmail, orkut, rediff and myspace. It is an impressive collection of scripts. [...] Generally speaking I wouldn't have a problem with the script being included in another project. In fact I would encourage it. In this instance though there are a few problems.

He breaks it up into a few different kinds of issues: inaccuracies, updates, licensing problems, and that the author wouldn't make contact back to Jonathan about some of his problems.

Stefan Esser has officially kicked off his "Month of PHP Bugs" for the month of March (get more details here).

You might have realised it already. March 2007 has begun and so has the long awaited Month of PHP Bugs. The initiative is hosted on dedicated servers, because serendipity cannot handle the traffic. You can reach it at http://www.php-security.org.

As of the time of this post, there are currently three bugs posted - two dealing with stack overflows (one in the variable destructor and one in the executor) and a overflow issue in the ZVAL reference counter. Detailed descriptions of the issues are just a click away and, where is it needed, an explain example is provided.

There's a new article on The Register about a topic that's constantly argued in any language, much less PHP - application security.

PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web.

They talk first about the "great rise of PHP" on the web and how this surge of popularity also helped to show the great number of PHP security issues - both in applications written in it and in the language itself.

There's a mention of some of the upheaval that the PHP security community has had this year as well. They talk about the security of a LAMP installation versus a Windows machine, and their suggestions on helping to make the PHP world a better place.

The latest version of both major branches of PHP have been released - PHP 4.4.4 and PHP 5.1.5 - fixing some of the major security problems that have been found in recent versions.

PHP development team would like to announce the immediate availability of PHP 5.1.5 and 4.4.4. The two releases address a series of security problems discovered since PHP 5.1.4 and 4.4.3, respectively.

Some of these problems included:

• Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
• Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
• Fixed a buffer overflow inside sscanf() function.
• Fixed memory_limit restriction on 64 bit system.

All information about the updates for these versions can be found in the Changelogs - PHP 4.4.4 and PHP 5.1.3. It's recommnded that you download these new versions and update your installation.

According to this new post on DynamicWebPages.de today, Ilia Alshanetsky has pushed the latest release candidate for PHP 5.1.x series out the door - version 5.1.5RC1.

This release was needed to clean up some of the problems found while working towards PHP 5.2. Among others, there were issues with the URL extension and parts of the Zend Engine 2 that needed correcting.

Complete information and a list of changes can be found in the Changelog and you can download this package here. As always, the development team requests any kind of testing that developers can do on this release candidate to find the bugs quickly.

The latest version of PHP in the 4.4.x series has been released today - PHP 4.4.3:

The PHP development team is proud to announce the release of PHP 4.4.3. This release combines small number of bug fixes and resolves a number of security issues.

Some of the updates to this edition include:

• Disallow certain characters in session names.
• Prevent jumps to parent directory via the 2nd parameter of the tempnam() function.
• Fixed cross-site scripting inside the phpinfo() function.
• Upgraded bundled PCRE library to version 6.6

You can download this latest edition here.

If you were planning on attending the php|works conference in the fall and getting to hear Sara Golemon talk on extensions, you might just have to wait. According to her latest post, things haven't gone well with her passport situation.

So awhile ago I announced that I'd be speaking at php|works including a 3-hour workshop on extension writing. Knowing that the conference was outside of the US I made sure to apply for my passport well in advance (four months to be precise).

Well, long story short, the lovely folks at the state department must have confused 'Sara' with 'Syria' because I've been fighting them over the issuance of my passport ever since.

All is not lost, though - since the show must go on, Sara has found two people to take over her two talks (the extension talk and one on PDO_User).

In his latest blog post, Andi Gutmans responds to a CNet article and some of the misconceptions surrounding it.

As I mentioned in my response to Edin's blog entry, in the interview I never called out PHP 6 as a Zend product. I *did* talk about what's coming down the pipeline for PHP and mentioned that both Zend and Yahoo! have been contributing to the Unicode effort (which is true).

It's also important to understand that it is *not* in Zend's interest to claim that we are the only company behind PHP, that would make PHP look much smaller than it is which would be very counter productive to our quest for increasing PHP proliferation.

He notes that the only connotation he was implying was that Zend waqs doing its part to help PHP, as a language, to grow and thrive - not that it was the biggest/best/most important at doing so. There are some sensitive topics that the CNet article inadvertently touches on that have caused some problems already, but Andi hopes that his statements here and in the comments on Edin's blog help resolve at least some of the issues out there.

First Andrei posted a note about it and now Scott Mattocks has made his own comments on the release of the PHP-GTK 2 Alpha version .

This is the first release of PHP-GTK 2. PHP-GTK 2 is a PHP extension that combines the power and flexibility of both PHP 5 and GTK+ 2 to allow developers to create stand-alone desktop GUI applications using PHP.

Scott reminds all potential users of this release out there that this is most definitely aplha and shouldn't be used in production due to some bugs and feature changes that will need to be resolved.

If you're still interested, you can grab the download from the PHP-GTK site and check out the new manual or subscribe to the mailing list for a little help.

The latest offering from the php|architect A/R/T article repository is this column from the editor, Marco Tabini. In it, he asks (and answers) the question "Are We Losing LAMP?".

In a recent post to a blog that was reported in our news, author Cliff Wells claims that the light has gone out on LAMP. I have addressed enough of these articles in the past--as have many others who know a log more about technology than I do--and I am not really going to address another one here. In fact, I am only going to use it for that most human of human forms of expression: imitation.

Marco talks about how, while the PHP community on the whole has been lucky as far as its partnerships and contributions from larger entities, there might come a time later on when these same alliances could stir up trouble. He does suggest somewhat of a solution, though - three actually, some a bit more plausable than others. (You'll have to check out the article to get those, though!)