As many people noted in the past few days, there was a code leak over on Facebook.com. Some of the PHP code that runs the website was exposed as plain text to viewers. Unfortunately, several people are blaming PHP as the source of the issue including Nik Cubrilovic, a writer for TechCrunch:
I just posted on TC about the Facebook code leak. PHP has always been notorious for sometimes not processing requests poorly and sending back the source code for pages to the client. Because of the way mod_php works with apache, if mod_php fails in intercepting and processing the request, then apache will just serve it back to the client as an ordinary text file.
Of course, the PHP community is speaking back to the allegations including Clay Loveless in a new blog entry on his site:
I agree with Cubrilovic that the inadvertent delivery of source code instead of the result of that source code is certainly a horrific situation, with potentially serious ramifications for any company that experiences such a problem on a large scale basis. [...] Unfortunately, the updates appended to the article imply that PHP is somehow responsible for this leakage.
He supports some of the issues (a server misconfiguration could cause odd behavior) but refutes others (the "known issue" of PHP pushing out source code under high load).