Stefan Esser has released a new update (really two, but one is the latest) to his Suhosin patch for PHP - version 0.9.27.

The previous update (0.9.26) updated the utility with an improved randomness fixing a few issues with an ini setting and the uploadprogress extension as well as adding in a few new settings and updates to the randomizing functions that come included in PHP.

The 0.9.27 update (the most current) updates the patch with a lazy loading change that allows it to work correctly on systems that have it disabled by default (causing the previous patch to not work).

You can grab this latest release, 0.9.27, from the suhosin website.

The PHP group has officially announced the availability of the final release of the PHP4 series for the language - PHP 4.4.9.

The PHP development team would like to announce the immediate availability of PHP 4.4.9. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release.

Issues corrected by this release include an upgrade to the PCRE version, a crash bug in imageloadfont and the open_basedir handling in the curl extension. You can download this latest release from downloads page on the PHP.net website.

Stefan Esser has released a patch, pulled originally from the Suhosin project's functionality, that allows you to use a bit of stealth for run the Zend Debugger and XDebug at the same time.

Those asking usually can understand why running two debuggers at the same time will lead to problems, but they don't understand why problems should arise when only one is used at a time. They want to be able to load Zend Debugger and Xdebug with the same php.ini without the need to restart the whole server just to change the debugger.

You can grab the patch from his site and install it like normal. With the patch, your PHP install will handle the rest behind the scenes.

In trying to get PHP, AMFPHP and Flash to cooperate together with ByteArray information, Alessandro Crugnola came across some issues:

Recently I made some test in AMFPHP sending an retrieving ByteArray to be stored in a mysql blob field. But suddenly I encounter a problem when I was trying to return an array of ByteArrays and I could not find out the reason flash continued to show me [an] error.

He includes the offending code on both the PHP and ActionScript side and his ultimate solution - a problem with AMFPHP's serializer. He's even made a patch file if you're seeing the same issue and want to bring your install up to date.

Eran Galperin has posted a few hacks you can use for the Zend Framework's Router system to make passing arrays easy and integrated.

A big advantage to using the front controller in the Zend Framework is the ability to create nicely formatted urls. [...] The implementation of the default router in the Zend Framework (Zend_Controller_Router_Rewrite) does not allow for passing arrays in this manner though, since previously set keys get overwritten if they are declared more than once. This is somewhere between semi-annoying to very annoying, so lets get straight to hacking it into submission.

His patch only changes one line in the Zend_Controller_Router_Route_Module component - changing it from assigning to a conditional checking for the existence of an array and setting it appropriately.

Greg Beaver, noting some issues that Derick Rethans had pointed out about namespace support for upcoming PHP versions, has posted about a patch he submitted to solve the problem simply.

The issue Derick pointed out:

In PHP 5.3 this would alias the class Interval in the namespace PEAR::Date to the class Interval. For now, this code would work just fine. However, if PHP would introduce a class "Interval" at some point in the future (and PHP can do this as it owns the global namespace) then the above code would suddenly stop working.

Greg's patch makes it possible to "override" the internal class if need be, making it so that code currently working wouldn't break. All it takes is to "use" is like you normally would and and the magic happens behind the scenes.

Lukas Smith recently posted about issues he's been coming across with the "KISS" mentality (and code) that the Zend Framework implements, specifically for the Zend_Feed component.

Now that I am actually using the Zend Framework on my first project, hitting bugs/limitations in Zend_Feed and therefore looking at the code, I must say I am seeing feature duplication with internal PHP features that does not quite fit in with the KISS principle.

He points out a few things that illustrate his point - the use of Zend_Http_Client instead of a strea context, passing XML contents into loadXML instead of just load. As a replacement, he's considered a Feed component from the eZ components system, but it hasn't been released (officially) yet. So, as an alternative, he's come up with a patch to fix a few things in the Zend_Feed component to make it a bit more KISS-friendly.

PHPFreaks.com has a new tutorial posted that looks to help you protect you and your application with an even greater level of security by using the Suhosin patch.

Suhosin is a great and simple way of increasing your security without having a large impact on overall performance. In this tutorial I will cover the installation and configuration of Suhosin on both debian etch and centos 5. I may cover mod_security in a later tutorial.

They apt-get the packages needed for the patch in examples for two different distributions - Debian (etch) and CentOS. They also show how to set up some basic configuration to get the patch installed and working with your PHP installation.

If you're a CakePHP user and have been frustrated by how this "bake" functionality doesn't allow for more than one validation rule on a given field, check out the new post on the SaniSoft blog (from Amit Badkas):

This is not much of a problem if you have only a few models but when you start to work on several dozen models in a project it becomes very tedious to open each and every model file to make changes.

The result of his frustration has come out in the form of a patch as a part of a new ticket in the CakePHP request submission process.

On his blog, Mike Lively has posted a look at some of the work he's been doing on patches for the late static binding functionality to be included in PHP, including an example of the updates in action.

This weekend I wrapped up a few small tests and sent the patch in and it was subsequently pushed to php 5.3 and php 6.0. Now, this is not at all the way I wanted things to work, in all honesty I think the patch is pretty hokey but unfortunately nobody really spoke up in support of the changes I wanted to make to parent:: in regards to LSB.

His example shows how to override a static method and push that new method's execution to the parent class (in two ways - safe using forward_static_call and the not so safe calling itself with a parent:: override).