Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Alison Gianotto:
So You Ran Composer as Root...
Nov 15, 2017 @ 10:50:09

Alison Gianotto has an article posted to her since basically answering the "now what?" question resulting from you running Composer as root on your system.

Composer is a PHP dependency manager that’s used in just about any modern PHP application, and it works similarly to how Bundler works for Ruby.

Even though Composer itself gives you a warning about not running it as root, lots of people disregard this warning and run it as root anyway. We run into this issue a lot on my open source asset management project, Snipe-IT, so I figured I’d write up how to fix this if you inadvertently (or advertently) ran composer as root.

She starts by describing the difference between "installing Composer as root" and "running the Composer install as root" (two very different things). She points out that, while Composer tries to prevent the second but permissions errors sometimes cause people to move forward as root anyway, despite the warning. She then shows how to fix the permissions issues so it can be run as a normal user, updating the files in .composer for the root account and re-running the install.

tagged: composer root permission fix tutorial cache

Link: https://snipe.net/2017/11/15/so-you-ran-composer-as-root/

PHP.net:
Security Notice (wiki.php.net)
Mar 23, 2011 @ 10:43:05

On PHP.net there's a quick security advisory for those that didn't see the news - the wiki.php.net machine was compromised but has been wiped and all accounts reset and requiring a password reset.

The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.

The issue was caused by a combination of a problem with the wiki software and a Linux root exploit. The Register has additional comments about the issue and outage.

tagged: security wiki compromised linux root exploit bug svn password

Link:

Sameer Borate's Blog:
Porter Stemming algorithm for search
Apr 29, 2009 @ 07:57:06

In a recent post to his blog Sameer looks at implementing a Stemming algorithm to search an array of words. It uses this library (as written by Richard Heyes).

A stemming algorithm lets you reduce each English input word to its basic root or stem (e.g. 'walking' to 'walk') so that variations on a word ('walks', 'walked', 'walking') are considered equivalent when searching. This stems can than be used in a search query rather than the original words, which generally (but not always) results in more relevant search results.

His code example uses the library to search for two different types of strings - a single word and a phrase (with stop words removed). The Stem() method is called on the word and the results are looped through to remove all matching the values in the stop words array.

tagged: stop word search stem root query library richardheyes

Link:

Adam Trachtenberg's Blog:
PHP Trivia Contest: DOM + Default Namespaces
Sep 27, 2006 @ 07:25:00

Alright power PHP users out there, Adam Trachtenburg has a little quiz for you to see how much you know about working with the DOM in PHP.

Here's a question based on a recent PHP bug report which shows why DOM is fun. [...] But how do you retrieve it (the namespace URI of the root node) using DOMElement::GetAttributeNS()? What are the two magical input parameters to coax that value out?

The code is simple, but it's an interesting problem - anyone have any answers?

tagged: trivia contest dom handling namespace uri root node trivia contest dom handling namespace uri root node

Link:

Adam Trachtenberg's Blog:
PHP Trivia Contest: DOM + Default Namespaces
Sep 27, 2006 @ 07:25:00

Alright power PHP users out there, Adam Trachtenburg has a little quiz for you to see how much you know about working with the DOM in PHP.

Here's a question based on a recent PHP bug report which shows why DOM is fun. [...] But how do you retrieve it (the namespace URI of the root node) using DOMElement::GetAttributeNS()? What are the two magical input parameters to coax that value out?

The code is simple, but it's an interesting problem - anyone have any answers?

tagged: trivia contest dom handling namespace uri root node trivia contest dom handling namespace uri root node

Link: