Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Junior Grossi:
QueryFilter: A Model Filtering Concept
Apr 24, 2018 @ 12:46:55

Junior Grossi has posted a tutorial that covers the idea of data filtering with Eloquent models. In this case, the filtering is based on user input from a URL with parameters matching the properties on the model.

Filtering models was, for a very long time, a hard task for me. I admit that I could not think in some easy way to do that. I tried, refactored some code, created custom classes for that, but I never thought how this could be easily implemented.

Watching a Laracast’s video from 2016 about the Laravel’s Eloquent ORM I faced of with a bunch of classes and a trait that removed a lot of trash from my controller actions. That was called by Jeffrey Way the QueryFilter.

He then gets into some of the goals behind the filtering and the expected input method (URL parameters). He then creates a simple Laravel application making use of Corcel to integrate with his current WordPress backend database. He includes code examples showing the creation of a Post model and controller and returning only the desired fields using a JSON response and a toArray method. He then moves on to the filtering, starting with a more hard-coded version of the search: adding a where statement to the query manually before the get.

To replace this with something more flexible, he implements the QueryFilter class that can be extended to match the requirements for the model type. He then implements the PostFilter class, adding methods for "status" and "title" fields. Finally he adds in a scopeFilter method that makes it simpler to call the filtering directly from the model instance.

tagged: eloquent model filter queryfilter url parameter tutorial

Link: https://blog.jgrossi.com/2018/queryfilter-a-model-filtering-concept/

Laravel News:
Leverage Eloquent To Prepare Your URLs
Apr 18, 2018 @ 11:44:13

The Laravel News site has a quick tutorial posted showing you how you can use Eloquent functionality to help prepare your URLs and make them easier to maintain across the application. The key is in the use of "presenters".

It’s not uncommon to have tens, if not hundreds of views in a Laravel application. Something that soon gets out of hand is the various references to routes. [...] If for whatever reason we have to make a change to either the route alias or default query string values you’ll soon find yourself doing mass string replacements across your entire application which brings the risk of breakage within many files.

What can we do to possibly better handle this? There are a couple of different approaches.

They provide two approaches, one being slightly more complex (but flexible) than the other. The first makes use of only Eloquent to define a getUrlAttributes method in the model. The second method abstracts this functionality out to a "URL Presenter", a class that defines methods for each of the CRUD actions and returns the correct route for each. The getUrlAttribute then returns an instance of this instead, making it easy to reference the method and route required in the Blade template.

tagged: laravel eloquent prepare url tutorial presenter

Link: https://laravel-news.com/leverage-eloquent-to-prepare-your-urls

Sameer Borate:
Creating custom stream filters in PHP
Apr 11, 2018 @ 09:45:43

Sameer Borate has a new post to his site showing you how to create custom stream filters for use with the streams functionality already included in the PHP language. The streams handling provides a resource instance (filesystem, network connection, etc) that can be interacted with in a more standardized way.

In this post we will see how to create a custom stream filter. Streams, first introduced in PHP 4.3, provide an abstraction layer for file access. A number of different resources besides files – like network connections, compression protocols etc. can be regarded as “streams” of data which can be serially read and written to.

He shows how to get the current list of streams available and includes an example of one in use, the "string.strip_tags" filter. From there he shows the creation of a custom filter, one that replaces any URLs detected in a string with a string of [--URL--]. He includes the code for the filter and shows how to register it using the stream_filter_register function. He also includes an example of it in use, grabbing the contents of the BBC site and having the filter automatically applied.

tagged: custom filter tutorial beginner strip url

Link: https://www.codediesel.com/php/creating-custom-stream-filters/

Peter Lafferty:
HTTP Request Validation With Silex
Sep 18, 2017 @ 12:15:48

On his Medium blog Peter Lafferty has written up a post showing you a method for HTTP request validation in Silex, the microframework from the creators of Symfony.

This article covers three validation scenarios: routes, query strings [and] POST with a JSON body.

He starts with a simple Silex application that creates a "RESTful" API with endpoints providing emojis back when queried (three endpoints). He then uses this to show how to validate:

  • routes for their expected values in the URL
  • using a ValidatorService provider to build a set of assertions (GET request)
  • using the same service to create assertions for the JSON content of a POST request

All code required is included in the post including the correct handling of the emoji output via a UTF-8 JSON response handler.

tagged: http validation silex tutorial service assert url get post

Link: https://medium.com/@peter.lafferty/http-request-validation-with-silex-9ebd7fb37f37

TutsPlus.com:
Programming With Yii2: Routing and URL Creation
Dec 13, 2016 @ 12:15:02

The TutsPlus.com site has posted the next article in their "Programming with Yii2" series, this time focusing on the routing and URL creation in the application and how the requests get to the intended functionality (in controllers).

In today's tutorial, I'll review routing and URL creation in Yii. When a browser request arrives at your Yii application's index.php file, it must be parsed to determine which controller and method to call. That's routing. The reverse process of linking to parts of your application is URL creation, which is best done programmatically.

Yii provides a lot of flexibility in managing routing and generating links. Follow me as I review the basics.

He starts with a bit of background on the URL manager that comes built in to the Yii2 framework and how the routes are defined. He then starts in by defining some of the desired routes for the application and how to set them up in the main configuration file (including defaults). The tutorial also includes configuration examples of "pretty URLs", and outputting custom URLs using the "Url" helper.

tagged: programming yii2 series routing url creation tutorial

Link: https://code.tutsplus.com/tutorials/programming-with-yii2-routing-and-url-creation--cms-26869

Ben Ramsey:
Lack of Hypermedia
Nov 27, 2015 @ 09:37:38

In a post to his site today Ben Ramsey shares his response to a question about hypermedia in APIs and how they could make the API more brittle if used incorrectly.

One of the most common problems I see in API development is lack of hypermedia, or none at all. By hypermedia, I mean links that describe relationships among data in the API. When hypermedia isn’t used, the API becomes brittle, and those building clients that talk to the API are forced to code to URLs. The URLs become an important interface to the API, and if they change, they break everything. This leads to URL-based versioning schemes, and the only upgrade path for clients is to modify their code to accommodate the new versions.

He suggests that when APIs use hypermedia they tend to no longer rely on the URLs of the resources (as they're linked from the meta in other requests). He also shares the slides for a presentation he gave at this year's True North PHP Conference with more information on the topic.

tagged: hypermedia lack url resource link

Link: https://benramsey.com/blog/2015/11/lack-of-hypermedia/

Alison Gianotto:
Check User-Submitted URLs for Malware and Phishing in Your Application
Apr 07, 2014 @ 10:01:59

In her latest post Alison Gianotto looks at a few different ways that you can validate any URLs that your users might give you to ensure they're not anything malicious. She looks at two of the major services, the Google SafeBrowsing API and SURBLs, as well as mentioning a few others.

If you write software for the web that allows users to submit or share URLs (comment systems, mail clients, forums, URL shorteners, etc), you may find yourself in a position where you need to filter out malicious links. Fortunately, there are several free options for you to better protect your systems and your users against bad guys, and they’re pretty simple to implement. (My examples are in PHP, but could easily be adapted to whatever language you prefer.)

She starts with an example call to the Google’s SafeBrowsing service, making a curl call and parsing the result. The other service, SURBL, makes use of DNS validation calls complete with code examples. She also talks about Phishtank and VirusTotal as other options. She finishes the post with a few suggestions for working with the rate limit restrictions on these services, including things like only checking on click-through and ensuring failure is handled well.

tagged: malware phishing url validate google safebrowsing surbl tutorial

Link: http://www.snipe.net/2014/04/check-user-submitted-urls-for-malware-and-phishing-in-your-application

PHPMaster.com:
Generating One-Time Use URLs
Apr 10, 2013 @ 11:18:56

On PHPMaster.com there's a new tutorial posted showing you how to generate one-time use URLs that could be used for various things across an application, including things like account verification links.

A one-time URL is a specially crafted address that is valid for one use only. It’s usually provided to a user to gain privileged access to a file for a limited time or as part of a particular activity, such as user account validation. In this article I’ll show how to generate, implement, and expire one-time URLs.

Included in the post is the SQL to create a sample "pending_users" table that includes a "token" column for storing the generated hash. Code is also included for generating the hash and checking the incoming URL to see if it matches the requested user (and hasn't expired).

As a matter of general house keeping you could write a secondary script to keep expired tokens from accumulating in the database if a user never follows them. The script could be run periodically by an administrator, or preferably set up as a scheduled task or cron job and run automatically.
tagged: onetime url tutorial generate unique

Link: http://phpmaster.com/generating-one-time-use-urls

PHPMaster.com:
Building Your Own URL Shortener
Sep 21, 2012 @ 12:58:00

On PHPMaster.com today, there's a new tutorial walking you through the creation of a URL shortner - a simple tool that can be used to compact URLs into something easier to manage (and more friendly with services like Twitter).

Most of us are familiar with seeing URLs like bit.ly or t.co on our Twitter or Facebook feeds. These are examples of shortened URLs, which are a short alias or pointer to a longer page link. [...] In this article you’ll learn how to create a fully functional URL shortener for your website that will work whether you use a front controller/framework or not. If you use a front controller, I’ll discuss you how to easily integrate this URL shortener without having to dig into the controller’s programming.

They help you create a simple database to hold the link relationships, the PHP code to create the randomized hash that represents the link and the code to shorten it. There's also the PHP code to take it the other way and decode the shortened version into the full URL. You can find the full code (ready for checkout) over on the PHPMaster.com Github account.

tagged: url shortener service tutorial database

Link:

David Müller:
Why URL validation with filter_var might not be a good idea
Sep 20, 2012 @ 08:09:31

David Müller has a new post to his site today showing why validating URLs with filter_var is a good thing for the security of your application.

Since PHP 5.2 brought us the filter_var function, the time of such [regular expressions-based] monsters was over. [With] the simple, yet effective syntax [and] with a third parameter, filter flags can be passed, [...] 4 flags are available [for URL filtering].

He shows how to use it to filter out a simple XSS issue (a "script" tag in the URL) and some examples of issues that the filter_var function doesn't prevent - like injection of other schemes (like "php://" or "javascript://"). He recommends adding a wrapper around the method to check for the correct scheme (ex. "http" or "https" for URLs) and reminds you that filter_var is not multibyte capable.

tagged: filtervar url validation security filter input

Link: