Feed aggregator

Master Zend Framework: Howto Handle External Form Element Dependencies with FormElementManager

PHPDeveloper.org - di, 22/04/2014 - 18:58

The Master Zend Framework site has posted a tutorial wanting to help you understand external form element dependencies with help from FormElementManager.

Zend Framework 2, like all great PHP frameworks, provides thorough infrastructure for creating forms in your application. Whether that's form objects, form elements, fieldsets, validation groups or that they interact with so many other components in the Zend Framework 2 default libraries. But how do you handle external dependencies? [...] So what if you need a custom form element in your application, one which will render a list of articles from a database table? [...] In today's post, we're going to look at how to create such a custom element, extending the existing select element.

He walks you through the steps you'll need to make the custom element and hook it into the FormElementManager for correct use:

  • Create a New Form Element
  • Implement the getFormElementConfig Method
  • Create a New Form Object
  • Instantiate the Form Via the FormElementManager

Code is included for each step of the way so you can ensure you end up with a working example.

Link: http://www.masterzendframework.com/zend-form/handle-external-form-element-dependencies-with-formelementmanager

SitePoint PHP Blog: Database Versioning with Ladder Migrations

PHPDeveloper.org - di, 22/04/2014 - 17:48

The SitePoint PHP blog has posted another tutorial looking at database versioning (see this postfocusing on Ladder migrations. Ladder is a simple PHP-based way to write migrations with rollbacks in a clear, easy to read format.

Version control systems are invaluable for tracking changes in your code, particularly when you're working in a team. However, most applications don't consist solely of application code. Managing changes to the database has always been a little more challenging, particularly when you're adding new features which require changes to the schema. [...] One solution is to move responsibility for creating and modifying the database schema into code, using migrations. That way, changes can be managed along with the rest of your application, and features we take for granted in version control - such as being able to compare versions and keep an audit trail - can be used for database changes.

He introduces the Ladder tool briefly, shows how to get it installed/configured and gets into writing a first simple migration. It creates a "users" table with two columns and comes with both "up" and "down" methods to make rollbacks easier. Ladder also provides functionality for database seeding, pre-populating the database tables with sample data either from hard-coded values or from a CVS file.

Link: http://www.sitepoint.com/database-versioning-ladder-migrations

HipHop VM Blog: Compatibility Update

PHPDeveloper.org - di, 22/04/2014 - 16:16

The HipHop VM blog has a new post today with some updates around the compatibility work they're doing getting popular PHP projects to work 100% on the platform (and have all unit tests pass).

Earlier this year we set an ambitious goal of passing the PHPUnit test suites of 20 popular frameworks by the end of June; at the time, we were passing on only 6! With a huge amount of help from the community (especially our OpenAcademy students), we're proud to have hit this goal more than 2 months early, and we have more frameworks expected to reach 100% shortly.

Included in their list of projects/frameworks are things like Assetic, Composer, Doctrine2, Guzzle (v3), Laravel, Mockery and Monolog. Now that they've made significant strides to get the HHVM up to a greater level of compatibility, they're going to focus in on the issues list from GitHub to resolve problems there.

Link: http://hhvm.com/blog/4841/compatibility-update

Community News: Packagist Latest Releases for 04.22.2014

PHPDeveloper.org - di, 22/04/2014 - 15:02
Recent releases from the Packagist:

Community News: Latest PECL Releases for 04.22.2014

PHPDeveloper.org - di, 22/04/2014 - 14:07
Latest PECL Releases:
  • opengl 0.8.0 - Initial PECL package release.

  • hrtime 0.4.3 - first public release

  • riak 1.1.5 Since 1.1.4 New: Object now allows contentEncoding, contentType, content and vTag to be set to NULL. Fixes issue 72: Riak HTTP stops working after update

  • swoole 1.7.0 - Fixed compile error.

  • protocolbuffers 0.2.6 Bumped up to 0.2.6 * fixed several compile warnings (thanks remi) [fixes] * (ExtensionRegistry) initialize class entry member when reallocating scheme.

WeCamp: Everybody is welcome!

Planet-PHP - di, 22/04/2014 - 13:06

Last month we announced WeCamp, an event where developers can improve their skills not just by listening to people, but also by actually doing things. Response has been amazing: Many people love the idea, we’ve already sold quite a few tickets, and we’ve even got Magma giving a ticket as a price (At the time of publishing of this blogpost there’s only a couple of hours left, so if you want to win, be fast!). Since announcing the event, I’ve talked to several different people who had the same doubt/question about the event, so I thought I’d clarify things a bit more.

Who should come to WeCamp?

Everyone! We don’t want to exclude anyone and we actually think everyone would be a huge asset to the event. I’ve had people say “I’m not experienced enough in development to attend”, to which I could only respond “untrue!”. The idea of WeCamp is that you don’t just train your technical skills but also your social skills. For a less experienced developer, the practical experience of working in a team with more experienced developers is priceless. In that same team, however, the most experienced developer gets the additional experience of helping a less experienced developer with the work, gaining a lot of experience and knowledge on how you can help others. This social aspect is easily just as important as gaining technical skills. So both developers come out of this gaining experience.

But I’m a frontend developer…

So? If you’re a frontend developer, have a look at the many websites created by pure backend developers… do they look good? Are they accessible? Built according to W3C standards? Most probably not. You’re needed! While we have a focus on PHP, you’ll learn to work with PHP developers: How to communicate with them, how they look at frontend work, what tools are available in the PHP ecosystem for frontend. And I know this may sound scary, but you’d perhaps even get some PHP skills as well.

Additionally: WeCamp is not just about technology. We’ll go through all stages of a project, starting at thinking of a good idea through planning to development, deployment and perhaps even marketing! There’s more than enough to learn throughout this whole process.

But I wonder about…

If you have any more doubts or questions, please let us know! This is the first time we’re organizing WeCamp so we’re still very much looking for what works best with a lot of things. If there’s any unclarity, or you have comments for improvements, let us know! You can always tweet at us @wecamp14 but you can also shoot us an email: we-can@weca.mp. We’re also here to learn, so please help us do just that!

Categorieën: Open Source, PHP Community

Meet Composer, your new autoloader

Planet-PHP - di, 22/04/2014 - 13:00

Most PHP developers are familiar with Composer’s power as a package manager, and it’s ability to autoload all the packages it downloads. But what fewer PHP developers know about or use is Composer’s ability to load your code automatically, too.

In fact, developers can use Composer’s autoloader to autoload their own code, even if they don’t use one of the PSR standards for namespacing and path construction.

Using Composer with PSR-0 or PSR-4 for your own code

If you already apply either PSR-0 or PSR-4 to your own code, you can make use of Composer with relative ease. If you’re using PSR-0, you only have to give Composer the path and the namespace, like this:

    "autoload": {
        "psr-0" : {
            "Application": "src/"
        }
    }

The key tells Composer that all Application\ namespaced code iwll live in the src/ directory; PSR-0 expects that there will be an Application/ directory inside the src/ directory to contain all the code, too.

For developers who have upgraded to PSR-4, it’s as simple as making two small changes: switching the psr-0 to psr-4, and identifying the fully qualified namespace for the directory:

    "autoload": {
        "psr-4" : {
            "Application\\": "src/"
        }
    }
Using Composer for non-PSR-compliant applications

Legacy code often doesn’t follow the current PSR standards, and developers may find it impractical to switch. But that doesn’t mean that you can’t use Composer to autoload your code. In fact, with classmaps you can.

A classmap is a Composer feature that iterates through a directory and pulls the classes out of the files in that directory, and adds them to a classmap. Even though the application I’m using as an example implements PSR-0, we can still generate a classmap:

    "autoload": {
        "classmap" : [
            "src/"
        ]
    }

This produces a classmap that looks something like this:

<?php

// autoload_classmap.php @generated by Composer

$vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);

return array(
    'Application\\Controller\\Dashboard' => $baseDir . '/src/Application/Controller/Dashboard.php',
    'Application\\Controller\\Defaults' => $baseDir . '/src/Application/Controller/Defaults.php',
    'Application\\Controller\\Entry' => $baseDir . '/src/Application/Controller/Entry.php',
    'Application\\Controller\\Logbook' => $baseDir . '/src/Application/Controller/Logbook.php',
    'Application\\Controller\\RequiresAuth' => $baseDir . '/src/Application/Controller/RequiresAuth.php',
    'Application\\Controller\\User' => $baseDir . '/src/Application/Controller/User.php',
    'Application\\Model\\LogEntry\\Defaults' => $baseDir . '/src/Application/Model/LogEntry/Defaults.php',
    'Application\\Model\\LogEntry\\Gateway' => $baseDir . '/src/Application/Model/LogEntry/Gateway.php',
    'Application\\Model\\LogEntry\\HourReports' => $baseDir . '/src/Application/Model/LogEntry/HourReports.php',
    'Application\\Model\\LogEntry\\LogEntry' => $baseDir . '/src/Application/Model/LogEntry/LogEntry.php',
    'Application\\Model\\LogEntry\\LogEntryCollection' => $baseDir . '/src/Application/Model/LogEntry/LogEntryCollection.php',
    'Application\\Model\\LogEntry\\Storage' => $baseDir . '/src/Application/Model/LogEntry/Storage.php',
    'Application\\Model\\User\\Gateway' => $baseDir . '/src/Application/Model/User/Gateway.php',
    'Application\\Model\\User\\Storage' => $baseDir . '/src/Application/Model/User/Storage.php',
    'Application\\Model\\User\\User' => $baseDir . '/src/Application/Model/User/User.php',
    / ...
);

This has some definite advantages for projects that are still stuck in legacy mode: the ability to autoload classes automatically, without rewriting massive amounts of the application. Though there is also a significant drawback: unlike PSR-0 or PSR-4, the classmap has to be updated every time a file is renamed or a new class is added. This can be avoided by using the classmap only for legacy classes, and writing new classes to be compatible with a PSR standard.

The bottom line

You don’t have to maintain your own autoloader or rely on outdated technology to keep autoloading your files. Composer offers a great number of options built into a tool you’re probably already using anyway. Give it a shot!

Categorieën: Open Source, PHP Community

prismic.io content repository as a service

Planet-PHP - di, 22/04/2014 - 12:09

Just before Easter I tweeted out an idea that I already threw out there a few weeks ago: Creating a PHP Content Repository (PHPCR) implementation on top of the prismic.io content repository as a service. Well I had a lot of time on the train over Easter, so I decided to make it happen. Obviously coding against a remote service on the train isn't that much fun, so in fact I did a lot of coding, waited for the next train station, hit refresh a few times and so on and on. I briefly tried to setup php-vcr to log all web requests and replay them, but unfortunately the library isn't quite ready to do this yet .. but mit might be soon. Also as prismic.io's content pages are actually all versioned we will soon hopefully get caching provided inside their PHP SDK. But I digress. So without further ado, I present to you an initial working version of PHPCR integration with prismic.io. There are obviously still a ton of todo's left .. fundamentally it works, I can read prismic documents as PHPCR nodes with properties.

Why bother?

At this point you may either be excited or wondering why I am bothering with this. If you are in the former group, you can maybe skip to the next section, if you are in the later group, let me expand. One reason to bother with this is to simply show its possible, that PHPCR indeed fullfils this promise of being able to provide a unified content repository API. We obviously have 3 implementations already but taking such a service seems to push the boundaries a little harder. The next reason is more practical: prismic.io is simply a very useful service with an awesome user experience, especially for people focused on managing content rather than managing pages on a website. And they are doing this with an awesome UI, argueable the main week spot of the CMF (though I am quite excited about the work by the sulu.io team).

The sky is the limit?

Now prismic.io has some major differences in how content can be structured compared to plain PHPCR. Specifically they do not really structure their content into a tree per se. Instead they just have a pool of documents with UUIDs. Now it is possible to reference those UUIDs inside documents which kind of creates a tree structure. There is also native support for tagging and finally a way to bookmark document UUIDs to names. In a first step all I did was create a virtual root node that has the entire document pool as children where the names match the bookmark name (if one exists) or the UUID. All properties, including nested documents, are then mapped to properties on those children. Eventually nested documents should however maybe be exposed as child structures. Another limitation is that prismic.io currently only provides a read API. But given their awesome UI, why would one want a write API? ;)

The sky is the limit!

But there is a lot possible yet. For example they provide a predicate based query API that I am very confident we will be able to map to the PHPCR query languages SQL2/QOM, similar to how we map them to SQL with Doctrine DBAL. They also support versioning, which can probably be mapped to the PHPCR simple versioning concept. They also support node types which I have already mapped but there is still work todo to map all the contraints. They also support custom namespaces which PHPCR also supports. The way they support images (and binaries) also lends itself very nicely to the stream based approach in PHPCR. So with a few more days of work, I think we can provide a pretty powerful PHPCR API for prismic.io. What will make the collaboration easier is that it turns out that Thibault, founding member of the Symfony CMF initative gone Scala-lover, works for zengularity.com who created prismic.io. But Rudy was actually the first one to jump on my tweets and he has already signed up to the CMF mailinglist and given important insights.

Where to go from here?

I am not sure how much time I will have on this in the coming days. The CMF 1.1 release is sti

Truncated by Planet PHP, read more at the original (another 923 bytes)

Categorieën: Open Source, PHP Community

MySQL April Newsletter - Latest MySQL 5.7 DMR and MySQL Workbench 6.1 GA

MySQL.com - di, 22/04/2014 - 02:59
Welcome to the MySQL Newsletter for April 2014. We recently announced many new product releases, including the latest MySQL 5.7 development milestone release (DMR), the general availability of MySQL Workbench 6.1, as well as the release candidate of MySQL fabric. Learn more details on the new features and improvements in this edition.
Categorieën: PHP Community

ServerGrove Blog: Running Composer with HHVM, not so fast!

PHPDeveloper.org - ma, 21/04/2014 - 19:46

On the ServerGrove blog today they share some interesting results when it comes to using Composer on a normal PHP install versus using it inside of a HHVM instance.

HHVM is an open-source virtual machine developed by Facebook and designed for executing programs written in Hack and PHP. It offers increased performance for PHP, most of the time. [...] Since Composer needs to perform some heavy computations in order to resolve the dependencies of a project, it makes sense to use HHVM. However, the heavy computations are mainly done when running composer update, or when the composer.lock file has not yet been generated so this is where you will see most of your gains in execution time.

With a bit more testing, this is shown to be true (about a 7 second difference). However, this is only on the "update". The "install" command actually takes longer inside of the HHVM instance, regardless of if the JIT (Just In Time) compiler is disabled or not.

Link: http://blog.servergrove.com/2014/04/17/running-composer-hhvm-fast

SitePoint PHP Blog: Database Versioning with DBV

PHPDeveloper.org - ma, 21/04/2014 - 18:11

In this new post to the SitePoint PHP blog today Wern Ancheta introduces you to a tool that can help with database versioning, DBV. DBV is a tool developed by Victor Stanciu and made available on GitHub.

It's good practice to always use a version control system in any of your projects. Be it a side-project in which you are the only developer, or a team project where five or more people are working on it together. But the idea of putting your database into version control isn't really that widespread. Often times we take the database for granted. But like the source files in our project, the database is constantly changing too. That's why we also need a way to track the changes that we have made and easily share it to other members of our team. In this article we will take a look at DBV, a database version control system written in PHP for MySQL databases so you need to have PHP and MySQL installed before you can use it, along with a web server like Apache or Nginx.

He steps you through the installation (via an installer and configuration through the "config.php" setup file. The system keeps track of lots of different changes including new tables, updated field descriptions, additional views, stored procedures and functions. He includes some screenshots of the UI and goes through the workflow of adding new tasks and syncing with a remote database server.

Link: http://www.sitepoint.com/database-versioning-dbv/

Database Versioning with Ladder Migrations

Planet-PHP - ma, 21/04/2014 - 18:00

Version control systems are invaluable for tracking changes in your code, particularly when you’re working in a team. However, most applications don’t consist solely of application code. Managing changes to the database has always been a little more challenging, particularly when you’re adding new features which require changes to the schema.

Suppose you’re working on a module and realize one of the database tables needs an additional column. You might be tempted to open up a database query tool or the command line and simply add the column. However, this doesn’t leave a record of the change in the same way as version-controlled application code would. This gets exacerbated when working in a team - if a colleague pulls your code changes without running those same database updates, then it’s entirely possible their version of the application will break. This becomes even more problematic when you’re releasing a product update, when it could break the application not just for your fellow developers, but for your users.

One solution is to move responsibility for creating and modifying the database schema into code, using migrations. That way, changes can be managed along with the rest of your application, and features we take for granted in version control - such as being able to compare versions and keep an audit trail - can be used for database changes. It also allows these changes to be seamlessly incorporated into releases, since they can be made part of the same branch or tag.

Many major frameworks have their own migration implementation, but for those that don’t - and if you’re not using any framework - there’s Ladder.

Continue reading %Database Versioning with Ladder Migrations%

Categorieën: Open Source, PHP Community

Allan MacGregor: Flexible PHP Development with PHPFarm

PHPDeveloper.org - ma, 21/04/2014 - 17:44

Allan MacGregor has a post today talking about a handy tool he uses in his development to have multiple versions of PHP running side-by-side: PHPFarm.

If you have been working with PHP for a while, chances are that you have come across with a project, extension or script that requires to be tested on multiple PHP versions, for simple CLI scripts this seems easy enough but what happens when you are working with complex applications, developing for frameworks or multiple versions of them? [...] This setup can quickly become cumbersome and it is not easily scalable. [...] Getting multiple PHP versions running side by side can be challenging and over the year devs have released multiple solutions like PHPEnv or the new , personally I use PHPFarm.

He walks you through the installation and configuration of the tool. He also shows you how to get a few different versions of PHP installed, including custom configuration files. He also includes a bit at the end of the post about getting it all to work with Apache (via mod_fastcgi and some custom configuration changes).

Link: http://coderoncode.com/2014/04/18/flexible-php-development-phpfarm.html

Community News: PHPUnit Announced End of Life on PEAR Installation Method

PHPDeveloper.org - ma, 21/04/2014 - 17:29

There's a new addition to the GitHub wiki that's quite important for the PHPUnit users out there. Sebastian Bergmann has officially announced the end of life for the PEAR version of the installer for the popular PHPUnit tool.

Since PHPUnit 3.7, released in the fall of 2012, using the PEAR Installer was no longer the only installation method for PHPUnit. Today most users of PHPUnit prefer to use a PHP Archive (PHAR) of PHPUnit or Composer to download and install PHPUnit. Starting with PHPUnit 4.0 the PEAR package of PHPUnit was merely a distribution mechanism for the PHP Archive (PHAR) and many of PHPUnit's dependencies were no longer released as PEAR packages. Furthermore, the PEAR installation method has been removed from the documentation. We are taking the next step in retiring the PEAR installation method with today's release of PHPUnit 3.7.35 and PHPUnit 4.0.17.

Included in this end of life, they'll also be decommissioning pear.phpunit.de to happen no later than the end of 2014.

Link: https://github.com/sebastianbergmann/phpunit/wiki/End-of-Life-for-PEAR-Installation-Method

Submit To The Central Scrutinizer

Planet-PHP - ma, 21/04/2014 - 16:54

(N.b.: I was unable to write this post without saying “ssscrrrrutinizer” out loud over and over. I blame my friend Ray Chavarie for inflicting Frank Zappa on me at an impressionable time in my life.)

After finishing Uncle Bob’s excellent Clean Code recently, I have been looking at my own code in Aura v2 even more critically. I started trying to apply more of the Clean Code principles to the different libraries, and thought I had done pretty well. But then I saw a scrutinizer.yml file in Luis Cordova’s Gush project, and I was curious about it.

I visited scrutinizer-ci.com to read up on the project, and man was I floored. Here is a service that will analyze your project on Github and assign it a quality grade that aligns really well with the Clean Code principles (among others). After you register a repository with Scrutinizer and perform the first analysis, you can fine-tune the process with a config file so that the Scrutinizer looks in the right directories for source code, gives you code coverage analysis, and so on.

For one of my first experiments with the Scrutinizer, I started with the Aura.Sql_Schema v2 package. I thought it would come out pretty well, but even after pointing the Scrutinizer in the right direction, it only scored an 8.61 or so. I guess that’s OK — but could we do better?

Using the Hot Spots page I was able to find the worst offenders in the classes and methods. Because we have 100% test coverage on all Aura code, it was a only matter of applying appropriate refactorings — the tests help to assure that changes don’t break anything. (The Scrutinizer will even suggest refactorings for you to apply.)

After the refactoring processes, the Scrutinizer reported a 9.46. You can see the Scrutinizer report for Aura.Sql_Schema here. There’s still room for improvement, but at least I know where the greatest improvement opportunities are.

Now that I’ve got a few days’ experience with Scrutinizer, I find it a very valuable tool. It’s very helpful as an objective assesment of code quality, so much so that I have added Scrutinizer badges to each Aura v2 package readme. You can see all the badges for all the packages on the v2 packages page.

Maybe the rest of the world knew about Scrutinizer before this, and I’m late to the game. I had not heard about it until recently, and now that I’m aware of it, I think it’s a great service for any developer concerned about code quality. Congratulations to @schmittjoh and everyone else involved in Scrutinizer. Very nicely done!

UPDATE: In response to a question elsewhere: yes, Scrutinizer is free for open-source projects.

Categorieën: Open Source, PHP Community

PHPClasses.org: Lately in PHP Podcast #46 - "Is the Hack Language Going to Replace PHP?"

PHPDeveloper.org - ma, 21/04/2014 - 16:12

In the latest episode (#46) of the "Lately in PHP" podcast series Manuel Lemos and Arturs Sosins wonder if Hack will ever replace PHP.

The release of the Facebook Hack language has shaken the PHP community since it implements several frequently requested features that were never implemented, many users are considering to drop PHP in favor of Hack. This was one of the main topics discussed by Manuel Lemos and Arturs Sosins on the episode 46 of the Lately in PHP podcast. They also talked about the OpenSSL Heartbleed security bug may affect PHP sites or not, ideas for the PHP 6 engine, the need for an official PHP specification, and an advanced email validation that can provide suggestions for address typos like Google did you mean feature.

You can catch this latest episode either through the in-page audio player, by downloading the mp3 or by watching the video of the live Google Hangout recording.

Link: http://www.phpclasses.org/blog/post/232-Is-the-Hack-Language-Going-to-Replace-PHP--Lately-in-PHP-podcast-episode-46.html

Is the Hack Language Going to Replace PHP? - Lately in PHP podcast episode 46

Planet-PHP - ma, 21/04/2014 - 11:51
By Manuel Lemos
The release of the Facebook Hack language has shaken the PHP community since it implements several frequently requested features that were never implemented, many users are considering to drop PHP in favor of Hack.

This was one of the main topics discussed by Manuel Lemos and Arturs Sosins on the episode 46 of the Lately in PHP podcast.

They also talked about the OpenSSL Heartbleed security bug may affect PHP sites or not, ideas for the PHP 6 engine, the need for an official PHP specification, and an advanced email validation that can provide suggestions for address typos like Google did you mean feature.

Now listed to the podcast, or watch the hangout video or read the transcript to learn more about these interesting PHP topics.
Categorieën: Open Source, PHP Community

Database Versioning with DBV

Planet-PHP - za, 19/04/2014 - 18:00

It’s good practice to always use a version control system in any of your projects. Be it a side-project in which you are the only developer, or a team project where five or more people are working on it together. But the idea of putting your database into version control isn’t really that widespread. Often times we take the database for granted.

But like the source files in our project, the database is constantly changing too. That’s why we also need a way to track the changes that we have made and easily share it to other members of our team.

In this article we will take a look at DBV, a database version control system written in PHP for MySQL databases so you need to have PHP and MySQL installed before you can use it, along with a web server like Apache or Nginx.

An important note about this software is that it is not a stand-alone database version control system, because it needs a version control system such as Git, Mercurial or SVN for syncing changes with your team.

Installing DBV

To start working with DBV, first you have to download the installer from their website, extract it into your project directory then rename the resulting folder to dbv. This will give you the following path:

my_project/dbv

An alternative approach is just cloning from Github.

DBV Configuration

You can start configuring the options for DBV by creating a copy of the config.php.sample file and renaming it to config.php.

The most important things to update here are the first two sections. Just substitute the values for my_username, my_password, my_database for the values in your current database configuration:

Continue reading %Database Versioning with DBV%

Categorieën: Open Source, PHP Community

Phancap: Your own website screenshot service

Planet-PHP - vr, 18/04/2014 - 23:02
Website screenshot

Full page screenshot

My bookmark manager SemanticScuttle is able to show screenshots for bookmarked websites, but always relied on an external service to generate them. The service shut down now - time to look for an alternative.

There are several dozen screenshot services on the internet; some have free plans that would allow you to re-enable screenshots on your self-hosted SemanticScuttle instance for free. But unfortunately this means registering at yet another service and being again dependent. Time for something new!

phancap

Over the last three weeks, I built phancap - a self-hosted website screenshot service. With it, your bookmark manager will never have to depend on an external service again.

It's easy to setup: Simply drop the .phar in your webserver's document root, install xvfb-run, cutycapt and imagemagick, and you're done.

It supports JPG, PNG and PDF output formats. PNG is ideal for screenshots, while full-text PDF is nice for long-time archiving of web pages.

You may configure the browser and thumbnail size, and can choose between a fixed height and full-page screenshots. Authentication may be enabled to prevent others using your server resources.

Download it or grab the source code (github mirror).

Categorieën: Open Source, PHP Community

The Usual Suspects…now with XSS!

Planet-PHP - vr, 18/04/2014 - 18:23

I’ve just pushed the latest update of the most recent book in the Securing PHP ebook series – The Usual Suspects – and included an entire chapter covering cross-site scripting:

Next we come to something that’s probably a bit more widely known but often misunderstood, especially when it comes to the power that it offers to the attacker. Part of the confusion comes from the name of the attack. When you think about the attack method an XSS vulnerabilities allows, the only thing “cross site” about it is that it can possibly come in as a link from another site. Other than that, a cross-site scripting vulnerability can be more closely associated with injection. In fact, the main reason a site might have a cross-site scripting issue is because of improper output escaping.

This new chapter has loads of information about the different types of XSS issues, the different contexts it can happen in and plenty of code and configuration examples of how to prevent them. If you haven’t picked up a copy of it yet, there’s no time like the present!

Don’t forget about the first book in the Securing PHP series too! Core Concepts is a great introduction to security terminology, methods and principles that can help you lay a good foundation for more secure applications.

Categorieën: Open Source, PHP Community
Inhoud syndiceren