Harry mentioned the handy little phpm some three years ago. And Sean Coates was kind enough to point out how it could be replaced with a shell one-liner. Doesn&#8217;t that just make one love bash? One thing, I missed with either of the two, was the ability to see the entire manual entry. It&#8217;s quite [...]<br style="clear: both;"/> <img alt="" style="border: 0;" border="0" src="http://www.pheedo.com/img.phdo?i=900a0e2480dfc320eeac72463e8e5bb3"/> More info

The PHP development team would like to announce the immediate availability of PHP 4.4.8. It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last normal PHP 4.4 release. If necessary, releases to address security issues could be made until 2008-08-08. Security Enhancements and Fixes in PHP 4.4.8:Improved fix for MOPB-02-2007.Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.Fixed integer overlow in str[c]spn().Fixed regression in glob when open_basedir is on introduced by #41655 fix.Fixed money_format() not to accept multiple %i or %n tokens.Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378). For a full list of changes in PHP 4.4.8, see the ChangeLog. More info

The PHP team is once again proud to participate in the Google Summer of Code. Seven students will "flip bits instead of burgers" this summer: Mentored by Michael Wallner, Hannes Magnusson will work on LiveDocs, which is a "tool to display DocBook XML files in a web browser on the fly, without the need of building all HTML target files first". This project will be of great value to the PHP Documentation Team. The PHP Interpreter uses reference counting to keep track of which objects are no longer referenced and thus can be destroyed. A major weakness in the current implementation is that it cannot detect reference cycles, that is objects that reference each other in a circular graph structure which is not referenced itself from outside the circle. Mentored by Derick Rethans, David Wang will implement a new reference counting algorithm that will alleviate this problem. Xdebug provides a range of useful functionality for PHP developers, including detailed error information, code coverage and profiling support, and support for remote debugging using the GDB and DBGp protocols. Mentored by Xdebug's creator, Derick Rethans, Adam Harvey will develop a cross-platform GUI application that implements the DBGp protocol and allows PHP applications to be debugged using Xdebug in a development environment agnostic fashion. Mentored by Lukas Smith, Konsta Vesterinen will work on the object-relational mapper Doctrine. Mutation Testing, or Automated Error Seeding, is an approach where the testing tool makes some change to the tested code, runs the tests, and if the tests pass displays a message saying what it changed. This approach is different than code coverage analysis, because it can find code that is executed by the running of tests but not actually tested. Mentored by Sebastian Bergmann, Mike Lewis will implement Mutation Testing for PHPUnit. Mentored by Helgi Þormar Þorbjörnsson, Igor Feghali will add support for foreign keys to MDB2_Schema, a package that "enables users to maintain RDBMS independant schema files in XML that can be used to create, alter and drop database entities and insert data into a database". Mentored by David Coallier, Nicolas Bérard-Nault will refactor the internals of Jaws, a Framework and Content Management System for building dynamic web sites, for PHP 6. More info

I keep running into people who caution against using Singleton and recommend to avoid it like a plague. What is so scary about it? &#8212; Kailash Badu It&#8217;s a good question, for it is true that global variables are often demonised and more recently the Singleton has befallen the same fate. Perhaps a bit surprising, it [...]<br style="clear: both;"/> <img alt="" style="border: 0; height:1px; width:1px;" border="0" src="http://www.pheedo.com/img.phdo?i=1b1986e6f9f6a320a2e500cc91cdb916" height="1" width="1"/> <img src="http://www.pheedo.com/feeds/tracker.php?i=1b1986e6f9f6a320a2e500cc91cdb916" style="display: none;" border="0" height="1" width="1" alt=""/> More info

This should be required reading for anyone working on the server-side - What PHP Deployment Gets Right; this really is the final word on the subject - it really needs adding to the PHP manual, as there&#8217;s a significant gap when it comes to describing how PHP actually works, and why it&#8217;s designed to help [...]<br style="clear: both;"/> <img alt="" style="border: 0; height:1px; width:1px;" border="0" src="http://www.pheedo.com/img.phdo?i=bd193fc63064c04e2df06565001b919c" height="1" width="1"/> <img src="http://www.pheedo.com/feeds/tracker.php?i=bd193fc63064c04e2df06565001b919c" style="display: none;" border="0" height="1" width="1" alt=""/> More info

With the rise of Javascript, and languages like Python and Ruby, functional programming is becoming more mainstream. Even Java seems to be getting closures in the next version, so does this leave PHP lacking behind or is there an unrealised potential hidden within? Dynamic dispatch What exactly defines a functional programming language, is perhaps an open question, [...]<br style="clear: both;"/> <img alt="" style="border: 0; height:1px; width:1px;" border="0" src="http://www.pheedo.com/img.phdo?i=192816e33b5e8699a57a37539581ba80" height="1" width="1"/> <img src="http://www.pheedo.com/feeds/tracker.php?i=192816e33b5e8699a57a37539581ba80" style="display: none;" border="0" height="1" width="1" alt=""/> More info

Today it is exactly three years ago since PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued. The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5. For documentation on migration for PHP 4 to PHP 5, we would like to point you to our migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well. More info

The PHP development team would like to announce the immediate availability of PHP 5.2.2 and availability of PHP 4.4.7. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.2 release can be found in the release announcement for 5.2.2, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.7 release can be found in the release announcement for 4.4.7, the full list of changes is available in the ChangeLog for PHP 4. Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)Security Enhancements and Fixes in PHP 5.2.2 only:Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)Security Enhancements and Fixes in PHP 4.4.7 only:XSS in phpinfo() (MOPB-8 by Stefan Esser) While majority of the issues outlined above are local, in some circumstances given specific code paths they can be triggered externally. Therefor, we strongly recommend that if you use code utilizing the functions and extensions identified as having had vulnerabilities in them, you consider upgrading your PHP. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.2. Update: May 4th; The PHP 4.4.7 Windows build was updated due to the faulty Apache2 module shipped with the originalUpdate: May 23th; By accident a couple of fixes where listed as fixed in both PHP 5.2.2 and 4.4.7 but where however only fixed in PHP 5.2.2. The PHP 4 ChangeLog was not affected. More info

The PHP development team would like to announce the immediate availability of PHP 5.2.1 and availability of PHP 4.4.5. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.1 release can be found in the release announcement for 5.2.1, the full list of changes is available in the ChangeLog for PHP 5. Details about the PHP 4.4.5 release can be found in the release announcement for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4. Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:Fixed possible safe_mode & open_basedir bypasses inside the session extension.Fixed unserialize() abuse on 64 bit systems with certain input strings.Fixed possible overflows and stack corruptions in the session extension.Fixed an underflow inside the internal sapi_header_op() function.Fixed non-validated resource destruction inside the shmop extension.Fixed a possible overflow in the str_replace() function.Fixed possible clobbering of super-globals in several code paths.Fixed a possible information disclosure inside the wddx extension.Fixed a possible string format vulnerability in *print() functions on 64 bit systems.Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.Fixed a string format vulnerability inside the odbc_result_all() function.Security Enhancements and Fixes in PHP 5.2.1 only:Prevent search engines from indexing the phpinfo() page.Fixed a number of input processing bugs inside the filter extension.Fixed allocation bugs caused by attempts to allocate negative values in some code paths.Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions.Fixed several possible buffer overflows inside the stream filters.Memory limit is now enabled by default.Added internal heap protection.Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.Security Enhancements and Fixes in PHP 4.4.5 only:Fixed possible overflows inside zip & imap extensions.Fixed a possible buffer overflow inside mail() function on Windows.Unbundled the ovrimos extension. The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible. For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1. Update: Feb 14th; Added release information for PHP 4.4.5.Update: Feb 12th; The Windows install package had problems with upgrading from previous PHP versions. That has now been fixed and new file posted in the download section. More info

The Drupal development team surprised everyone when they released version 6.0 last week, ahead of schedule. After one year of development we are ready to release Drupal 6.0 to the world. Thanks to the tireless work of the Drupal community, over 1,600 issues have been resolved during the Drupal 6.0 release cycle. These changes are evident [...]<br style="clear: both;"/> <img alt="" style="border: 0; height:1px; width:1px;" border="0" src="http://www.pheedo.com/img.phdo?i=6958fb3bd84343c8d8b51d1d46c73210" height="1" width="1"/> <img src="http://www.pheedo.com/feeds/tracker.php?i=6958fb3bd84343c8d8b51d1d46c73210" style="display: none;" border="0" height="1" width="1" alt=""/> More info