Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

• Till Klampaeckel's Blog: Deploying PHP applications: PEAR and composer resources for chef
  
• Stuart Herbert's Blog: Setting Up Sublime Text 2 For PHP Development
  
• Rafael Dohms' Blog: Book Review: The Art of Readable Code
  
• Project: phpVirtualBox - VirtualBox Management Tool
  
• Code2Learn.com: Generating PDF files from Database using CodeIgniter
  
• PHP.net: PHP 5.4.0 Released
  
• PHPMaster.com: Building a Domain Model - An Introduction to Persistence Agnosticism
  
• Sebastian Marek's Blog: PHP 5.4 Compatibility Coding Standard for PHP_CodeSniffer
  
• Jeremy Cook's Blog: Making PHPUnit, Doctrine & MySQL Play Nicely
  
• Michael Nitschinger's Blog: RFC: li3_fixtures Rewrite
  
• Zend.com: Zend Framework 2.0 Beta 3 Release Gives Developers an Early Start
  
• php|architect: What Will Power the Future of the Internet: REST or SOAP?
  
• DZone.com: Running JavaScript inside PHP code
  
• Marcelo Gornstein's Blog: Unit test your PHP IVR applications with PAGI
  
• PHPMaster.com: Creating Web Services with PHP and SOAP, Part 2
  

Community News: Packagist Latest Releases for 02.28.2013

Recent releases from the Packagist:

• dkcwd/dkcwd-zf2-munee (v1.2.6)
  Zend Framework 2 module leveraging 'munee' an asset optimisation library developed by Cody Lundquist. You can find munee at http://github.com/meenie/munee
  
  
  
• malonmedia/gravatari (v0.1)
  A simple and fluent gravatar package for php
  
  
  
• omnipay/omnipay (v0.8.1, v0.8.0)
  Omnipay is a framework agnostic multi-gateway payment processing library
  
  
  
• amanatykyra/drupal (7.20)
  This package is an installer that will download Drupal from the http://drupal.org website and unpack it at the root of your Composer project.
  
  
  
• Codeception/Codeception (1.5.5)
  BDD-style testing framework
  
  
  
• mute/facebook (v1.0.0-RC1)
  Implements Graph API and some of the OAuth facilities to operate with Facebook
  
  
  
• socalnick/scn-social-auth (1.6.4, 1.8.0, 1.7.3)
  Uses the HybridAuth PHP library to Enable authentication via Google, Facebook, Twitter, Yahoo!, etc for the ZfcUser ZF2 module.
  
  
  
• aza/thread (v1.0)
  AzaThread - Anizoptera CMF simple and powerful threads emulation component for PHP (based on forks).
  
  
  
• nategood/httpful (0.2.2)
  A Readable, Chainable, REST friendly, PHP HTTP Client
  
  
  
• herrera-io/service-process (1.1.0)
  A service provider for Symfony Process.
  
  
  
• jamesmoss/toml (0.1.0)
  A parser for TOML implemented in PHP.
  
  
  
• flame/framework (v3.5.0)
  Flame is simple and smart FRAMEWORK based on Nette
  
  
  
• kleiram/php-plex-crawler (v0.1.0)
  Crawls the Plex HTTP API
  
  
  
• mostofreddy/tokito (v0.1.0)
  Tokito es una librería que permite recorrer, utilizar y analizar los tokens de todo archivo PHP
  
  
  
• herrera-io/go (1.3.2, 1.3.1, 1.3)
  A simple PHP build tool.
  
  
  
• amnl/mollie (v0.0.1-RC03, v0.0.1-RC02)
  PHP 5.3 library to communicate with Mollie (PSP).
  
  
  
• lusitanian/oauth (v0.1.4)
  PHP 5.4+ oAuth 1/2 Library
  
  
  
• hautelook/gearman-bundle (0.1)
  Symfony2 Bundle that provides a service to submit Gearman jobs
  
  
  
• elendev/widget-bundle (0.1.1)
  Provide simple widget management
  
  
  
• icap-lyon1/simple-tag-bundle (1.2.0, 1.1.0, 1.0.0)
  Symfony TagBundle that easily adds tags to any entity
  
  
  
• kamisama/cake-resque (3.2.4)
  A CakePHP plugin for creating background jobs with Resque
  
  
  
• leezy/pheanstalk-bundle (1.1.0)
  The LeezyPheanstalkBundle is a Symfony2 Bundle that provides a command line interface for manage the Beanstalkd workqueue server & a pheanstalk integration.
  
  
  
• mapado/version-control-bundle (v1.0.1, v1.0.0)
  Objects Version Controller
  
  
  
• kamisama/php-resque-ex-scheduler (1.1.1)
  php-resque-ex-scheduler is a PHP port of resque-scheduler, which adds support for scheduling jobs to PHP-Resque.
  
  
  
• toopay/assetic-minifier (v0.0.1)
  Assetic Filter for pure PHP JS and CSS minification
  
  
  
• toin0u/geotools (0.1.10)
  Geo-related tools PHP 5.3 library
  
  
  
• fahad19/sitemaps (v0.5.1, v0.5.0)
  Sitemaps plugin for Croogo
  
  
  
• raftalks/form (1.2.4)
  Easy way to make Forms with PHP. Specially useful with Laravel 4.
  
  
  
• jyggen/youtubethumb (v2.1)
  A PHP class created to help you load, edit and save thumbnails from videos on Youtube.
  
  
  
• phpcr/phpcr-utils (1.0.0-beta6)
  PHP Content Repository implementation independant utilities
  
  
  
• aza/libevent (v1.0)
  AzaLibEvent - Simple, powerful and easy to use OOP wrapper for the LibEvent PHP bindings. Component from Anizoptera CMF.
  
  
  
• dominikzogg/contao-mysqli-socket (1.0.1, 1.0.0)
  add socket support to the mysqli driver in contao lts
  
  
  
• aza/clibase (v1.0)
  AzaCliBase - Anizoptera CMF component with basic functionality and helper methods for CLI and Daemon applications (forks, libevent, etc..).
  
  
  
• florianwolters/component-core-debugprint (v0.2.0)
  The Debug Print Method implementation pattern as a PHP component.
  
  
  
• kunstmaan/pagepart-bundle (v2.2.3, v2.2.2)
  The KunstmaanPagePartBundle forms the basis of our content management framework. A page built using a composition of blocks names pageparts. These pageparts allow you to fully separate the data from the presentation so non-technical webmasters can manage the website. Every page can have it's own list of possible pageparts, and pageparts are easy to create for your specific project to allow for rapid development.
  
  
  
• ray/di (1.0.0-beta5)
  Guice style annotation-driven dependency injection framework
  
  
  
• icanboogie/datetime (1.0.1)
  Interfaces to PHP DateTime and DateTimeZone
  
  
  
• lexik/paybox-bundle (v1.0.2)
  LexikPayboxBundle eases the implementation of the Paybox payment system.
  
  
  
• solo/app (2.0.0, 1.0.0)
  Solo framework app skeleton
  
  
  
• colmsjo/mirror-log-files (v0.1.0, v0.1.1)
  Mirror log files to Amazon S3
  
  
  
• mostofreddy/cliptools (v2.0.0, v1.0.0)
  Cliptools es una libreria para crear aplicaciones para PHP Cli de forma fácil y rápida
  
  
  
• covex-nn/moodle2-installer (1.0.4)
  Moodle2 installer template
  
  
  

Andrew Podner: Rock On, Refactor, or Re-roll?

In his latest post Andrew Podnet looks at a common situation for developers during one project or another. It's the struggle whether to "rock on" and keep developing a project as it's planned, refactor what's already there into something new or re-roll the whole thing completely, scrapping it for a possibly better structure.

I went to my standard code library, developed on my own over a period of 3 or 4 years and starting piecing together a core application that I could start building on. I worked on this application diligently from June to September, and I would say in that time I had made it 70% of the way through the app. I was being relatively careful about doing manual functional tests, and I felt good about what I was doing with the application where security practices were concerned. Then 2 things happened almost simultaneously that really put a wrench in the works.

He was working on a project for several months, but due to other circumstances, he had to set it aside for a while. When he came back, he had a new perspective on things and saw lots of places in the code that things could have been done different/better. The post goes through some of his thought process and how it relates to the three "roll on", "refactor" or "re-roll" the current state of the application. He does have a reminder for developers facing the same situation, though:

The whole reason I am writing this post, other than to just get my thoughts down and help make the call, is to illustrate the importance of remembering that as developers, one of our key objectives for the client is to deliver value. This is a fact that can sometimes get away from us.

Matthew Weier O'Phinney: On PHP-FIG

Matthew Weier O'Phinney has a new post to his site today covering the reasons he left the PHP-FIG, the PHP Framework Interoperability Group that was designed to help unify the framework (and PHP) communities with common goals and structure. He talks some about his reasons for leaving and what he hopes the group will, eventually, become.

I had high hopes for the group. It was the culmination of something I've been ruminating on for almost a decade (see post number 12 on my blog, dated to January 2004, for proof). My thoughts have mainly been around coding standards and best practices, helping educate developers around their benefits, and how to leverage both in order to create maintainable code.

He talks about some of the things he sees as shortfalls of the group including the definition of some of the standards (and interface structure), the current thoughts of changing of said standards and some of the "discussion" that happens in the group via the mailing lists and pull requests. He mentions that there were several times that the same discussions would happen all over again, despite people saying it had, and is tired of it.

I have better things to do with my time, things I want to create, software I want to support, hobbies and interests I want to pursue. Debating brace placement, tabs vs spaces (for the umpteenth time), or whether or not annotations have a place in programming in a dynamic language? Not so much.

Community News: Latest Releases from PHPClasses.org

• PHP Image Difference
  
  
  

  

  
  

  Package:

  
  

  PHP Image Difference

  
  

  Summary:

  
  

  Compare images to determine if they are similar

  
  

  Groups:

  
  

  Graphics, PHP 5

  
  

  Author:

  
  

  Tony L. Requena

  
  

  Description:

  
  

  This class can compare images to determine if they are similar...
  
  
  
  Read more at http://www.phpclasses.org/package/7942-PHP-Compare-images-to-determine-if-they-are-similar.html

  
  
  
  
  
  
  
  
  
• PHP Minecraft Query
  
  
  

  Package:

  
  

  PHP Minecraft Query

  
  

  Summary:

  
  

  Query the status of Minecraft game players

  
  

  Groups:

  
  

  Games, Networking, PHP 5

  
  

  Author:

  
  

  Shannon Wynter

  
  

  Description:

  
  

  This class can query the status of Minecraft game players...
  
  
  
  Read more at http://www.phpclasses.org/package/7936-PHP-Query-the-status-of-Minecraft-game-players.html

  
  
  
  
  
  
  
  
  
• PHP File Manipulation
  
  
  

  Package:

  
  

  PHP File Manipulation

  
  

  Summary:

  
  

  Manipulate files and directories

  
  

  Groups:

  
  

  Files and Folders, PHP 5

  
  

  Author:

  
  

  Preslav Panayotov

  
  

  Description:

  
  

  This class can manipulate files and directories...
  
  
  
  Read more at http://www.phpclasses.org/package/7939-PHP-Manipulate-files-and-directories.html

  
  
  
  
  
  
  
  
  
• Simple PHP MySQLi
  
  
  

  Package:

  
  

  Simple PHP MySQLi

  
  

  Summary:

  
  

  Access MySQL database wrapper using MySQLi

  
  

  Groups:

  
  

  Databases, PHP 5

  
  

  Author:

  
  

  Bennett

  
  

  Description:

  
  

  This class can Access MySQL database wrapper using MySQLi...
  
  
  
  Read more at http://www.phpclasses.org/package/7938-PHP-Access-MySQL-database-wrapper-using-MySQLi.html

  
  
  
  
  
  
  
  
  
• PHP Emoticon Parser
  
  
  

  Package:

  
  

  PHP Emoticon Parser

  
  

  Summary:

  
  

  Replace emoticon text by HTML image tags

  
  

  Groups:

  
  

  HTML, PHP 5, Text processing

  
  

  Author:

  
  

  Pierre-Henry Soria

  
  

  Description:

  
  

  This package can replace emoticon text by HTML image tags...
  
  
  
  Read more at http://www.phpclasses.org/package/7922-PHP-Replace-emoticon-text-by-HTML-image-tags.html

  
  
  
  
  
  
  
  
  
• Twitter API Rate Limit
  
  
  

  Package:

  
  

  Twitter API Rate Limit

  
  

  Summary:

  
  

  Delay API access when Twitter rate limit exceeded

  
  

  Groups:

  
  

  Social Networking, Web services

  
  

  Author:

  
  

  feyyaz

  
  

  Description:

  
  

  This class can delay the access to Twitter API when the rate limit is exceeded...
  
  
  
  Read more at http://www.phpclasses.org/package/7937-PHP-Delay-API-access-when-Twitter-rate-limit-exceeded.html

  
  
  
  
  
  
  
  
  
• PHP GIF to Sprite
  
  
  

  Package:

  
  

  PHP GIF to Sprite

  
  

  Summary:

  
  

  Convert GIF animation images to the SPR format

  
  

  Groups:

  
  

  Games, Graphics

  
  

  Author:

  
  

  Oleg

  
  

  Description:

  
  

  This class can convert GIF animation images to the image files in the SPR format...
  
  
  
  Read more at http://www.phpclasses.org/package/7935-PHP-Convert-GIF-animation-images-to-the-SPR-format.html

  
  
  
  
  
  
  
  
  

Community News: Packagist Latest Releases for 02.27.2013

Recent releases from the Packagist:

• icecave/archer (0.2.1)
  PHP testing and continuous integration by convention.
  
  
  
• 99designs/ergo (v2.5.1)
  Micro-framework for routing and request/response handling in PHP 5.3
  
  
  
• xrstf/ip-utils (v1.0.0)
  small library to deal with IPv4 & IPv6 addresses and subnets
  
  
  
• socalnick/scn-http-cache (1.1.0, 1.0.3)
  Adds several features to help make ZF2 applications cacheable.
  
  
  
• alexshelkov/simpleacl (2.0.10, 2.0.9)
  Simple Access Control List (ACL) for PHP.
  
  
  
• zeptech/code-templates (2.0.0)
  Code generation support for PHP
  
  
  
• bjyoungblood/BjyAuthorize (1.1.2)
  ZendAcl based firewall system for ZF2 dispatch protection
  
  
  
• bjyoungblood/bjy-authorize (1.1.2)
  ZendAcl based firewall system for ZF2 dispatch protection
  
  
  
• akrabat/akrabat_db_schema_manager (1.0.0)
  Akrabat's Zend Tool Provider for Zend Framework 1 Database Migrations
  
  
  
• jmikola/wildcard-event-dispatcher (v1.0.1)
  Event dispatcher with support for wildcard patterns inspired by AMQP topic exchanges.
  
  
  
• jenwachter/router-exchange (0.1)
  A collection of PHP interfaces and adapters to make swapping out router library dependencies quick and easy.
  
  
  
• phpunit/php-code-coverage (1.2.9)
  Library that provides collection, processing, and rendering functionality for PHP code coverage information.
  
  
  
• jmikola/wildcard-event-dispatcher-bundle (v1.0.0)
  Enhances the Symfony2 event dispatcher with support for wildcard patterns inspired by AMQP topic exchanges.
  
  
  
• flame/doctrine (v1.0.0)
  Collection of classes for working with Doctrine2 on Flame framework
  
  
  
• jmikola/auto-login (v1.0.0)
  Faciliates automatic login via a single token for Symfony2's Security component.
  
  
  
• jmikola/auto-login-bundle (v1.0.0)
  Authenticate users in your Symfony2 app via a single query parameter (e.g. email and newsletter links).
  
  
  
• jmikola/insecure-routes-bundle (v3.0.0, v2.0.0)
  Removes HTTPS scheme requirements from routes in your Symfony2 app (for dev/test environments).
  
  
  
• kupivkredit/kupivkredit (0.2.5)
  Kupivkredit API library.
  
  
  
• pklink/dotor (0.1.3.1, 0.1.3)
  Easy access to array values using dot notation. Useful for handling configurations or so
  
  
  
• kunststube/router (0.2.1)
  A flexible router/reverse router
  
  
  
• nanolog/nanolog (v0.0.5)
  A simple and lightweight logging solution for PHP >= 5.3
  
  
  
• webpower/gcm-application-server (1.0.2)
  Google Cloud Messaging Application Server port from JAVA to PHP
  
  
  
• juriansluiman/slm-queue (0.2.4)
  Zend Framework 2 module that integrates with various queue management systems
  
  
  
• chill/chill (v1.0.0)
  CouchDb client library for PHP 5.3+
  
  
  
• ddeboer/document-manipulation-bundle (0.2)
  Use this Symfony2 bundle to manipulate Microsoft Word and PDF documents
  
  
  
• simplon/helium (1.0.3)
  Library to handle iOS Push Notifications via Urban Airship
  
  
  
• anroots/minion-importer (1.0.1)
  CLI data import module for Kohana
  
  
  
• tedivm/stash (v0.10.2)
  A place to keep your cache
  
  
  
• codegun/eventemitter (0.2.0)
  Event Emitter for PHP
  
  
  

WebDevRadio: Episode 108: New Ruby, Regex and my Framework Security Rant(tm)

Michael Kimsal has just released the latest episode of his WebDevRadio podcast series, Episode 108: "New Ruby, Regex and my Framework Security Rant(tm)". His framwork security comments are related to PHP frameworks and why almost none of them seem to come with security features already included.

Ruby 2 was just released, and the new 'refinements' feature presents some interesting challenges for JRuby and just about anyone wanting to read Ruby code. Brief chat about the regex security affecting Rails back in January, but more broadly speaking, what does this say about regex in general? Should we embrace it, or find better alternatives? Finally, I've got a new blog post up about web framework security - why do (almost) no web frameworks ship with security baked-in?

The podcast references some of the thoughts from his recent post about framework security. You can listen to this latest episode either through the in-page player or by downloading the mp3.

Simon Holywell: Idiorm and Paris 1.3.0 released - the minimalist ORM and fluent query builder for PH

Simon Holywell has a new post to his site about a project that aims to be a minimalist ORM library and make it easier to built queries on the fly for your applications (and is installable via Composer) - the Idorm + Paris combination.

Idiorm is a PHP ORM that eschews complexity and deliberately remains lightweight with support for PHP5.2+. [...] However, having said this, Idiorm is very powerful and it makes most of the queries PHP applications require pain free. Some of these features include fluent query building, multiple connection support and result sets for easy record manipulation. Paris sits on top of Idiorm to provide a simplified active record implementation based upon the same minimalist philosophy.

He includes examples in the post of both queries with Idiorm - simple things like creating and finding records - and using Paris to make models out of PHP objects. He also talks some about the current state of the project, recent advancements and some of the things they're looking to do with it in the future (including dropping PHP 5.2 support and use late static binding).

Ulrich Kautz: C-based Web Frameworks for PHP

In this recent post to his site Ulrich Kautz takes a look at an interesting development in the PHP framework world - C-based frameworks installable as PHP extensions. He covers some of the good and bad things about this approach.

At the End of 2012 I had my first contact with a C-based PHP frameworks, namely YAF. Coincidently, some day afterwards Bruno from phpmaster.com pointed me towards Phalcon - a more modern interpretation of the same idea. So I was hooked.

In his "good idea" category he notes that it's faster because it's already loaded in on the request (no long list of includes) and the memory footprint is less than a PHP equivalent. The "bad" side of things mentions some pretty major hurdles though, including the small communities vs larger ones on PHP-based frameworks and the issues that could come with debugging/upgrading.

Community News: Latest PECL Releases for 02.26.2013

Latest PECL Releases:

• leveldb 0.1.2
  2013-02-24 - leveldb 0.1.2
  - Fixed bug when explict specify NULL comparator/snapshot raises exception
  - Fixed memory leaks when sepecify invalid snapshot
  - Fixed memory leaks of LevelDB::get()
  
  
  
• leveldb 0.1.3
  2013-02-24 - leveldb 0.1.3:
  - 0.1.3 is a version number fix upon 0.1.2 which forgot to
  remove '-dev' suffix before release
  
  
  
• event 1.2.5
  This is the first release on PECL since 1.0.0. Previous releases are available
  here: https://bitbucket.org/osmanov/pecl-event
  
  Add: callbacks and the callback arg are now passed to EventBufferEvent::__construct as optional arguments
  Change: EventBufferEvent enable/disable methods return bool now
  Change: instead of stream pass numeric file descriptor to EventListener's accept-connection callback
  Fix: unneeded Z_ADDREF_P() calls in EventListener, EventBufferEvent constructors and factory methods
  Fix: EventListener cached file descriptor for all connections
  
  
  
• eio 1.2.1
  Fix: build failed without sockets extension
  Fix: eio_write failed when buffer length was lesser than size + offset
  
  
  
• dio 0.0.7
  Added far better windows error reporting. Warnings now raised when Win32 API
  calls return errors. The warnings include the underlying Windows error
  message.
  
  
  

Community News: Packagist Latest Releases for 02.26.2013

Recent releases from the Packagist:

• utahcon/assets (0.0.4, 0.0.3, 0.0.2, 0.0.1)
  Simple Assets Manager
  
  
  
• icecave/collections (0.6.0)
  A set of PHP collection types loosely inspired by the .NET runtime and the C++ STL.
  
  
  
• bigcommerce/api (2.0.2)
  Enables PHP applications to communicate with the Bigcommerce API.
  
  
  
• aza/socket (v1.0)
  AzaSocket - Anizoptera CMF sockets abstraction component. Provides convenient universal API for using sockets in PHP (via sockets or stream extensions).
  
  
  
• pixel418/iniliq (v0.2.1)
  An ini parser for inherited values through multiple configuration files
  
  
  
• sonata-project/block-bundle (2.1.0)
  Symfony SonataBlockBundle
  
  
  
• silverstripe/framework (3.1.0-beta2)
  The SilverStripe framework
  
  
  
• 99designs/ergo (2.5.0)
  Micro-framework for routing and request/response handling in PHP 5.3
  
  
  
• silverstripe/cms (3.1.0-beta2)
  The SilverStripe Content Management System
  
  
  
• pixel418/ubiq (v0.4.1)
  Functions for readable treatment of string, array & object
  
  
  
• aza/phpgen (v1.0)
  AzaPhpGen - Anizoptera CMF PHP code generation (dump) component. Allows to dump complex arrays, objects, closures and basic data types as php code. In part, this can be called a some sort of serialization. You can customize your dumped php code as you wish.
  
  
  
• sonata-project/notification-bundle (2.1.0)
  Symfony SonataNotificationBundle
  
  
  
• aza/math (v1.0.2)
  AzaMath - Anizoptera CMF mathematic component. Arbitrary precision arithmetic (for huge integers; BCMath wrapper) and universal convertor between positional numeral systems (supported bases from 2 to 62 inclusive, and systems with custom alphabet; pure PHP realisation, can use GMP and core PHP functions for speed optimization).
  
  
  
• JanMarek/WebLoader (2.1.0)
  Tool for loading or deploying CSS and JS files into web pages
  
  
  
• thetwelvelabs/foursquare (v0.1.0)
  Foursquare API Client
  
  
  
• mobiledetect/mobiledetectlib (2.5.6)
  Mobile_Detect is a lightweight PHP class for detecting mobile devices. It uses the User-Agent string combined with specific HTTP headers to detect the mobile environment.
  
  
  
• zeichen32/gitlabapibundle (0.1.0)
  Symfony2 Bundle to include gitlab issue tracker in your app.
  
  
  
• vlucas/Spot (0.9.2)
  DataMapper ORM+ODM for PHP 5.3+
  
  
  
• 3rdpartyeve/phealng (0.2.6)
  PHP Eve Api Library, a simple PHP lib to access the EVE Online API
  
  
  
• socalnick/scn-social-auth-doctrine-orm (1.2.1)
  An extension of ScnSocialAuth that provides integration with Doctrine2 ORM.
  
  
  
• analog/analog (1.0.1-stable)
  PHP 5.3+ micro logging class that can be extended via closures. Includes several pre-built handlers including file, mail, syslog, HTTP post, and MongoDB.
  
  
  
• zeichen32/gitlabapi (0.1.1)
  Gitlab api php wrapper
  
  
  
• phpsec/phpsec (0.6.1)
  A PHP security library
  
  
  
• goalio/goalio-queue-doctrine (0.2.1, 0.2.0)
  Zend Framework 2 module that integrates Doctrine as queuing system
  
  
  
• cloud-solutions/zend-sentry (0.2.0)
  A Zend Framework 2 module that lets you log to the Sentry service.
  
  
  
• goalio/goalio-queue-scheduler (0.2.0)
  Zend Framework 2 module that add a scheduling layer to SlmQueue
  
  
  
• sonata-project/intl-bundle (2.1.0)
  Symfony SonataIntlBundle
  
  
  
• sonata-project/formatter-bundle (2.1.0)
  Symfony SonataFormatterBundle
  
  
  
• sonata-project/markitup-bundle (2.1.0)
  Symfony SonataMarkItUpBundle
  
  
  
• sonata-project/jquery-bundle (1.8.0)
  Symfony SonatajQueryBundle
  
  
  
• sonata-project/cache-bundle (2.1.0)
  This bundle provides caching services
  
  
  
• sonata-project/easy-extends-bundle (2.1.1)
  Symfony SonataEasyExtendsBundle
  
  
  
• kupivkredit/kupivkredit (0.2.0)
  Kupivkredit API library.
  
  
  
• siphoc/pdf-bundle (1.1.4)
  Siphoc PDF Bundle for Symfony2
  
  
  
• payment/isotope-payment-saferpay (1.0.0)
  saferpay payment modul for isotope ecommerce based on payment/saferpay
  
  
  
• sonata-project/seo-bundle (1.1.1)
  Symfony SonataSeoBundle
  
  
  
• sherlock/sherlock (v0.1.2)
  PHP Client for Elasticsearch
  
  
  
• payment/httpclient-guzzle (1.0.2, 1.0.1, 1.0.0)
  http client bridge for guzzle
  
  
  
• payment/httpclient-buzz (1.0.1, 1.0.0)
  http client bridge for buzz
  
  
  
• payment/saferpay (1.0.0)
  Saferpay payment service library
  
  
  
• gwk/dynamo-session-bundle (0.3, 0.2)
  DynamoDB Session Handler Bundle for Symfony 2
  
  
  
• payment/httpclient (1.0.0)
  http client interface
  
  
  
• wa72/htmlpagedom (v1.0.1)
  HtmlPageDom is a PHP library for easy manipulation of HTML documents using DOM (like jQuery for PHP)
  
  
  
• gpmd/ss-bootstrap (v1.0.0)
  Twitter Bootstrap / HTML5 Boilerplate theme for Silverstripe 3
  
  
  
• stamina/chequer-php (2.0)
  Fast & simple scalar/object/array checking/validation class
  
  
  
• arara/boot (0.2.3, 0.2.2)
  Just a simple application bootstrapper
  
  
  

PHPMaster.com: Functional Programming and PHP

On PHPMaster.com today there's a new tutorial written up by Shameer C looking at functional programming with PHP - some of the basic concepts of it and how much is possible in the language.

Many programmer like to talk about functional programming, but if you ask them if they've ever done it, most of their replies will be "No". The reason is quite simple: we are taught to think in an imperative manner when we first start learning to program, in terms of flow charts and steps to be followed in the program. So in this article I'll explain some important concepts to functional programming and how to write functional code in PHP.

He starts by defining some of the basic fundamental concepts of functional programming including recursion, referential transparency, higher order functions and lambda functions. He includes a bit of code along the way, showing things a bit more practically.

Symfony Blog: New in Symfony 2.2: The new fragment sub-framework

Fabien Potencier has new post post to the Symfony Blog today talking about a big update to the Symfony framework, the introduction of a new "fragment sub-framework". This framework (now a part of the HttpKernel) allows the handling of requests based on a few different strategies.

About a month ago, I merged a complete refactoring of the sub-requests management of Symfony. In fact, I created a whole new sub-framework to handle the rendering of resource fragments via different strategies. [...] Besides classical master requests, the HttpKernel component is now able to handle sub-requests. Let's me sum up the different strategies that are available: internal sub-requests, ESIs, HIncludes, and SSIs (in 2.3).

He talks some about each strategy and what situations they're best suited for and some sample code that shows the use of the "standalone" and "strategy" parameters. There's also new methods you can call (like "render_esi" or "render_hinclude") to work with the new features as well.

Community News: Latest PEAR Releases for 02.25.2013

Latest PEAR Releases:

• Services_Apns 0.1.0
  
  
  
  

Community News: Packagist Latest Releases for 02.25.2013

Recent releases from the Packagist:

• sherlock/sherlock (v0.1.1, v0.1.0)
  PHP Client for Elasticsearch
  
  
  
• 99designs/moa (1.0.1)
  The rightweight data mapper for mongoDB and PHP 5.3+
  
  
  
• mdogo/mdogo (0.9.1)
  Yet another microframework
  
  
  
• batlock666/fnord-pod (0.1)
  Library to parse POD-files.
  
  
  
• intervention/image (1.1.1, 1.1.0)
  Image handling and manipulation for Laravel 4
  
  
  
• braincrafted/bootstrap-bundle (1.2.0)
  Twitter Bootstrap for Symfony2
  
  
  
• kdyby/facebook (v0.9.3)
  Facebook PHP SDK for Nette Framework
  
  
  
• pixel418/iniliq (v0.2.0)
  An ini parser for inherited values through multiple configuration files
  
  
  
• benjam1/symfttpd (2.1.2)
  PHP webserver
  
  
  
• cypresslab/gitelephant-bundle (0.0.2)
  GitElephant bundle for Symfony2
  
  
  
• wikp/payment-mtgox-bundle (v0.1.0)
  Bundle for creating payment system based on MtGox.com (Bitcoin cryptocurrency
  
  
  
• batlock666/fnord-safename (0.1)
  Library to encode and decode safe filenames.
  
  
  
• contao-community-alliance/composer (0.0.4)
  composer integration into the contao cms
  
  
  
• jyggen/curl (v2.0.0-BETA2)
  A simple and lightweight cURL library with support for multiple requests in parallel.
  
  
  
• nohex/eix (0.1.1)
  PHP application framework
  
  
  
• toin0u/geotools (0.1.9)
  Geo-related tools PHP 5.3 library
  
  
  
• batlock666/fnord-utf8 (0.1)
  Library to handle characters encoded in UTF-8.
  
  
  
• symfony/symfony (v2.2.0-RC3)
  The Symfony PHP framework
  
  
  
• elendev/image-bundle (1.1.3)
  Provide simple image utilities for resizing
  
  
  
• anroots/minion-importer (1.0.0)
  CLI data import module for Kohana
  
  
  
• alexshelkov/simpleacl (2.0.8)
  Simple Access Control List (ACL) for PHP.
  
  
  
• pixel418/ubiq (v0.4.0)
  Functions for readable treatment of string, array & object
  
  
  

Maarten Balliauw: Working with Windows Azure SQL Database in PhpStorm

Maarten Balliauw has a new post to his site showing how you can work with a Azure SQL database directly from the UI of the popular PHP IDE, phpStorm.

PhpStorm provides us the possibility to connect to Windows Azure SQL Database right from within the IDE. In this post, we'll explore several options that are available for working with Windows Azure SQL Database: Setting up a database connection, creating a table, inserting and updating data, using the database console, generating a database diagram and database refactoring.

He includes the instructions and several screenshots showing each step of the above mentioned steps. The database diagram gives you a good overall view of your database structure and allows you to show a visualization of how the tables relate to each other. Note that, though this particular example shows it connecting to an Azure SQL database, the same setup can be used with lots of popular RDBMS out there.

Kevin Schroeder: Why you should not use .htaccess (AllowOverride All) in production

Kevin Schroeder has posted the results of some research he did around using the "AllowOverride" setting in Apache. He found some interesting differences when it was set to "all".

Commonly known as .htaccess, AllowOverride is a neat little feature that allows you to tweak the server's behavior without modifying the configuration file or restarting the server. [...] Beyond the obvious security problems of allowing configuration modifications in a public document root there is also a performance impact. What happens with AllowOverride is that Apache will do an open() call on each parent directory from the requested file onward.

He includes the output from a strace call in the post - first showing the function calls with it set to "none" then the same request with the setting on "all". More "open" calls are being made in the second run, increasing the execution time by a decent amount.

Community News: Packagist Latest Releases for 02.24.2013

Recent releases from the Packagist:

• alexshelkov/simpleacl (2.0.7, 2.0.6, 2.0.5)
  Simple Access Control List (ACL) for PHP.
  
  
  
• zeichen32/gitlabapi (0.1.0)
  Gitlab api php wrapper
  
  
  
• mdogo/mdogo (0.9.0)
  Yet another microframework
  
  
  
• symfony/assetic-bundle (v2.1.2)
  Integrates Assetic into Symfony2
  
  
  
• cypresslab/gitelephant (0.9.15, 0.9.14)
  An abstraction layer for git written in PHP 5.3
  
  
  
• symfony/symfony (v2.1.8)
  The Symfony PHP framework
  
  
  
• triagens/ArangoDb (v1.2.0-BETA2)
  ArangodDb PHP client
  
  
  
• aar0ntw/yii-image-io (1.0.0)
  Image Resizer for the Yii PHP framework.
  
  
  
• coremax/core-bootstrap (v0.1)
  Module to provides ZF2 integration with Twitter Bootstrap using RWOverdijk/AssetManager and many view helpers.
  
  
  
• devture/silex-provider-doctrine-mongodb (1.0)
  Silex provider for MongoDB integration via Doctrine
  
  
  
• intervention/image (1.0.1)
  Image handling and manipulation for Laravel 4
  
  
  
• shanethehat/life (v1.1.0)
  Simple version of Conway's Life game
  
  
  
• addvilz/micro-template (1.1)
  Tiny PHP template engine with Smarty-like syntax
  
  
  
• braincrafted/bootstrap-bundle (1.1.0)
  Twitter Bootstrap for Symfony2
  
  
  
• dmeroff/banga (v0.1.1, v0.1.0)
  Content management system built on top of Yii framework
  
  
  
• hailwood/database-config-loader (1.0.1)
  A package for the Laravel PHP Framework that works in tandem with the default config package to allow developers to easily add user-configurable settings to their app and packages.
  
  
  
• devture/silex-provider-config (1.0)
  Silex provider for configuration management
  
  
  
• pklink/dotor (0.1.2)
  Easy access to array values using dot notation. Useful for handling configurations or so
  
  
  
• ejsmont-artur/php-circuit-breaker (0.0.1)
  PHP Circuit Breaker component
  
  
  

Community News: Packagist Latest Releases for 02.23.2013

Recent releases from the Packagist:

• smx/simplemeetings (v0.1.4)
  Simple and abstracted library for integrating with web meetings providers such as WebEx and Citrix.
  
  
  
• mparaiso/silex-extensions (0.0.45, 0.0.44, 0.0.43, 0.0.42, 0.0.41)
  Extensions to the php Silex framework
  
  
  
• segmentio/analytics-php (0.2.5)
  Segmentio Analytics PHP Library
  
  
  
• ddeboer/vatin (v1.0)
  Validate VAT identification numbers
  
  
  
• rwoverdijk/sxmail (1.3.3, 1.3.2)
  A simple mail module for Zend Framework 2.
  
  
  
• liip/soap-recorder-bundle (0.9.5, 0.9.4)
  A simple recorder for SOAP communication
  
  
  
• studiobonito/silverstripe-publishable (1.0.1)
  Publishable is a module for Silverstripe that provides a number of extensions that make enabling and managing versioning for DataObjects much simpler.
  
  
  
• lncd/Oauth2 (1.0.6)
  A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants
  
  
  
• shanethehat/life (v1.0.5, v1.0.4, v1.0.3, v1.0.2, v1.0.1)
  Simple version of Conway's Life game
  
  
  
• phpugl/twitter-bootstrap-bundle (v0.3.0)
  Configurable Twitter Bootstrap bundle for symfony2
  
  
  
• winzou/contact-bundle (1.0.1)
  Event-based contact bundle
  
  
  
• yohang/oossh (0.1.1, 0.1.0)
  Object Oriented SSH for PHP
  
  
  
• sabre/xml (0.0.3)
  The Sabre XML parser is the only XML library that you may not hate.
  
  
  
• florianwolters/component-core-hashcode (v0.2.0)
  Provides a hash code value for objects.
  
  
  
• kbrw/riak-bundle (1.1.4, 1.1.3)
  Allows your application to intereact with Riak datastorage
  
  
  
• Beryllium/CacheBundle (v0.1.1)
  Provides an interface to Memcache for Symfony2 applications
  
  
  

Site News: Popular Posts for the Week of 02.22.2013

Popular posts from PHPDeveloper.org for the past week:

• PHPMaster.com: Avoid the Original MySQL Extension, Part 1
  
• NetTuts.com: Setting Up A Staging Environment
  
• PHPClasses.org: 6 Reasons Why PHP is a Hobbit
  
• thePHP.cc: Software Development Fluxx
  
• Brandon Savage: Best PHP Blogs To Follow
  
• Community News: Packagist Latest Releases for 02.16.2013
  
• Michael Nitschinger: A Journey on Avoiding Nulls in PHP
  
• PHP Town Hall Podcast: Episode 4: PHP's Vision, Beards, and Cake
  
• Kevin Schroeder: Would this be a dumb idea for PHP core?
  
• NetTuts.com: Testing Like a Boss in Laravel: Models
  

Community News: Packagist Latest Releases for 02.22.2013

Recent releases from the Packagist:

• florianwolters/component-core-hashcode (v0.2.0)
  Provides a hash code value for objects.
  
  
  
• kbrw/riak-bundle (1.1.4, 1.1.3, 1.1.2)
  Allows your application to intereact with Riak datastorage
  
  
  
• mparaiso/silex-extensions (0.0.44, 0.0.43, 0.0.42, 0.0.41)
  Extensions to the php Silex framework
  
  
  
• icecave/archer (0.2.0)
  PHP testing and continuous integration by convention.
  
  
  
• meenie/munee (1.3.11)
  PHP 5.3 Asset Optimisation - Smart Caching, On-The-Fly Image Resizing, Auto-LESS-Compiling, and CSS & JavaScript Combining/Minifying
  
  
  
• Respect/Config (1.0.0)
  A powerful, small, deadly simple configurator and dependency injection container made to be easy.
  
  
  
• makesites/kisscms (1.5.0)
  Content Management made Simple
  
  
  
• alexshelkov/simpleacl (2.0.4, 2.0.3)
  Simple Access Control List (ACL) for PHP.
  
  
  
• stekycz/cronner (0.5.0)
  Simple tool which helps with maintenance of cron tasks.
  
  
  
• genemu/form-bundle (v2.1.2)
  Extra Form
  
  
  
• stripe/stripe-php (v1.7.15)
  Stripe PHP Library
  
  
  
• winzou/console-bundle (1.0.0)
  This bundle allows you accessing the symfony2 console via your browser
  
  
  
• hoverboard/hoverboard (v0.5, v0.4)
  A light little MVC framework that everybody can use. Unless you want everyone in the division to think you're chicken.
  
  
  
• contao-community-alliance/composer (0.0.3)
  composer integration into the contao cms
  
  
  
• mthaml/mthaml (1.2.1)
  HAML for PHP
  
  
  
• mpratt/bolido (0.7.1)
  A simple modular Framework
  
  
  
• lncd/Oauth2 (1.0.5)
  OAuth 2.0 Framework
  
  
  
• isidromerayo/simple_php_skeleton (v0.9.4.1)
  Simple skeleton PHP project with Symfony2 components
  
  
  
• pklink/file-router (0.2.1, 0.2)
  Library for mapping files in a directory to routes
  
  
  
• omissis/zend-db-adapter-mongodb (v0.2.0)
  Zend Framework 1 Database Adapter for MongoDB
  
  
  
• studiobonito/silverstripe-imagefunctions (2.2.1)
  Image Functions Module primarily adds more image functions to the Image object but it also adds some useful SiteConfig settings.
  
  
  
• ibrows/wizard-annotation-bundle (1.0.0)
  Simple wizard for a controller with validation methods
  
  
  
• florianwolters/component-util-cloneable (v0.1.0)
  Allows and disallows the cloning of objects as a simple-to-use PHP component.
  
  
  
• florianwolters/component-core-cloneable (v0.1.0)
  Allows and disallows the cloning of objects as a simple-to-use PHP component.
  
  
  
• jwage/purl (v0.0.2)
  URL Manipulation for PHP 5.3
  
  
  
• siphoc/pdf-bundle (1.1.3)
  Siphoc PDF Bundle for Symfony2
  
  
  
• studiobonito/silverstripe-publishable (1.0.0)
  Publishable is a module for Silverstripe that provides a number of extensions that make enabling and managing versioning for DataObjects much simpler.
  
  
  
• gwk/dynamo-session-bundle (0.1)
  DynamoDB Session Handler Bundle for Symfony 2
  
  
  
• toin0u/geotools (0.1.8)
  Geo-related tools PHP 5.3 library
  
  
  

PHP.net: PHP 5.4.12 and PHP 5.3.22 released!

On PHP.net today they've announced the release of PHP 5.4.12 and 5.3.22, the latest versions of the two current release branches.

The PHP development team announces the immediate availability of PHP 5.4.12 and PHP 5.3.22. These releases fix about 10 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.12.

It's a bug fix release, but everyone's encouraged to update. It corrects things in core, FPM, sqlite, PDO_OCI, the Zend Engine and date functionality (and a bit more). You can get this latest version from the downloads page or windows.php.net for the Windows binaries. If you'd like to see the full list of issues fixed, check out the Changelog.

Michael Kimsal: Why do no almost no web frameworks come with any authentication/authorization?

In a new post to his site Michael Kimsal poses an interesting question about something he's noticed in several frameworks - and not just PHP ones: there seems to be a lack of authentication/authorization functionality coming bundled in.

Why do almost no web frameworks provide any default authentication/authorization functionality, with default examples of best practices for common use cases. The standard response I've gotten for years was/is "well, everyone's needs for authentication are different". No, they are not. A (very?) large majority of web applications (which is what most web frameworks are used to build), require some form of user login and authorization management, and often self-registration, dealing with lost passwords, etc.

He points out that by not having something a user can immediately deploy that's been well tested and relatively risk-free, it can introduce security holes as a developer is "left to fend for themselves". He suggests that the "not everyone's the same" mentality that seems to go with authentication/authorization isn't as valid as once thought. He does point out that both Symfony2 and Zend Framework 2 come with ACL functionality, but no common user handling. He mentions ones in a few other tools used in other languages too like Devise in Ruby, Spring Security in Grails and a membership system in ASP.NET.

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

• PHPMaster.com: Creating Web Services with PHP and SOAP, Part 1
  
• Enrise Blog: Zend Framework 2 Performance
  
• PHP.net: PHP 5.4.0 RC8 released
  
• NetTuts.com: PDO vs. MySQLi: Which Should You Use?
  
• PHPMaster.com: WordPress Plugin Development
  
• Marcelo Gornstein's Blog: Sniffing in PHP using libpcap: Thank you SWIG!
  
• DZone.com: Writing clean code in PHP 5.4
  
• Community News: The Great Web Framework Shootout
  
• Dzone.com: A Free Amazon EC2 Cloud Server Based LAMP
  
• Dave Marshall's Blog: How I'm designing a RESTful(ish) web service
  
• Marcelo Gornstein's Blog: Dependency injection with Xml and Yaml in the Ding container
  
• Mattias Geniar's Blog: php_value vs php_admin_value and the use of php_flag explained
  
• Rob Allen's Blog: Overriding module configuration in ZF2
  
• PHPMaster.com: Understanding the Observer Pattern
  
• Rob Allen's Blog: What problem does dependency injection solve?
  

Community News: Packagist Latest Releases for 02.21.2013

Recent releases from the Packagist:

• nitra/php-min (0.0.6)
  
• 99designs/ergo (v2.4.6)
  
• vlucas/bulletphp (1.1.6, 1.1.5)
  
• assaydepot/assaydepot (v0.0.1)
  
• lusitanian/oauth (v0.1.3)
  
• arvenil/ninja-mutex (0.1.0)
  
• stripe/stripe-php (v1.7.14)
  
• friendsofsymfony/oauth2-php (1.0.5)
  
• webvariants/babelcache (v1.2.17)
  
• smx/simplemeetings (v0.1.3)
  
• br/signed-request-bundle (0.2)
  
• alexshelkov/simpleacl (2.0.2)
  
• ruflin/Elastica (v0.20.5.0.RC1)
  
• bistro/session (0.1.0)
  
• happydemon/data-table (0.4.0, 0.3.0)
  
• bistro/common (0.1.0)
  
• mvar/yaml-component (1.3.0)
  
• herrera-io/phpunit-test-case (1.1.0)
  
• pinoco/pinoco (0.7.1)
  
• mikehaertl/localeurls (1.1.1)
  
• herrera-io/service-process (1.0.1)
  
• ibrows/sonata-admin-annotation-bundle (1.2.0, 1.1.3, 1.1.2, 1.1.1)
  
• kdyby/events (v1.0.1)
  
• themattharris/tmhoauth (0.7.5)
  
• toin0u/geotools (0.1.7, 0.1.6)
  
• pklink/file-router (0.1.2)
  
• lncd/Oauth2 (1.0.3, 1.0.2)
  
• covex-nn/moodle2-installer (1.0.2)
  
• kdyby/console (v1.1.0)
  
• knplabs/knp-components (1.2.2)
  
• triagens/ArangoDb (v1.2.0-BETA1, 1.2.beta1)
  
• keeguon/oauth2-php (1.2.0)
  
• silverstripe/payment (0.4.1)
  
• ibrows/be-simple-deployment-bundle (0.9.0)
  
• ibrows/annotation-reader (1.0.1, 1.0.0)
  
• codecraft/cx-search (v0.4)
  
• paulus/paulus (v0.9.3)
  
• payum/payum-bundle (0.2.0)
  

PHPMaster.com: Working with Slim Middleware

On PHPMaster.com Timothy Boronczyk has written up a tutorial about using the Slim microframework as a sort of "middleware" in your application - a wrapper around other functionality with an easier to use interface.

Slim is a microframework that offers routing capabilities for easily creating small PHP applications. But an interesting, and powerful, feature is its concept of Middleware. [...] I've found middleware to be an eloquent solution for implementing various filter-like services in a Slim app, such as authentication and caching. In this article I'll explain how middleware works and share with you a simple cache example that highlights how you can implement your own custom middleware.

He talks about what "middleware" is (complete with illustration) and how Slim can be used as a layer in the middleware stack. His example is a caching layer, based on Slim, that takes a request, checks the cache for it and returns it if it exists. If not, it saves the content to a database. He also includes code examples of how to use the "add" method to introduce your middleware libraries into the Slim application.

If you'd like more examples, the Slim project has several middleware examples provided in their "extras" github repository.

Andi Gutmans: Zend Server 6 is launched and available on the Amazon Web Services (AWS) Marketplace

Andi Gutmans has a new post to his site about a recent update to the offerings on the Amazon Web Services (AWS) - it now offers Zend Server 6 as an installable option.

Zend Server 6 is the ideal application platform for mobile and web applications, and this version brings a new level of enterprise capabilities. [...] Today, I'm also pleased to share that this newest version of Zend Server is now available on the Amazon Web Services Marketplace. Now, for one combined fee with Amazon Web Services, you can run your applications on a fully supported PHP application platform with Zend Server 6 running on Red Hat Enterprise Linux or Ubuntu Linux.

If you're interested in what Zend Server has to offer, check out the product page on the Zend website. Zend Server handles a lot of the base level things for you and can help you get up and running quickly. It includes things like detailed monitoring, error tracking, code tracing and a nice UI to for management and configuration of the server.

Community News: Latest Releases from PHPClasses.org

• ISM Matrix
  
• PHP docx reader
  
• Little Paginator
  
• PHP Mail Log Parser
  
• PHP Redis Model
  
• Silhouette HTTP
  

Community News: Packagist Latest Releases for 02.20.2013

Recent releases from the Packagist:

• themattharris/tmhoauth (0.7.4)
  
• behat/symfony2-extension (v1.0.1)
  
• herrera-io/doctrine-dateinterval (1.0.0)
  
• behat/mink-extension (v1.0.1)
  
• silverstripe/framework (3.0.5)
  
• mjohnson/uploader (4.0.6)
  
• mjohnson/transit (1.0.4, 1.0.3)
  
• behat/mink-selenium-driver (v1.0.3)
  
• webcreate/vcs (1.1.2)
  
• cloud-solutions/zend-sentry (0.1.2, 0.1.1)
  
• raven/raven (0.5.1)
  
• scandio/troba (0.2.1, 0.2)
  
• pklink/file-router (0.1)
  
• elendev/widget-bundle (0.1.0)
  
• socalnick/scn-social-auth (1.5.1, 1.6.3, 1.7.2, 1.7.1, 1.6.2)
  
• segmentio/analytics-php (0.2.4)
  
• alexshelkov/simpleacl (2.0.1, 2.0.0)
  
• nategood/httpful (0.2.1)
  
• bit3/contao-nested-menu (1.0.0)
  
• behat/mink-sahi-driver (v1.0.2)
  
• egeloen/ckeditor-bundle (2.1.2, 1.1.2)
  
• instaclick/php-webdriver (1.0.12)
  
• herrera-io/date-interval (1.1.0)
  
• jenwachter/html-form (0.1)
  
• tivoka/tivoka (3.2.0)
  
• herrera-io/cli-app (1.0.1)
  
• chh/pipe (v1.0.0alpha3)
  
• zeptech/code-templates (1.0.1)
  
• davewid/session (0.1.0)
  
• knplabs/knp-components (1.2.1)
  
• kitpages/chain-bundle (v1.2.0)
  
• jwpage/composerdoc (v1.1.0)
  

Anthony Ferrara: Preventing CSRF Attacks

Anthony Ferrara has written up a new post to his site looking at efective use of CSRF tokens and a few different strategies for generating them.

There's been a bit of noise in the past week about the proper way to prevent Cross-Site-Request-Forgery (CSRF) attacks. It seemed to have started with this post. There's been discussion in the comments, and on Twitter about it, and there seems to be several opposing viewpoints on the matter. I want to start off by saying that I agree completely with the post in question. But I figured I'd write a post to explain WHY I agree with it.

He starts with an overview of a few of the common types of request forgery including from a javascript injection, a Man-in-the-Middle attack and a replay attack. He then breaks up the "lines of defense" part of the post into three different sections - adding a hidden token field to forms, changing the token for each request and using random numbers when regenrating them.

Fabien Potencier: Don't use PHP libraries with known security issues

In his latest post Fabien Potencier introduces a new effort to help PHP developers using Composer for their dependencies find potential security issues automatically - the security.sensiolabs.com site.

I want to provide a simple and efficient way to check for vulnerabilities in a project and I want to serve more than just the Symfony community. That's why I'm really proud to announce a new SensioLabs initiative: a simple way to check if your project depends on third-party libraries with known security issues. The website explains how it works in details (https://security.sensiolabs.org/), but basically, this initiative gives you several ways to check for security issues in your project dependencies based on the information contained in you composer.lock file (you are using Composer to manage your dependencies, right?)

Composer users can upload their "composer.lock" file and the system will evaluate it against the vulnerabilities it knows about and return any issues it might find. The current database is hosted on github and can be added to by anyone using a pull request. Additionally, you can install the command-line version if you want to do checks locally.

Community News: Latest PECL Releases for 02.19.2013

Latest PECL Releases:

• yar 1.1.1
  
• msgpack 0.5.5
  
• msgpack 0.5.4
  
• yar 1.1.0
  
• propro 0.1.0
  
• raphf 0.1.0
  

Community News: Packagist Latest Releases for 02.19.2013

Recent releases from the Packagist:

• devtime/backbone-bundle (v0.9.10)
  
• jenwachter/data-encoder (0.2.1, 0.2, 0.1)
  
• brazilianfriendsofsymfony/settings-management-bundle (v0.1.3, v0.1.2, v0.1.1)
  
• lncd/Oauth2 (1.0.1)
  
• kriswallsmith/buzz (v0.9)
  
• brazilianfriendsofsymfony/pagseguro-bundle (v0.5.0)
  
• eloquent/typhoon (0.9.0)
  
• thepixeldeveloper/sitemap (2.0.0)
  
• rcrowe/twigbridge (v0.1.11, v0.1.10)
  
• intervention/helper (1.0.1)
  
• isidromerayo/simple_php_skeleton (v0.9.4)
  
• jyggen/curl (v2.0.0-BETA1)
  
• bmatzner/jquery-ui-bundle (1.10.1)
  
• bmatzner/lodash-bundle (1.0.1)
  
• kitpages/chain-bundle (v1.1.0, v1.0.0)
  
• kriswallsmith/assetic (v1.1.0-alpha3)
  
• ruudk/campfire-exception-bundle (0.1.6)
  
• zizaco/factory-muff (v1.4.1, v1.4)
  
• kunstmaan/admin-bundle (v2.2.3)
  
• codeconsortium/ccdn-component-bb-code-bundle (v1.3.1)
  
• webignition/http-client (1.3)
  
• predis/predis (v0.8.3)
  
• zenstruck/mobile-bundle (v2.0.0, v1.1.0)
  
• florianwolters/component-util-reflection (v0.1.0)
  
• juriansluiman/slm-queue (0.2.3)
  
• florianwolters/component-core-stringutils (v0.2.0-beta)
  
• khepin/yaml-fixtures-bundle (v0.8.0)
  
• oryzone/boilerplate-bundle (4.1.0)
  
• juriansluiman/slm-queue-sqs (0.2.3)
  
• kbrw/riak-bundle (1.1.1)
  
• opensoft/simple-serializer (1.0.1)
  
• opensoft/opensoft-simple-serializer-bundle (1.0.1)
  
• paulus/paulus (v0.9.2)
  
• opensoft/opensoft-epl-bundle (1.0.0)
  
• dholmes/doctrine-extras (0.1.0)
  

Kevin Schroeder: Would this be a dumb idea for PHP core?

In this new post to his site Kevin Schroeder thinks out loud and wonders if an idea of his is "a dumb idea" to be included into the PHP core - engine state caching.

I was consulting and I would see significant server resources consumed by bootstrapping the apps. Loading config files, loading dependent classes, setting up dependencies, initializing ACL's, and the list goes on and on. One of the ways to negate the effect would be to cache a bootstrap object and then pull that object from the cache at the start of the request. However, the problem is that unserialization can actually end up taking more time than the bootstrap process itself.

He wonders if, after the initial bootstrapping happened, a method could be called (his example is "init_engine_state") that would cache the Zend Engine's current state and pass that to a callback function. This would cache everything - objects, variables, classes, etc - all pre-interpreted into memory and make them easy to reuse on future executions. What do you think? Share your thoughts in the comments of the post.

Lorna Mitchell: New Book: PHP Web Services

Lorna Mitchell has officially announced the release of her O'Reilly-published book about creating and working with web services in PHP, PHP Web Services.

I'm delighted to announce that my new book "PHP Web Services" is now available as an early release! [...] The book isn't huge (or expensive, hint!), but it aims to give solid theory in a practical and approachable way. There's the topics you'd expect to see, covering HTTP and verbs and headers and status codes, and also around data formats. It also covers RPC services including SOAP, and also has a chapter (predictably the longest one!) about REST. I've tried to go beyond simply the "how to do" and into the "how to do in a kick-ass manner" realm, so there are chapters about how to design your API and choose what kind to build, how to handle errors, how to make your API really robust - and of course how to debug when things go wrong!

The book not only has the summaries and descriptions of some common web service challenges, but also includes code samples you can use in your own projects.

Community News: Packagist Latest Releases for 02.18.2013

Recent releases from the Packagist:

• justinrainbow/json-schema (1.3.0)
  
• kite/curlback (v2)
  
• zizaco/confide (v0.8.6beta, v0.8.5beta)
  
• icecave/archer (0.1.2)
  
• icecave/woodhouse (0.4.2)
  
• composer/installers (v1.0.2)
  
• silverstripe/framework (3.0.4, 2.4.10)
  
• silverstripe/cms (3.0.4, 2.4.10)
  
• mrimann/xlifftranslator (v1.0.2)
  
• eviweb/composer-wrapper (v1.0.1)
  
• jdolieslager/fegit (v0.1.3)
  
• jdolieslager/fesshconnect (v0.1.6)
  
• sabre/xml (0.0.2)
  
• willdurand/email-reply-parser (0.0.4)
  
• phery/phery (2.4.1, 2.4.0)
  
• zizaco/factory-muff (v1.3, v1.2)
  
• behat/mink-selenium-driver (v1.0.2)
  
• behat/mink-browserkit-driver (v1.0.2)
  
• behat/mink-goutte-driver (v1.0.5)
  
• behat/mink-sahi-driver (1.0.1)
  
• behat/mink-selenium2-driver (v1.0.4)
  
• kbrw/riak-bundle (1.1.0)
  
• fightmaster/dao (1.0.2)
  
• behat/sahi-client (v1.1.0)
  
• juriansluiman/slm-queue-sqs (0.2.2)
  
• icanboogie/datetime (1.0.0)
  
• phpsec/phpsec (0.6.0)
  
• soliantconsulting/simplefm (2.0.0beta2)