In Case You Missed It...The Week of May 29th, 2006

A message from the Apache Friends lets us know that there is a new version of XAMPP if you're lazy like me. From their message, "The Apache Friends team is proud to announce XAMPP 1.5.3 for Linux and Windows. The new version of XAMPP includes fresh, green and up-to-date versions of: PHP 5.1.4, MySQL 5.0.21, Apache 2.2.2, phpMyAdmin 2.8.1 and OpenSSL 0.9.8b. In case of Linux we also upgraded ProFTPD to the recent 1.3.0 and in case of Windows we included the new version of FileZilla FTP Server 0.9.16c. Download XAMPP 1.5.3 here: http://www.apachefriends.org/en/xampp.html" Now, what could be easier?

There is a new resource in town, available to us absolutely free. It's ART (php|artchitect article repository) and we see that they are actively seeking article submissions. For more details, you can check out Marcus Whitney's blog (http://www.marcuswhitney.com/?p=88) and to see ART in action, go to http://hades.phparch.com/artemis/main/.

Davey Shafik has been kind enough to put together a visual cheat sheet for filtering and escaping input and output. You can get the cheat sheet and read more about it in his blog post, http://www.pixelated-dreams.com/archives/231-Filtering-Escaping-Cheat-Sheet.html. Thanks, Davey!

An interesting blog post on Greg Beaver's blog gives us some practical advice for how to effectively help on a PEAR (or phpDocumentor) project. He advises not to simply ask "How can I help?" as there are numerous bug lists out there that need fixin' and you don't really need permission to begin working on them. He also gives straightforward email templates that you can use when submitting fixes and such, for those of us that are communicatively-challenged. So if you've considered helping out with project, be sure to read Greg's blog post first.

Yes, it's true. Chris Shiflett has joined the masterminds at OmniTI. According to the official press release, "The addition of Brain Bulb's expertise in the area of web application security to OmniTI's full-service Internet technology professional services practice creates a comprehensive PHP-based service portfolio, further extending the company's positioning within the industry as experts in designing and implementing reliable information infrastructures." We all know that really means they're kicking booty. Congrats, Chris and the whole OmniTI team.

Secunia is reporting numerous vulnerabilities in PHP apps this week. While most are dealing with lesser-known apps, a few more widely spread ones were also on the list, such as Wordpress and Tikiwiki. For a complete list, check out Secunia's site or you can read the security summaries compiled by the PHP Security Consortium (http://phpsec.org/projects/vulnerabilities/securityfocus.html).

This recent release of the Smarty template system, "addresses a compiler bug that allowed the creation of PHP tags in secure templates. No examples have been made public. If you use the security features of Smarty to keep PHP out of templates, it is highly recommended that you upgrade. This release also addresses updates regarding xml tags and block-methods of registered objects." To download, go to http://smarty.php.net/download.php.

Ok, admittedly this isn't specifically PHP-related, but I was glad to see that SourceForge recently launched their advanced search feature, making it so much easier to find what you're looking for. You can now search by specific program language, and in a specific category... or choose only those projects registered or updated in a certain date range. Very helpful, thanks SF!

Congrats go out to Google's Summer of Code students chosen to work with some of the PHP internals. Current projects being worked on include a PDF PECL extension (by Lauris Bukšis-Haberkorns, mentored by Michael Wallner), phpAspect (by Candillon William, mentored by Marcus Boerger), PHP Macro Preprocessor (by Pavlo Shelyazhenko, mentored by Marcus Boerger), Quality Assurance GCOV website (by Daniel Pronych, mentored by Marcus Boerger), Livedocs - making DocBook less painful, and manuals more useful (by Philip Olson, mentored by Ilia Alshanetsky), new package to read, create or modify OpenDocument files (by Alexander Pak, mentored by Lukas Smith), DML support: an improvement to PEAR::MDB2_Schema (by Igor Feghali, mentored by Lukas Smith), phpAspect (by Candillon William, mentored by Sebastian Bergmann). You can also check out the ideas and students for Joomla!, Drupal, Eclipse, and Moodle. And to think I spent my summers flipping hamburgers. At any rate, congrats to all the students who were chosen and we all look forward to your progress on these projects!

I would be remiss in my duties if I didn't include what's new at PEAR and PECL. Recent PEAR releases include:

• Image_GraphViz 1.2.1 - Interface to AT&T's GraphViz tools
• MDB2_Driver_pgsql 1.0.3 - pgsql MDB2 driver
• HTML_Progress2 2.0.1 - How to include a loading bar in your XHTML documents quickly and easily.
• HTML_QuickForm_Livesearch 0.2.0 - Element for HTML_QuickForm to enable a suggest search.
• Crypt_Xtea 1.1.0RC5 - A class that implements the Tiny Encryption Algorithm (TEA) (New Variant).
• PEAR_PackageUpdate_Web 0.2.1 - A Web front end for PEAR_PackageUpdate
• DB_Sqlite_Tools 0.1.5 - DB_Sqlite_Tools is an object oriented interface to effectively manage and backup Sqlite databases.
• Log 1.9.6 - Logging utilities
• PHPUnit2 3.0.0alpha4 - Regression testing framework for unit tests.
• PEAR_PackageFileManager 1.6.0b1 - PEAR_PackageFileManager takes an existing package.xml file and updates it with a new filelist and changelog
• PEAR_PackageFileManager_Frontend 0.5.0 - PEAR_PackageFileManager_Frontend, the singleton-based frontend for user input/output.
• PEAR_PackageFileManager_Frontend_Web 0.4.0 - A Web GUI frontend for the PEAR_PackageFileManager2 class

And for PECL, we had:

• pecl_http - Extended HTTP Support
• SPL_Types - Standard PHP Library, Types Addon
• ibm_db2 - Extension for IBM DB2 Universal Database, IBM Cloudscape, and Apache Derby
• gnupg - wrapper around the gpgme library

As always, you can download or learn more about these packages at http://pear.php.net and http://pecl.php.net.

See you next week with more tidbits from the PHP world!