The PHP development team would like to announce the immediate availability of PHP 5.3.3. This release focuses on improving the stability and security of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release. Backwards incompatible change:Methods with the same name as the last element of a namespaced class name will no longer be treated as constructor. This change doesn't affect non-namespaced classes. <?php namespace Foo; class Bar {     public function Bar() {         // treated as constructor in PHP 5.3.0-5.3.2         // treated as regular method in PHP 5.3.3     } } ?> There is no impact on migration from 5.2.x because namespaces were only introduced in PHP 5.3.Security Enhancements and Fixes in PHP 5.3.3:Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).Fixed a possible resource destruction issues in shm_put_var().Fixed a possible information leak because of interruption of XOR operator.Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.Fixed a possible memory corruption in ArrayObject::uasort().Fixed a possible memory corruption in parse_str().Fixed a possible memory corruption in pack().Fixed a possible memory corruption in substr_replace().Fixed a possible memory corruption in addcslashes().Fixed a possible stack exhaustion inside fnmatch().Fixed a possible dechunking filter buffer overflow.Fixed a possible arbitrary memory access inside sqlite extension.Fixed string format validation inside phar extension.Fixed handling of session variable serialization on certain prefix characters.Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).Fixed SplObjectStorage unserialization problems (CVE-2010-2225).Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.Fixed possible buffer overflows when handling error packets in mysqlnd.Key enhancements in PHP 5.3.3 include:Upgraded bundled sqlite to version 3.6.23.1.Upgraded bundled PCRE to version 8.02.Added FastCGI Process Manager (FPM) SAPI.Added stream filter support to mcrypt extension.Added full_special_chars filter to ext/filter.Fixed a possible crash because of recursive GC invocation.Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).Fixed bug #52060 (Memory leak when passing a closure to method_exists()).Fixed bug #52001 (Memory allocation problems after using variable variables).Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3). For users upgrading from PHP 5.2 there is a migration guide available on http://php.net/migration53, detailing the changes between those releases and PHP 5.3. For a full list of changes in PHP 5.3.3, see the ChangeLog.

The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.Security Enhancements and Fixes in PHP 5.2.14:Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().Fixed a possible memory corruption in substr_replace().Fixed SplObjectStorage unserialization problems (CVE-2010-2225).Fixed a possible stack exaustion inside fnmatch().Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).Fixed handling of session variable serialization on certain prefix characters.Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.Key enhancements in PHP 5.2.14 include:Upgraded bundled PCRE to version 8.02.Updated timezone database to version 2010.5.Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).Fixed bug #52237 (Crash when passing the reference of the property of a non-object).Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).Fixed bug #51822 (Segfault with strange __destruct() for static class variables).Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3.For a full list of changes in PHP 5.2.14 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.14.

PHP is proud to announce TestFest 2010. TestFest is PHP's annual campaign to increase the overall code coverage of PHP through PHPT tests. During TestFest, PHP User Groups and individuals around the world organize local events where new tests are written and new contributors are introduced to PHP's testing suite. Last year was very successful with 887 tests submitted and a code coverage increase of 2.5%. This year we hope to do better. TestFest's own SVN repository and reporting tools are back online for this year's event. New to TestFest this year are automated test environment build tools as well as screencasts showing those build tools in action. Please visit the TestFest 2010 wiki page for all the details on events being organized in your area, or find out how you can organize your own event.

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.2:Improved LCG entropy. (Rasmus, Samy Kamkar)Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)Key Bug Fixes in PHP 5.3.2 include:Added support for SHA-256 and SHA-512 to php's crypt.Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check.Fixed bug #51059 (crypt crashes when invalid salt are given).Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).Fixed bug #50723 (Bug in garbage collector causes crash).Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).Fixed bug #50540 (Crash while running ldap_next_reference test cases).Fixed bug #49851 (http wrapper breaks on 1024 char long headers).Over 60 other bug fixes. For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3. Further information and downloads: For a full list of changes in PHP 5.3.2, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.

The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.13:Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)Improved LCG entropy. (Rasmus, Samy Kamkar) Further details about the PHP 5.2.13 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12:Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Further details about the PHP 5.2.12 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

The PHP development team would like to announce the immediate availability of PHP 5.3.1. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users of PHP are encouraged to upgrade to this release.Security Enhancements and Fixes in PHP 5.3.1:Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.Added missing sanity checks around exif processing.Fixed a safe_mode bypass in tempnam().Fixed a open_basedir bypass in posix_mkfifo().Fixed failing safe_mode_include_dir.Further details about the PHP 5.3.1 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

Martin Rusev is developing a new database query library for PHP 5. The project shows promise, but it has some distance to go before it competes with other available libraries.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=Nezo9UAhvAY:FNIKxZ2PkfA:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Nezo9UAhvAY:FNIKxZ2PkfA:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=Nezo9UAhvAY:FNIKxZ2PkfA:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Nezo9UAhvAY:FNIKxZ2PkfA:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=Nezo9UAhvAY:FNIKxZ2PkfA:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Nezo9UAhvAY:FNIKxZ2PkfA:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=Nezo9UAhvAY:FNIKxZ2PkfA:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Nezo9UAhvAY:FNIKxZ2PkfA:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Nezo9UAhvAY:FNIKxZ2PkfA:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=Nezo9UAhvAY:FNIKxZ2PkfA:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/Nezo9UAhvAY" height="1" width="1"/>

Early last month, we sent out an email to customers of php&#124;architect announcing a contest just for them. Participants had to look at last month's cover and name the 9 websites represented on the visible cards. We want to thank everyone who played, we loved reading some of the responses we got and wish that there had been a prize for most inventive answer. :)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=4lrpNlZBfwo:Nn_cx1Fy35Y:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4lrpNlZBfwo:Nn_cx1Fy35Y:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=4lrpNlZBfwo:Nn_cx1Fy35Y:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4lrpNlZBfwo:Nn_cx1Fy35Y:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=4lrpNlZBfwo:Nn_cx1Fy35Y:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4lrpNlZBfwo:Nn_cx1Fy35Y:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=4lrpNlZBfwo:Nn_cx1Fy35Y:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4lrpNlZBfwo:Nn_cx1Fy35Y:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4lrpNlZBfwo:Nn_cx1Fy35Y:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=4lrpNlZBfwo:Nn_cx1Fy35Y:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/4lrpNlZBfwo" height="1" width="1"/>

After playing with Flex off and on for a couple of months, I decided I would try to break it. I’m not a security guy at heart, but I’ve listened closely and improved my own stuff, so I quickly came up with four ways that I might be able to cause problems with Flex. Here are my results with each. To be clear, it is not my goal to be a nefarious troublemaker and break everything. My goal is to find out where things could break.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=wq7qYu1g9CM:RVh7zffchPs:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=wq7qYu1g9CM:RVh7zffchPs:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=wq7qYu1g9CM:RVh7zffchPs:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=wq7qYu1g9CM:RVh7zffchPs:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=wq7qYu1g9CM:RVh7zffchPs:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=wq7qYu1g9CM:RVh7zffchPs:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=wq7qYu1g9CM:RVh7zffchPs:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=wq7qYu1g9CM:RVh7zffchPs:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=wq7qYu1g9CM:RVh7zffchPs:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=wq7qYu1g9CM:RVh7zffchPs:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/wq7qYu1g9CM" height="1" width="1"/>

July 22 has seen the release of two new versions of PHP - the innovator 5.3.x and the previous 5.2.x. There are interesting news for both these new releases.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=f9XgMlWloz8:6Euq1rrFZCo:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=f9XgMlWloz8:6Euq1rrFZCo:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=f9XgMlWloz8:6Euq1rrFZCo:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=f9XgMlWloz8:6Euq1rrFZCo:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=f9XgMlWloz8:6Euq1rrFZCo:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=f9XgMlWloz8:6Euq1rrFZCo:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=f9XgMlWloz8:6Euq1rrFZCo:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=f9XgMlWloz8:6Euq1rrFZCo:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=f9XgMlWloz8:6Euq1rrFZCo:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=f9XgMlWloz8:6Euq1rrFZCo:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/f9XgMlWloz8" height="1" width="1"/>

Object-relational mappers are seen either as an abomination or as a life-saving tool. In the PHP world, they have appeared only in the last years.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=PtEEBD5hYaw:R6RfJSt9Heg:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=PtEEBD5hYaw:R6RfJSt9Heg:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=PtEEBD5hYaw:R6RfJSt9Heg:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=PtEEBD5hYaw:R6RfJSt9Heg:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=PtEEBD5hYaw:R6RfJSt9Heg:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=PtEEBD5hYaw:R6RfJSt9Heg:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=PtEEBD5hYaw:R6RfJSt9Heg:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=PtEEBD5hYaw:R6RfJSt9Heg:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=PtEEBD5hYaw:R6RfJSt9Heg:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=PtEEBD5hYaw:R6RfJSt9Heg:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/PtEEBD5hYaw" height="1" width="1"/>

PHPDOCX is a PHP library that allows its client code to generate Microsoft Word documents in the .docx format from PHP scripts, or to output PDF and HTML from a given Word document.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=zj1ORoNlwyE:hhFxOac7xkg:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=zj1ORoNlwyE:hhFxOac7xkg:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=zj1ORoNlwyE:hhFxOac7xkg:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=zj1ORoNlwyE:hhFxOac7xkg:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=zj1ORoNlwyE:hhFxOac7xkg:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=zj1ORoNlwyE:hhFxOac7xkg:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=zj1ORoNlwyE:hhFxOac7xkg:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=zj1ORoNlwyE:hhFxOac7xkg:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=zj1ORoNlwyE:hhFxOac7xkg:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=zj1ORoNlwyE:hhFxOac7xkg:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/zj1ORoNlwyE" height="1" width="1"/>

Ext4Yii is one of the numerous solution to bring a JavaScript framework into a PHP one with ease.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=eh65MGNeDsg:7o6yJ4YzNOU:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=eh65MGNeDsg:7o6yJ4YzNOU:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=eh65MGNeDsg:7o6yJ4YzNOU:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=eh65MGNeDsg:7o6yJ4YzNOU:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=eh65MGNeDsg:7o6yJ4YzNOU:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=eh65MGNeDsg:7o6yJ4YzNOU:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=eh65MGNeDsg:7o6yJ4YzNOU:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=eh65MGNeDsg:7o6yJ4YzNOU:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=eh65MGNeDsg:7o6yJ4YzNOU:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=eh65MGNeDsg:7o6yJ4YzNOU:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/eh65MGNeDsg" height="1" width="1"/>

ModSecurity Handbook:The Complete Guide to the Popular Open Source Web Application Firewall by Ivan Ristic.</strong> </a>What is ModSecurity in the first place? Why does it matter to you? What makes this book important to the practice of web application design?<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=S5dMhuZ_0j8:sglofy6TBc4:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=S5dMhuZ_0j8:sglofy6TBc4:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=S5dMhuZ_0j8:sglofy6TBc4:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=S5dMhuZ_0j8:sglofy6TBc4:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=S5dMhuZ_0j8:sglofy6TBc4:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=S5dMhuZ_0j8:sglofy6TBc4:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=S5dMhuZ_0j8:sglofy6TBc4:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=S5dMhuZ_0j8:sglofy6TBc4:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=S5dMhuZ_0j8:sglofy6TBc4:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=S5dMhuZ_0j8:sglofy6TBc4:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/S5dMhuZ_0j8" height="1" width="1"/>

How many times have we heard about security issues in PHP applications stemming from unescaped GET and POST parameters? Proper escaping of input is a perennial problem with web development in general, and for whatever reason PHP seems to have had more than its fair share of bad publicity on this front.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=Q3vJm_xjHrI:SwDLYFvNThg:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Q3vJm_xjHrI:SwDLYFvNThg:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=Q3vJm_xjHrI:SwDLYFvNThg:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Q3vJm_xjHrI:SwDLYFvNThg:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=Q3vJm_xjHrI:SwDLYFvNThg:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Q3vJm_xjHrI:SwDLYFvNThg:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=Q3vJm_xjHrI:SwDLYFvNThg:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Q3vJm_xjHrI:SwDLYFvNThg:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=Q3vJm_xjHrI:SwDLYFvNThg:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=Q3vJm_xjHrI:SwDLYFvNThg:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/Q3vJm_xjHrI" height="1" width="1"/>

Ralph Schindler has started the ball rolling on requirements for Zend Db for Zend Framework 2.0.  He announced on the ZF Contributors mailing list: &#160; Requirements have been solicited from both community members in various conversations, as well as looking through the issue tracker for feature requests that have been on the backlog due to [...]<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/phpa?a=4BXEP0AgZ-A:1_shBL-0rpM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/phpa?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4BXEP0AgZ-A:1_shBL-0rpM:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/phpa?i=4BXEP0AgZ-A:1_shBL-0rpM:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4BXEP0AgZ-A:1_shBL-0rpM:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/phpa?i=4BXEP0AgZ-A:1_shBL-0rpM:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4BXEP0AgZ-A:1_shBL-0rpM:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/phpa?i=4BXEP0AgZ-A:1_shBL-0rpM:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4BXEP0AgZ-A:1_shBL-0rpM:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/phpa?d=qj6IDK7rITs" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/phpa?a=4BXEP0AgZ-A:1_shBL-0rpM:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/phpa?i=4BXEP0AgZ-A:1_shBL-0rpM:gIN9vFwOqvQ" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/phpa/~4/4BXEP0AgZ-A" height="1" width="1"/>