A cross-site scripting (XSS) vulnerability was found in the PHP League's CommonMark library ( league/commonmark ) versions 0.15.6 through 0.18.x before 0.18.1. It allows remote attackers to insert unsafe URLs into tags (even if allow_unsafe_links is false ) by adding an encoded newline character in the middle …
PHP 7.3 has been released , bringing some great new features to the language such as trailing commas in function calls , throwing errors when JSON parsing fails , array_key_first() / array_key_last() functions , and much more !
Here's a brief guide on how to install PHP 7.3 on Linux, Windows, and OS X:
I'm pleased to share that my PHP 7 Upgrade Guide ebook has been featured in the Ultimate Programmer Super Stack bundle ! This is a hand-curated collection of 25+ premium ecourses, bestselling ebooks, and bonus resources that will help new programmers:
Learn a wide range of today’s most popular (and lucrative) …
This month I released updates for a few of my open-source PHP libraries including league/commonmark , league/html-to-markdown , and colinodell/json5 . Here's a quick summary with release notes:
No breaking changes were introduced to the League's PHP Markdown library , but we did add …
Using symfony/symfony makes Composer install all Symfony Components in
the same version. But when using the standalone packages, Composer might
install dependencies in a different major version - for example, symfony/validator v2.8
is compatible with symfony/translation v3.0.
This is fine if you …
After using phpbrew to manage my local PHP versions for a while, I got tired of re-compiling PHP after every release and decided to install multiple PHP versions side-by-side with Ondřej Surý's PPA . One of the features I missed from phpbrew was the ability to run a command like phpbrew use php-7.2.8 to …
As you may know, Git is not a single application, but rather a toolkit containing many small programs and scripts that can manipulate the repository. This makes it trivial to chain those components into more-powerful, custom commands which can be defined as git aliases .
Here are some of the more-useful aliases I …
I recently upgraded my system from Ubuntu 16.04 with Unity to Ubuntu 17.10 with Gnome Shell 3. One of the "features" I found annoying was that my IDE PhpStorm was not popping to the front and receiving focus whenever breakpoints were hit. I eventually figured out a solution and wanted to document it in case others …
Back in November I released colinodell/json5 - a JSON5 parser for PHP . It's essentially a drop-in replacement for PHP's json_decode() function, but it allows things like comments, trailing commas, and more.
Fast forward to this weekend when I received the following bug report from a user named Antonio:
league/commonmark is wrapping up 2017 with the release of version 0.17 !
Minimum PHP version bumped to 5.6
New "max_nesting_level" setting
A few performance optimizations
Clean up deprecations and not-so-great code
For more info, check out:
PHP 7.2 has been released , bringing some great new features and security enhancements to the language such as object type hints , saner count() behavior , and much more .
Here's a brief guide on how to install PHP 7.2 on several different operating systems:
Ubuntu 14.04, 16.04, 17.04, 17.10, & 18.04
Magento has just released the SUPEE-10415 security patch for the following versions:
Magento Commerce 220.127.116.11-18.104.22.168 (formerly known as Enterprise Edition)
Magento Open Source 22.214.171.124-126.96.36.199 (formerly known as Community Edition)
The patch contains fixed for several security vulnerabilities including …
This weekend I released an open-source JSON5 parser for PHP !
JSON5 is a JS-compatible extension to JSON which allows comments, trailing commas, single-quoted strings, and more:
this: 'is a \
// this is an inline comment
here: 'is …
I recently came across this really helpful PHP trick:
You can cast a numeric string to either int or float , depending on its contents, by simply adding 0 :
var_dump("1" + 0);
var_dump("1." + 0);
var_dump("1.0" + 0);
var_dump("1.5" + 0);
That's much …
Several months ago I blogged about compiling open-zwave for Home Assistant 0.45 on Docker . There were two reasons I did this:
I had a Linear Z-Wave Garage Door opener - this feature was only available in the development branch of openzwave.
I wanted up-to-date device configurations for newer Z-Wave devices.
PKCS#12 archives (commonly known as .pfx files) usually contain both a certificate and its private key, sometimes with password protection. In order to use these with a server like nginx or Apache, we need to extract these objects and convert them using openssl.
(The commands below assume your file is named …
I recently inherited a legacy PHP project built on a closed-source framework where all the core classes were encrypted with IonCube. Working with closed-source code is hard enough, but not having any code hints in the IDE makes it even more challenging.
Here's what the codebase looks like:
What am I supposed to …
This morning I came into work to find my Packagist download counter had rolled over: league/commonmark now has over 1,000,000 downloads!
To celebrate this milestone I thought I'd share the story of how this package came about, how it's grown, and how I couldn't have reached this milestone without the PHP …
PHP 7.2 is slated for release in November 2017 , but you don't have to wait until then to start testing your applications! We can easily use Docker to test against the latest pre-release versions of 7.2.
PHP 7.2 Pre-Release Images
PHP now has official pre-release Docker builds available. You should use those …
I recently needed the ability to perform a RIGHT JOIN in a Symfony project. While Doctrine's DBAL library seems to support this, the ORM's QueryBuilder does not. Unfortunately, the suggested workaround of inverting the query wouldn't work in my situation. I also didn't feel like rewriting the query into DQL, so …