STOP USING IT!!!!! If you don’t know this function, let me show it to you: “But it sanitizes my input” – yes, destructively. I’ll let the trim function pass, although that depends on the data you are sourcing. Always delay escaping until you need to render something. Besides being a…
Category: PHP
Recursion
I’m not going to go into great detail on this, so hopefully the code speaks for itself. But here’s a high level overview. Imagine you have three types, Product, Product Variation, and Product Variation Value. One instance of a Product could be “Pink Floyd Dark Side of the Moon T-Shirt”…
PHP Include Path Surprises
While diagnosing a potential unconfirmed problem with a certain popular WordPress plugin I did something that every good developer should do every once in a while, which is to humble themselves and read the most basic and obvious documentation for the simplest parts of a language or framework that you…
Check your server’s composer files for known PHP vulnerabilities
The Sensio people have made so cool stuff including the SensioLabs Security Checker. You can use it via composer but you can also download a PHAR file and scan your entire server. wget http://get.sensiolabs.org/security-checker.phar -O ~/security-checker.phar find /var/www -type f -name “composer.lock” -exec php ~/security-checker.phar security:check {} ; Symfony Security…
XDebug code coverage in PHP 7 doesn’t reach all code
I was noticing a lot of white (untouched) code in my XDebug code coverage reports however the method signatures at the top were all green and 100% covered. After some searching I found this thread (don’t bother reading) which led to this thread (scroll fast and occasionally read) which showed…
I finally get late static binding in PHP
Static inheritance in PHP (and really any language) can get tricky sometimes, especially when you’re trying to figure out what self is currently referring to. In PHP, self is always applied to the class that has that declaration, not necessarily the child class. Hmm… that reads weird, let’s make an…
PHP: Unexpected behavior when using unset() on class properties
When you unset a non-dynamic class property you apparently enter a weird limbo state. Take the following simple anonymous class: //Simple anonymous class, nothing to special $c = new class { public $alpha = ‘alpha’; }; Perform a property exists test and show the value: //Do we have the property? echo…
strcspn
Going on 10 years of PHP programming and I’m still finding functions that I never knew about. Today it was strcspn which is one of those functions that essentially maps directly to a C counterpart. int strcspn ( string $subject , string $mask [, int $start [, int $length ]] ) The formal description…
PHP RFC: Make Libsodium a Core Extension
Yes!!!! A unanimous vote to add libsodium as an official PHP extension to the next version of PHP, 7.2.
Varnish as a frontend for a remote WordPress install – Part 2
Part of this setup Nginx, MySql, PHP and WordPress. This part is for configuring Varnish 4.0 on Ubuntu 14.04 On varnish.chris.example.com Install Varnish 4.0 Add Varnish’s GPG key curl https://repo.varnish-cache.org/ubuntu/GPG-key.txt | sudo apt-key add – Add the source location echo “deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.0” | sudo tee /etc/apt/sources.list.d/varnish-cache.list Update local cache…