2010
2009
2008
<raphael.on.php/>: Sniffing refactoring needs
by mbertier & 2 othersWhile still messing around with the PHP_CodeSniffer Pear package, I took a somehow jealous 1000 feet look at some prominent code inspection tools of the Java community: PMD and Checkstyle. Browsing their available rule sets/checks I soon recognized that guaranteeing the coding standard adherence is just a partial aspect of these tools. The following post will focus on one of these additional aspects, which is finding problems related to the code size of the inspected code artifacts, by showing how to port two selected rules to sniffs for utilization with the PHP_CodeSniffer tool. These ported sniffs can be used to automatically spot obvious code smells in the code base and to signal the need to apply the appropriate and odour reducing activity known as refactoring. Further more a complete set of code size sniffs, going beyond the trageted realm of the sniffs to come, could be used to speed up the feedback loop and to reduce the effort for manual code reviews.
Greg Sherwood: Using PHP_CodeSniffer in an SVN pre-commit hook
by mbertier (via)I've just commit a new script to PHP_CodeSniffer called phpcs-svn-pre-commit. It sits in the scripts dir with phpcs and phpcs.bat. This script was contributed by Jake Bates, who has also volunteered to maintain the Debian package, and will be available in the 1.1.0 release.
2007
Mike Naberezny - Better PHPUnit Group Annotations
by mbertier (via)Running phpunit --group bug42 AllTests.php will run only the tests associated with bug #42, regardless of what files and groups those test methods span.
PHPIDS » Web Application Security 2.0 » Index
by mbertier & 1 other (via)PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.
Projects: Transliteration Extension - Derick Rethans
by mbertier (via)This extension allows you to transliterate text in non-latin characters (such as Chinese, Cyrillic, Greek etc) to latin characters. Besides the transliteration the extension also contains filters to upper- and lowercase latin, cyrillic and greek, and perform special forms of transliteration such as converting ligatures such as the Norwegian "æ" to "ae" and normalizing punctuation and spacing.
Jimdo and Northclick Dev-Blog » Getting the PHP fatal errors
by mbertier & 1 other (via)One big issue of the PHP error handling is that there’s no built-in way to catch fatal errors with an user-defined error handler. So I thought a little bit about it and maybe you have better approaches or solutions …
The short goal is to send the error via e-mail to the developer(s). As we are security-aware, we’re logging errors and do not display them to the world. (Hint: that should be your default on every production machine!)
Strings in PHP
by piouPiouMThis is a test to show what the difference in overall speed of using single quotes and concatenation vs. using double quotes and interpolation for strings in PHP.
2006
PHP_Beautifier
by clochixThis program reformat and beautify PHP source code files automatically. The program is Open Source and distributed under the terms of PHP Licence. It is written in PHP 5 and has a command line tool. It can convert your documents using different coding standards like PEAR, JAVA or C and has an easy to use web frontend.
PHP_CodeSniffer
by clochix & 1 otherPHP_CodeSniffer is a PHP5 script that tokenises and "sniffs" PHP code to detect violations of a defined set of coding standards. It is an essential development tool that ensures that your code remains clean and consistent. It can even help prevent some common semantic errors made by developers.
PHP Best Practices - phly, boy, phly
by mbertier, 1 comment (via)# Comparisons of different coding standards. I'd worked up a comparison of eZ Components and Zend Framework standards to contrast against PEAR's.
# Functional testing. Mike put a lot of effort into the unit testing section, and I'd done an additional section on functional testing -- testing against fixtures, such as test databases, sandbox services, etc.
# Repository layout. Mike actually talked about this briefly, but we'd intended to show some designs for subversion layouts, and how to create and use branches and tags.
# Subversion hook scripts. We mentioned their existence, and some uses, but we'd hoped to show how to add these to your repository, and some sample scripts.
# Mailman. How to setup archived mailing lists.
# Capistrano. Mike mentioned this tool in the talk, but did not have time to go into examples of usage.
PHP Security Consortium: PHPSecInfo
by mbertier & 8 others (via)The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
Checklist for Securing PHP Configuration | Ayman Hourieh's Blog
by mbertier & 3 others (via)Inside is a check list of settings that are intended to harden the default PHP installation.
Converting to MySQLi - MySQLForge Wiki
by mbertier (via)We have good news for those of you who fear the work of converting thousands of lines of source code manually: MySQL has developed a tool which helps you with the conversion of the code.
PHP_CodeSniffer
by mbertier & 1 other (via)PHP_CodeSniffer is a PHP5 script that tokenises and "sniffs" PHP code to detect violations of a defined set of coding standards. It is an essential development tool that ensures that your code remains clean and consistent. It can even help prevent some common semantic errors made by developers.
Template Engines
by mbertier & 6 othersIn short, the point of template engines should be to separate your business logic from your presentation logic, not separate your PHP code from your HTML code.
PHP5 Exception Use Guidelines
by mbertierThis is an informal document to describe usage guidelines for exceptions in PHP5.
Recommended PHP reading list
by mbertier & 12 others (via)Learn about PHP (Hypertext Preprocessor) with this reading list compiled for programmers and administrators by IBM Web application developers.