In Case You Missed It… The Month of February, 2007

You can help mold the future of the structure of PEAR! The PEAR group is holding a general election for input on the way that PEAR related decisions are made and such. More specifically, “As PEAR moves forward, it is time to re-evaluate the way that decisions are made, who makes them, and how they are documented. Some example decisions:

• How should PEAR handle coding standards for PHP 5, PHP 6 and beyond?
• Who handles acceptance of new packages?
• What defines quality, and who enforces QA in PEAR?

The election is open until March 8, 2007 and is open to all PEAR developers and anyone else wanting to participate. In order to participate, you’ll need to
register with a special “voting only” PEAR account.

Stefan Essar declared in his PHP Security Blog that he will attempt to make March the month of PHP Bugs. In Stefan’s own words, “This means I will post every day in March information about one or more vulnerabilities within PHP.” While his approach may have stirred
up controversy, many people support Stefan’s efforts and think it will serve to make PHP better in the long run instead of scaring fence-riders away and feeding into the FUD that already surrounds some uses of PHP. It will definitely be interesting to see what
comes out of the Month of PHP Bugs – if you’d like to keep up with them, you can do so by visiting the Month of PHP Bugs dedicated site (http://www.php-security.org/).

Google has announced they will be accepting applications for the ’07 version of SOC in March. If this is your thing, you’d better check out the info at http://code.google.com/soc/, and if you’ve never heard of the SOC, then you should read their FAQ’s and go back under your rock.

Although the CfP hasn’t yet been announced, Zend has announced the dates and location for their autumn conference. 2007’s Zend Conference will be at the Hyatt Hotel in Burlingame, California on October 8 – 11. Stay tuned to http://www.zendcon.com for more details.

Apachefriends has announced they’ve updated XAMPP with the following versions:

• Apache 2.2.4
• PHP 5.2.1
• PHP 4.4.5
• MySQL 5.0.33
• phpMyAdmin 2.9.2

To get your copy, go to http://www.apachefriends.org/en/xampp.html

Congrats to the team working on the Symfony framework for their release of version 1.0 this month. From the horse’s mouth: At last, the long-awaited 1.0 stable version of symfony is just released. “For all those who waited for the “stable” status to dive into symfony, the time has come.”
This popular PHP framework boasts numerous features and a very active community, and is not to be overlooked in your quest for the perfect framework. Good job, guys!

It’s quite a challenge to make sure people have the information they need. Because some out there felt that important PHP releases were getting lost in the sea of conference announcements on the php.net home page, the good folks at the PHP Group decided to make some changes to improve navigation
and make sure you can find what you’re looking for. If you haven’t been to the site recently (shame on you), you will notice that the conference listings and calls for papers are now subtley listed at the top of the page, while important announcements related to PHP releases make up the bulk of the home page content.
Conferences now have their own section of the site. Relevant links to the manual and upcoming PHP events are still the same, but you may also notice a box in the upper right hand corner that immediately directs your attention to the most recent stable releases, and provides a link straight to the download. The changes really make it easier to sift through what’s what on the home page,
and I’m sure PHP developers everywhere appreciate their efforts.

In case you’re keeping track (as we all should be) there were a few security vulnerabilities reported for some popular PHP apps, including:

• WordPress – you should be using version 2.1x according to the vulnerability report from Secunia. There is also an unpatched vulnerability you’ll need to fix manually.
• Mambo – version 4.5.4 has been updated to fix a security bug (fixed in 4.5.5) but users of version 4.6.1 don’t yet have a patch available, according to the security report. This was confirmed at the Mambo site, where they’re working on releasing 4.6.2.
• vBulletin – if you downloaded version 3.6.4 prior to Feb 12 ’07, you’ll need to re-download and re-install, according to Secunia. There is also another unpatched vulnerability, which was just reported March 1, so keep an eye on that one too.

Incidentally, if you’re concerned about keeping track of all the applications you use at home or at work, Secunia has a handy little Software Inspector that scans your systems for the more common executables out there, and compares your version with what it shows as the most updated versions. Then it issues you a full report of any discrepancies it finds. It’s pretty slick, and although a lot of these programs check for updates automatically, it can save you some time…
not to mention, it’s a free service so check it out (of course it’s only for Windows, heh)!

I would be remiss in my duties if I didn’t include what’s new at PEAR and PECL. Recent PEAR releases include:

• Image_Barcode 1.1.0
• Services_Technorati 0.7.0alpha
• Net_CDDB 0.3.0
• Net_MAC 0.1.2
• Structures_LinkedList 0.1.3
• File_MARC 0.1.2
• Math_Derivative 1.0.0RC1
• Services_Technorati 2.0.0alpha1
• Net_LDAP 0.7.1
• Net_MPD 1.0.1
• Structures_DataGrid_Renderer_Flexy 0.1.1
• MDB2_Schema 0.7.1
• Net_UserAgent_Mobile 0.30.0
• PHP_CodeSniffer 0.4.0
• Text_CAPTCHA 0.2.1
• HTML_CSS 1.1.3
• Console_Getopt 1.2.2
• Structures_DataGrid_Renderer_Flexy 0.1.0
• Structures_LinkedList 0.1.2
• PHP_Beautifier 0.1.13
• PEAR_PackageUpdate 0.6.1
• HTML_QuickForm_altselect 1.0.0RC1
• Auth 1.5.0
• HTML_Progress2 2.3.0RC1
• PHP_CompatInfo 1.4.1
• PHP_Beautifier 0.1.12
• DB 1.7.9
• DB_Table 1.5.0RC1
• Math_BigInteger 1.0.0RC3
• PHP_Archive 0.10.0
• Net_LDAP 0.7.0
• Log 1.9.10
• Text_Figlet 1.0.0
• Text_CAPTCHA_Numeral 1.1.0
• XML_Query2XML 1.1.0
• XML_XUL 0.8.3
• HTML_Progress2 2.3.0a3
• Auth 1.5.0RC2
• Text_Wiki_Creole 0.4.2
• Structures_DataGrid_DataSource_MDB2 0.1.7
• Structures_DataGrid_DataSource_DBQuery 0.1.7
• Text_Wiki_Creole 0.4.1
• Text_Wiki_Creole 0.4.0

And for PECL, we had:

• hidef 0.1.0
• pecl_http 1.5.2
• zip 1.8.6
• APC 3.0.13
• swish 0.2.0
• pecl_http 1.5.1
• pecl_http 1.5.0
• htscanner 0.7.0
• PDO_INFORMIX 1.1.0
• PDO_IBM 1.1.0
• timezonedb 2007.2
• ibm_db2 1.6.0
• pecl_http 1.5.0RC2
• pecl_http 1.5.0RC1
• swish 0.1
• mcve 5.2.2
• SCA_SDO 1.1.2
• phar 1.0.0RC2
• phar 1.0.0RC1
• sam 1.1.0

As always, you can download or learn more about these packages at http://pear.php.net and http://pecl.php.net.

We’ll see you next month with more news and tidbits from the PHP World!