Jeśli jesteś właścicielem tej strony, możesz wyłączyć reklamę poniżej zmieniając pakiet na PRO lub VIP w panelu naszego hostingu już od 4zł!
Strony WWWSerwery VPSDomenyHostingDarmowy Hosting CBA.pl

Archive for the ‘WEB and PHP Development’ Category

Checkpoint Research Blog: Uncovering Drupalgeddon 2

Checkpoint Research Blog: Uncovering Drupalgeddon 2

On the Checkpoint Research blog there’s a recent post covering the recent critical Drupal bug, a.k.a. Drupalgeddon 2, and providing a deeper look into the bug and how the exploit worked.

Two weeks ago, a highly critical (21/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security team. This vulnerability allowed an unauthenticated attacker to perform remote code execution on default or common Drupal installations.

[...] Until now details of the vulnerability were not available to the public, however, Check Point Research can now expand upon this vulnerability and reveal exactly how it works.

The post covers the basic issue, a lack of input sanitization on Form API requests, and what versions it existed in. It then dives into the technical details, showing a proof of concept for the exploit and how an attacker might locate a place in the application to use it. It also looks behind the scenes at the code that handles the request and shows where the issue lies. The post ends with a look at "weaponizing" the exploit and executing whatever code you’d like on the server.

Source: http://www.phpdeveloper.org/news/26138

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Checkpoint Research Blog: Uncovering Drupalgeddon 2

Checkpoint Research Blog: Uncovering Drupalgeddon 2

On the Checkpoint Research blog there’s a recent post covering the recent critical Drupal bug, a.k.a. Drupalgeddon 2, and providing a deeper look into the bug and how the exploit worked.

Two weeks ago, a highly critical (21/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security team. This vulnerability allowed an unauthenticated attacker to perform remote code execution on default or common Drupal installations.

[...] Until now details of the vulnerability were not available to the public, however, Check Point Research can now expand upon this vulnerability and reveal exactly how it works.

The post covers the basic issue, a lack of input sanitization on Form API requests, and what versions it existed in. It then dives into the technical details, showing a proof of concept for the exploit and how an attacker might locate a place in the application to use it. It also looks behind the scenes at the code that handles the request and shows where the issue lies. The post ends with a look at "weaponizing" the exploit and executing whatever code you’d like on the server.

Source: http://www.phpdeveloper.org/news/26138

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Michael Dyrynda: Sharing databases between Laravel applications

Michael Dyrynda: Sharing databases between Laravel applications

Michael Dyrynda has a new post to his site showing the Laravel users out there how to share a database between your applications. In his case one of the applications is a legacy app and the other is a newer Laravel application.

As a contractor, I had a sanitised copy of the database, and I managed to reverse engineer the Eloquent models from the database schema, creating factories along the way, in order to be able to write tests for the members application.

In late 2017, we started migrating our CRM to Laravel as well, in order to modernise the code base a bit, give it a standard structure, and make it easy to make changes to it moving forward. Now that we had two Laravel applications, we started looking at how best to share data between them.

He starts by talking about reverse engineering the models from the database structure and the use of migrations to manage the database schema. In the end he created a stand-alone tool, Nomad, that helps to keep things in sync between the two databases. He includes examples of it in use and how it helped to keep the database in sync despite permissions issues and connection problems. He also mentions how they used it to take care of some testing issues, database configuration changes and how to use it in a continuous integration pipeline.

Source: http://www.phpdeveloper.org/news/26137

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Site News: Popular Posts for This Week (04.13.2018)

Site News: Popular Posts for This Week (04.13.2018)

Popular posts from PHPDeveloper.org for the past week:

Source: http://www.phpdeveloper.org/news/26136

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Web Technologies Blog: Code quality tools in PHP to check and improve your code

Web Technologies Blog: Code quality tools in PHP to check and improve your code

On the Web Technologies blog they’ve posted a guide to some of the top PHP code quality assurance tools to ensure your codebase is kept neat, clear and clean from any unnecessary complexity.

You’ve got the good approach dear reader: code quality tools are essential to write solid and error-free PHP code. It can help your colleagues detect defects in the codebase and teach them some key concepts.

Don’t forget however that the advises and data they can provide won’t be appropriate everywhere. Your experience and your analysis skills are the one you should trust first.

The tutorial starts of with some of the tooling you’ll need to get the system up and running: Composer for package management, terminal access for command execution and editor/IDE integrations (optional, obviously). It then lists out each of the tools and includes installation steps and links to more information:

  • PHP-CS-Fixer (PHP Coding Standards Fixer)
  • PHPCS (PHP CodeSniffer)
  • PHPMD (PHP Mess Detector)
  • PHPStan (PHP Static Analysis Tool)
  • PHPUnit and the CRAP metric

It also includes a few "bonus" tools that might be useful to track other quality aspects of your code including PhpLoc (lines of code), PHPMND for detecting "magic" numbers and churn-php for evaluating complexity of code based on number of commits. there’s several more listed in the full post so be sure to check it out and see how you can integrate them into your development process.

Source: http://www.phpdeveloper.org/news/26135

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Site News: Popular Posts for This Week (04.13.2018)

Site News: Popular Posts for This Week (04.13.2018)

Popular posts from PHPDeveloper.org for the past week:

Source: http://www.phpdeveloper.org/news/26136

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Laravel News: Sending a daily email with Laravel and Campaign Monitor

Laravel News: Sending a daily email with Laravel and Campaign Monitor

In a new tutorial on the Laravel News site, the author (Eric Barnes) shows you how to create a Laravel command that will send a daily email newsletter with the help of the Campaign Monitor service.

Here on Laravel News, we offer multiple ways of staying up to date with new content. Everything from auto-sharing to all the social media channels, a read-only Telegram channel, a weekly newsletter and last March we started offering a daily email digest.

To send the daily email we utilize the Laravel scheduler and Campaign Monitor so it’s completely automated. In this tutorial let’s look at how its all setup and how you can easily add this to your site to start sending out automated emails.

The tutorial starts by helping you get the Campaign Monitor SDK package installed (via Composer) and configured to use their API with your own key. Next it walks you through the creation of the console command to hook into the Scheduler for automated sending. It includes the code you’ll need to find the data (in this case the latest blog posts) and the email method to send the information to the Campaign Monitor API. There’s a brief mention of the creation of the HTML for the newsletter based on the Zurb Foundation and the configuration change to add the command to the scheduler for execution.

Source: http://www.phpdeveloper.org/news/26134

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Web Technologies Blog: Code quality tools in PHP to check and improve your code

Web Technologies Blog: Code quality tools in PHP to check and improve your code

On the Web Technologies blog they’ve posted a guide to some of the top PHP code quality assurance tools to ensure your codebase is kept neat, clear and clean from any unnecessary complexity.

You’ve got the good approach dear reader: code quality tools are essential to write solid and error-free PHP code. It can help your colleagues detect defects in the codebase and teach them some key concepts.

Don’t forget however that the advises and data they can provide won’t be appropriate everywhere. Your experience and your analysis skills are the one you should trust first.

The tutorial starts of with some of the tooling you’ll need to get the system up and running: Composer for package management, terminal access for command execution and editor/IDE integrations (optional, obviously). It then lists out each of the tools and includes installation steps and links to more information:

  • PHP-CS-Fixer (PHP Coding Standards Fixer)
  • PHPCS (PHP CodeSniffer)
  • PHPMD (PHP Mess Detector)
  • PHPStan (PHP Static Analysis Tool)
  • PHPUnit and the CRAP metric

It also includes a few "bonus" tools that might be useful to track other quality aspects of your code including PhpLoc (lines of code), PHPMND for detecting "magic" numbers and churn-php for evaluating complexity of code based on number of commits. there’s several more listed in the full post so be sure to check it out and see how you can integrate them into your development process.

Source: http://www.phpdeveloper.org/news/26135

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Site News: Blast from the Past – One Year Ago in PHP (04.12.2018)

Site News: Blast from the Past – One Year Ago in PHP (04.12.2018)

Here’s what was popular in the PHP community one year ago today:

Source: http://www.phpdeveloper.org/news/26133

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>

Laravel News: Sending a daily email with Laravel and Campaign Monitor

Laravel News: Sending a daily email with Laravel and Campaign Monitor

In a new tutorial on the Laravel News site, the author (Eric Barnes) shows you how to create a Laravel command that will send a daily email newsletter with the help of the Campaign Monitor service.

Here on Laravel News, we offer multiple ways of staying up to date with new content. Everything from auto-sharing to all the social media channels, a read-only Telegram channel, a weekly newsletter and last March we started offering a daily email digest.

To send the daily email we utilize the Laravel scheduler and Campaign Monitor so it’s completely automated. In this tutorial let’s look at how its all setup and how you can easily add this to your site to start sending out automated emails.

The tutorial starts by helping you get the Campaign Monitor SDK package installed (via Composer) and configured to use their API with your own key. Next it walks you through the creation of the console command to hook into the Scheduler for automated sending. It includes the code you’ll need to find the data (in this case the latest blog posts) and the email method to send the information to the Campaign Monitor API. There’s a brief mention of the creation of the HTML for the newsletter based on the Zurb Foundation and the configuration change to add the command to the scheduler for execution.

Source: http://www.phpdeveloper.org/news/26134

<!–
var d = new Date();
r = escape(d.getTime()*Math.random());
document.writeln('’);
//–>