Posts tagged ‘php’

Updated: Netbeans 6.5 beta now available

Today it is official: The beta release of Netbeans 6.5 is available.

Download here.

After some internal confusing last days at Amit Sahas’ blog at Sun Lukas Haslik (NetBeans Platform & Core QA team lead) replied, that this “internal” link was not created for public users.

Rohan Ranade replied as every other software development team should care:

@Amit: I agree completely with Lukas. It’s common sense. NetBeans is a product, not just another open source part time project. There are dedicated teams which manage the lifecycle of NetBeans. Such journalistic activism has happened earlier too (earlier too a Sun India guy had done it). It does not do any good to NetBeans image when people download and use untested beta versions. Worse, it creates a headache for QA and Dev when spurious bug reports come in. That’s a definite loss IMO. And remember, you are a SUN employee. What you say on the blog will be taken as official. It’s a double edged sword.

I can agree with him, it is very important for any product to assure a clear and transparent communication strategy to customers. In our world of information overflow it is more important than ever.

Today Netbeans published the official beta link, looking forward to test it developing Java and indeed (for some internal applications) PHP code.

NetBeans IDE 6.5 Beta Highlights:

o Code Completion
o Quick Fixes and Semantic Checks
o FTP Support
o Debugging with Xdebug
o Support for popular Web Services
o Debugging support for Firefox and IE
o HTTP client monitoring
o Bundled popular JavaScript libraries
o Groovy/Grails support
o Compile/Deploy on Save
o Eclipse project import and synchronization
o Built-in Hibernate support
o JSF CRUD Generator now Ajax-enabled
o Editor Improvements
o Improved code completion and error highlighting
o Remote Development
o Support for Ruby Tests
o Improved support for Rake build tool
GlassFish v3 “Prelude”
o Small footprint, fast startup and deployment
o Support for scripting, including jRuby

Testing Netbeans 6.5 beta!

Thursday, 14 August 2008 at 16:15 UTC Leave a comment

Netbeans 6.5beta is released.

Found a link to the next Netbeans 6.5beta: release 6.5beta.

*Update:* My mistake, this blog post was too early. I didn’t wait until the official Netbeans team post about the next beta.

After playing around with 6.5M1 and multiple nightly development snaphots i’m glad to use this next beta.
Developing in a Java and PHP environment makes fun with Netbeans



no, we have to wait some days to 6.5M2 (or beta?).
It was an internal mistake that they post a link to an unofficial beta on a blog at

Something is strange at Netbeans! On their official netbeans development plan page everybody can read the schedule:

Milestone Code Freeze Date
Milestone 1 June 15
Feature Complete July 21
Milestone 2 BETA Aug 11
UI Frozen Aug 25
Code Freeze / High Resistance Sep 15
FCS Oct 15


Today is August, 11, but their is no 6.5M2 (beta) available.

Monday, 11 August 2008 at 11:22 UTC 1 comment

symfony upgrade to 1.1.1 failed

As Nicolas Perriault published on symfony’s blog the bugfix version 1.1.1 was released

I tried this upgrade procedure, but it failed:

pear upgrade symfony/symfony-1.1.1
downloading symfony-1.1.1.tgz ...
Starting to download symfony-1.1.1.tgz (2,131,490 bytes)
.................................................................................................................................................................................................................................................................................................................................................................done: 2,131,490 bytes

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 82 bytes) in /usr/share/php/PEAR/Registry.php on line 1061

environment: Ubuntu
Linux 2.6.24-19-generic #1 SMP Fri Jul 11 21:01:46 UTC 2008 x86_64 GNU/Linux


fixed by setting memory_limit from default 32M to 128M in php.ini:
grep memory_limit /etc/php5/cli/php.ini
memory_limit = 128M ; Maximum amount of memory a script may consume (32MB)

Wednesday, 6 August 2008 at 13:40 UTC Leave a comment

Securing php with mod_security

Learning from Facebook: Preventing PHP Leakage

There was in 2007 the Facebook code leak. PHP has always been notorious for sometimes not processing requests poorly and sending back the source code for pages to the client. Because of the way mod_php works with apache, if mod_php fails in intercepting and processing the request, then apache will just serve it back to the client as an ordinary text file. Lets touch on a few solutions to preventing PHP code from leaking:

Use mod_security to filter output and prevent leakage

is so damn good that it should be included in apache by default (and there should be some default rules in the default conf files). You can write mod_security rules that will detect if the output is PHP source code, and then prevent it from hitting the wire, instead giving the user an error page. You can also detect other information leakage, and prevent it from escaping. When writing a rule to detect if there is PHP in the output, you can do a regexp against the PHP header tags (eg. ‘< ?php’ and ‘?>‘) or include a special token in your PHP that identifies it as source code (eg. have the comment /* THIS_IS_PHP_SOURCE */ at the top of each PHP page, and if mod_security sees that in the output, kill the response). Here is a simple sample mod_security rule that will filter output:

SecFilterOutput On
SecFilterSelective OUTPUT "<?php" log,deny

For more on mod_security (essential!), see this onlamp article (old but a good intro)

Code should live outside of the web root

You should keep all logic and sensitive code outside of the web root. You can then include the logic files using the include() function. You should already be doing this with any files that store database information or passwords, but you could take this to an extreme and have only a single index.php inside your webroot, which will include a fileoutside of the webroot where everything actually happens, eg:



Change the default file type

By default, Apache will treat files as text/plain – meaning that if the extension of a file doesn’t match a handler (eg. .php files processed by mod_php), then it will send it back as plain text. If you accidently change the extension of a file type, or if an attacker somehow forces an alternate extension, they can retrieve the plain text content. To prevent this, with PHP apps you may want all files to be treated as PHP (and then have certain types handled as plain text). Modify the following directive in http.conf:


DefaultType application/x-httpd-php

Deny all outside of the webroot

Assuming your webroot is ‘www’, you want every other directory and file to note be served. Common sense:

http.conf: (or .htaccess)

<directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None

<directory /www>
Order Allow,Deny
Allow from all

Wednesday, 6 August 2008 at 11:06 UTC Leave a comment

Symfony 1.1 Admin Generator Install Cookbook at Ubuntu

Symfony is a full-stack framework, a library of cohesive classes written in PHP5.

It provides an architecture, components and tools for developers to build complex web applications faster. Choosing symfony allows you to release your applications earlier, host and scale them without problem, and maintain them over time with no surprise.
Symfony is based on experience. It does not reinvent the wheel: it uses most of the best practices of web development and integrates some great third-party libraries

1) install php-cli et al

* install necessary xsl transformator for PHP and php-cli

apt-get install php5-cli php5-xsl

* (optional) if you want to run the sf_sandbox example you the php sqlite extension:

apt-get install php5-sqlite

* depending on your planned database, install php mysql or postgres extension:

apt-get install php5-pgsql
apt-get install php5-mysql

2) install php pear – PHP Extension and Application Repository

from or under Ubuntu simple run

apt-get install php-pear

* upgrade pear to get most recent packages

sudo pear upgrade PEAR

3) install symfony with pear


* add symfony-project page to pear

sudo pear channel-discover

* install the latest release symfony 1.1

sudo pear install symfony/symfony-1.1.1

4) check if symfony is installed correct

symfony -V
symfony version 1.1.1 (/usr/share/php/symfony)

php -v
PHP 5.2.4-2ubuntu5.3 with Suhosin-Patch (cli) (built: Jul 23 2008 06:44:49)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

5) apache config – add a virtual host

* pay attention to set the /sf alias, else your application will miss stylesheets (css etc.)
* to identify, which is your symfony/pear data directory

pear config-show

Configuration (channel
Auto-discover new Channels auto_discover
Default Channel default_channel
HTTP Proxy Server Address http_proxy
PEAR server [DEPRECATED] master_server
Default Channel Mirror preferred_mirror
Remote Configuration File remote_config
PEAR executables directory bin_dir /usr/bin
PEAR documentation directory doc_dir /usr/share/php/docs
PHP extension directory ext_dir /usr/lib/php5/20060613+lfs
PEAR directory php_dir /usr/share/php
PEAR Installer cache directory cache_dir /tmp/pear/cache
PEAR configuration file cfg_dir /usr/share/php/cfg
PEAR data directory data_dir /usr/share/php/data
PEAR Installer download download_dir /tmp/pear/download
PHP CLI/CGI binary php_bin /usr/bin/php
php.ini location php_ini
PEAR Installer temp directory temp_dir /tmp/pear/temp
PEAR test directory test_dir /usr/share/php/tests
PEAR www files directory www_dir /usr/share/php/www
Cache TimeToLive cache_ttl 3600
Preferred Package State preferred_state stable
Unix file mask umask 22
Debug Log Level verbose 1
PEAR password (for password
Signature Handling Program sig_bin /usr/bin/gpg
Signature Key Directory sig_keydir /usr/etc/pearkeys
Signature Key Id sig_keyid
Package Signature Type sig_type gpg
PEAR username (for username
User Configuration File Filename /home/thomas/.pearrc
System Configuration File Filename /usr/etc/pear.conf

cat /etc/apache2/sites-enabled/admintool

ServerAlias admintool

DocumentRoot /web
Alias /sf /usr/share/php/data/symfony/web/sf

apachectl graceful

6) unix group settings

* add user e.g. myuser to group www-data
* i needed this in my first sf_sandbox installation from scratch

* as i installed a new project and application with symfony this was no longer necessary

7) add a local name for apache

important, use or add to your frontend_dev.php or appname_dev.php your different local IP
(symfony restricts to local access for all development files

/etc/hosts localhost admintool

8) (optional) found a bug in original symfony sandbox archive

* this is only relevant for sandbox examples testing with sqlite
* aou need to modify config/propel.ini

propel.database.createUrl = sqlite://./../../../../data/sandbox.db
propel.database.url = sqlite://./../../../../data/sandbox.db

9) create the symfony project

mkdir admintool
cd admintool
symfony init-project admin

10) create the symfony application

symfony init-app adm

11) configure postgres database


class: sfPropelDatabase
phptype: pgsql
host: localhost
database: DBNAME
username: DBUSER
password: DBPASSWORD

12) describe database schema model

*IMPORTANT! use spaces only, never use tabs, pay attention of similar ident


id: ~
email: varchar(255)
created: timestamp
locale: varchar(255)
login: varchar(255)
password: varchar(255)
status: integer
id: ~
comment: varchar(255)
created: timestamp
state: integer
title: varchar(255)

13) (optional) create sql and insert to an empty database

* if want to create a local database and filling test data

symfony propel:build-sql
symfony propel:insert-sql
php batch/load_data.php

14) building the model from given schema.yml definition

symfony propel:build-model

15) generate the application based on generated model classes

* one for each table

symfony propel:init-admin adm article Article
symfony propel:init-admin adm product Product

16) test the first application

* http://admintool/adm_dev.php/product

If you make any modifications on the model or add plugin etc. run clear-cache task (cc)

symfony propel:clear-cache

Other Resources:

* The Symfony Framework Homepage
* Symfony 1.0 Tutorial Extending Admin Generator from Par COil at strangebuzz (April 2008)
* A Symfony Beginner’s Tutorial from Francois Zaninotto at sitepoint (April 2007)

Monday, 28 July 2008 at 23:08 UTC 2 comments