The intent behind Delphi for PHP from CodeGear, last month acquired by Embarcadero Technologies, is clear: to provide an integrated development environment for PHP that matches the speed of development regular Delphi offers for Windows applications.
First released in February 2007, the initial version fell far short of the goal, being buggy and under-documented. I've had a chance to get to grips with Version 2.0, and while CodeGear has added some refinements there remains a ways to go.
Delphi for PHP is based on a third-party product, qstudio from Qadram software, though it now appears to be its only incarnation, and features a Windows-only IDE along with a PHP 5 class library called VCL for PHP.
This component library is an open source project on SourceForge though it appears to have little use outside Delphi for PHP. The link with CodeGear's better-known Delphi for Windows is tenuous: it does not share the same IDE, and the language itself is of course PHP, and nothing to do with Delphi's Pascal. That said, the IDE is superficially similar, and existing Delphi users are meant to feel at home.
The Delphi for PHP installer sets up a complete PHP test environment, including a local Apache 2 and the Nusphere debug listener. You can use it as a basic PHP IDE with the ability to set breakpoints and step through code. The editor in version 2.0 is improved, with code folding, syntax checking and automatic source formatting. The IDE also offers a profiler that times each line of code. That said, the real value of the product is in rapid development with the visual component library (VCL) .
Full PHP environment, tenuous links to the better-known Delphi
You can drag components onto a visual form designer, and set properties and handle events through an object inspector. There are also database components, including Database, Datasource and Query, which support data-aware controls such as a DBGrid as well as standard items like edit controls, labels and checkboxes. New in version 2.0, the Xinha HTML editor is also included, enabling instant HTML editing for users.
Saturday, June 14, 2008
FOG Forum "index.php" Local File Inclusion Vulnerabilities
Description:
CWH Underground has discovered two vulnerabilities in FOG Forum, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "fog_lang" and "fog_skin" parameters in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
CWH Underground has discovered two vulnerabilities in FOG Forum, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "fog_lang" and "fog_skin" parameters in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Subscribe to:
Posts (Atom)
