The intent behind Delphi for PHP from CodeGear, last month acquired by Embarcadero Technologies, is clear: to provide an integrated development environment for PHP that matches the speed of development regular Delphi offers for Windows applications.
First released in February 2007, the initial version fell far short of the goal, being buggy and under-documented. I've had a chance to get to grips with Version 2.0, and while CodeGear has added some refinements there remains a ways to go.
Delphi for PHP is based on a third-party product, qstudio from Qadram software, though it now appears to be its only incarnation, and features a Windows-only IDE along with a PHP 5 class library called VCL for PHP.
This component library is an open source project on SourceForge though it appears to have little use outside Delphi for PHP. The link with CodeGear's better-known Delphi for Windows is tenuous: it does not share the same IDE, and the language itself is of course PHP, and nothing to do with Delphi's Pascal. That said, the IDE is superficially similar, and existing Delphi users are meant to feel at home.
The Delphi for PHP installer sets up a complete PHP test environment, including a local Apache 2 and the Nusphere debug listener. You can use it as a basic PHP IDE with the ability to set breakpoints and step through code. The editor in version 2.0 is improved, with code folding, syntax checking and automatic source formatting. The IDE also offers a profiler that times each line of code. That said, the real value of the product is in rapid development with the visual component library (VCL) .
Full PHP environment, tenuous links to the better-known Delphi
You can drag components onto a visual form designer, and set properties and handle events through an object inspector. There are also database components, including Database, Datasource and Query, which support data-aware controls such as a DBGrid as well as standard items like edit controls, labels and checkboxes. New in version 2.0, the Xinha HTML editor is also included, enabling instant HTML editing for users.
Saturday, June 14, 2008
FOG Forum "index.php" Local File Inclusion Vulnerabilities
Description:
CWH Underground has discovered two vulnerabilities in FOG Forum, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "fog_lang" and "fog_skin" parameters in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
CWH Underground has discovered two vulnerabilities in FOG Forum, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "fog_lang" and "fog_skin" parameters in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.
The vulnerabilities are confirmed in version 0.8.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Thursday, May 8, 2008
PHP DC conference 2008
The DC PHP Developers Group recently announced Kshemendra Paul as a featured keynote speaker at the DC PHP Conference & Expo, June 2-4, 2008, at George Washington University in Washington, DC. Paul, chief architect for the Office of Management and Budget Executive Office of the President, will be presenting on "Federal E-Government and Enterprise Architecture Updates."Join hundreds of PHP practitioners, business managers, and government officials from around the world in the exchange of ideas and solutions for building a better web application infrastructure. The DC PHP conference will include tracks pertaining to business cases, best practices, the art of PHP, PHP applications, PHP in the enterprise, and Open Source. The full speaker schedule will be announced shortly.
For more information about DC PHP Conference & Expo 2008 and to register, please visit http://www.dcphpconference.com/. Early discounted registration rates affective until April 15, 2008
Call for speakers for Forum PHP Paris 2008
The AFUP, Association Française des Utilisateurs de PHP, is proud to announce the upcoming conference "Forum PHP 2008".
For this unique event in France, we are looking for the best French speaking experts, who want to share their know-how and enthusiasm. This two day conference features one technical day, with the most advanced PHP techniques and a business day, with case studies and examples of successful projects.
How to manage a PHP project (tools, methods, ...)
Insure code quality
Internet and legal issues (intellectual property, ...)
Build a business around
PHP scalibility
Connect services(web services)
Rich User Interfaces (technology choice, implementation, ...)
For this unique event in France, we are looking for the best French speaking experts, who want to share their know-how and enthusiasm. This two day conference features one technical day, with the most advanced PHP techniques and a business day, with case studies and examples of successful projects.
How to manage a PHP project (tools, methods, ...)
Insure code quality
Internet and legal issues (intellectual property, ...)
Build a business around
PHP scalibility
Connect services(web services)
Rich User Interfaces (technology choice, implementation, ...)
PHP 5.2.6 Released
The PHP development team would like to announce the immediateavailability of PHP 5.2.6. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.
Further details about the PHP 5.2.6 release can be found in the release announcement for 5.2.6, the full list of changes is available in the ChangeLog for PHP 5.
Further details about the PHP 5.2.6 release can be found in the release announcement for 5.2.6, the full list of changes is available in the ChangeLog for PHP 5.
Security Enhancements and Fixes in PHP 5.2.6:
Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
Upgraded bundled PCRE to version 7.6
Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
Upgraded bundled PCRE to version 7.6
Subscribe to:
Posts (Atom)
