GitHub - splitbrain/meh: Meh... another comment system https://github.com/splitbrain/meh #alternative #integration #OpenSource #comments #mastodon #node.js #website #GitHub #sqlite #static #blog #PHP

Hi, #Today I decided to try to #getfedihired — I've got many years of experience with web development, programming and production (#HTML, #CSS, #Javascript), I can make myself useful in anything on the open-source side of back end, i.e. the #Perl, #Python, #PHP, #MySQL, #Linux kind of area.

I live in #Sydney Australia and would be happy to work in-office, remote or hybrid.

Let me know of any opportunities, or pass this on to anyone else who might know of something? Thanks.

Missing Characters
Original Post

I release a new version of Xdebug on Sunday, which fixes a few bugs. One of them is titled emoji character become diamond question marks. This bug turned out to be the same as var_dump does not output some Russian characters, which was originally reported a few days earlier but hadn't come with a decent enough reproducible case.

At first I dismissed this, as it's not unlikely that people get their character sets wrong, or mixed up.

But when I tested it, the following script really did not show the right result:

Instead of the expected:
Standard input code:3:string
'hello 👍' (length=10)

It showed:
Standard input code:3:string
'hello ���' (length=10)

The four bytes that should have made up the 👍 had turned into three.

Xdebug uses a function, xdebug_xmlize, to escape XML and XHTML-special characters such as ", &, and < when it outputs strings of data.

Its algorithm first calculates how much memory the resulting string would use by looping over the source characters, and adding the lengths of the escaped characters together. It uses a 256-entry table for this.

The first row shows that byte 0's escaped length will be 4 (for ) and the LF character's escaped length will be 5 (for ).

The replacement strings are recorded in the table that follows. It only has place for 64 elements, as none of the bytes above byte-64 need to be escaped. You can see that because the xml_encode_count table only has entries containing 1 after the fourth 16-element row.

Then in a second iteration it loops over all the source characters again to construct the resulting output.

In this iteration, it checks if the destination length is 1, in which case it just copies the character over. If the destination length is not 1, then it adds the number of characters that correspond to the destination character's length.

The bug here was that the table for xml_encode_count, although it was defined as having 256 entries, only had 240 entries. I had missed to add the 16th line, so instead there were only 15 lines of 16 elements.

And in C, that means that these missing elements were all set to . This meant that if there was a character in the source string where the byte value was larger or equal to hexadecimal 0xF0 (decimal: 240), the algorithm thought the replacement length of these characters would be . This then resulted in these characters to just be ignored, and not copied over into the destination string.

For the 👍 character (hex: 0xF0 0x9F 0x91 0x8D) that meant that its first byte (0xF0) was not copied into the destination string. And that meant a broken UTF-8 character. Oops! 💩

In Xdebug 3.4.2 this is now fixed, as I have added the 16th line to the table, with 16 more elements containing 1.

What I did find curious that it took nearly five years for something to report this issue, and with that, two in the same week!

Whoa! Japanese companies are currently facing a serious threat due to a PHP vulnerability (CVE-2024-4577). It might sound like tech jargon, but trust me, it's a huge deal! 😬

Attackers are exploiting this flaw to run malicious code and install Cobalt Strike (yeah, that penetration testing tool – go figure 🙄). And that's when things get really nasty: password theft, lateral movement within the network... 🤬

The bottom line is this: vulnerabilities like these are like striking gold for cybercriminals. A quick update is absolutely essential! But what's even more critical? Regular, hands-on penetration tests! Automated tools often miss these types of vulnerabilities. ☝️

I'm curious to know: What steps do you take to secure your PHP applications? What penetration testing methods do you find most effective? 🤔

#Security #Pentesting #PHP

ConFoo 2025 Slides
Original Post

I have been speaking at the 2025 edition of ConFoo in Montreal, the city with three seasons in as many days.

I have given two talks.

• In What's New in PHP 8.4? I explain the major new features of PHP's most recent release, 8.4.
• And in Better Debugging with Xdebug I explained some of Xdebug's new features, and also showed how to use some of these features to use the debugging in complicated situation. I also mentioned the Native Path Mappings feature that I am working on, as well as the initial ideas and plans for time travelling.

Let me know if you have questions or comments.

heise+ | Grav: Flexibles Flat-File-CMS als WordPress-Alternative

Grav bietet Entwicklern viele Freiheiten – und verzichtet auf eine Datenbank. Außerdem ist das freie CMS schnell, unkompliziert und flexibel.

https://www.heise.de/ratgeber/Grav-Flexibles-Flat-File-CMS-als-WordPress-Alternative-10284454.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#CMS #PHP #Webdesign #Webentwicklung #Wordpress #news

Die gemeinnützige Schul-App aula sucht einen Tech-Lead / Full Stack Developer (#PHP, #React). Die Stelle ist mit bis zu 80.000 Euro FTE fair vergütet und es gibt eine Remote-Option. Bewerbung bis 31.01.: https://www.aula.de/ueber-uns/jobs/ #getfedihired #FediHire

Reintro!

I'm Dylan, a #fullstack #webdev from the Midwest, US. I like working with #js and #svelte so much that I wrote a book about #sveltekit! I've also worked extensively with #php and #WordPress but try to avoid the latter if I can.

I spend my days in the terminals of various #Linux machines and tweaking my #Vim config. I automate my #homelab with #ansible. I write about web dev on my #blog.

I enjoy #pcgaming and will occasionally #shitpost and boost #memes so brace yourself.

Ich habe letztens Twig für mich entdeckt, während ich an meinem Huebi Charity Spendendashboard entwickelt habe.

Deshalb habe ich darüber jetzt auch mal einen Blogpost geschrieben: https://steffo.blog/twig-ist-verdammt-cool/

Hoffe er gefällt euch!

#blog #php #sql #twig #programming

Any other #php nerds out there ... ?

(In our team... We do mostly e-commerce #dev )

https://phpstan.org/

I'm learning #phpstan ...

Any hints are more than welcomed!

If you are... How are you using it ?

Reading my colleague Maurits #blog post on ...

https://tqdev.com/2022-phpstan-find-bugs-without-writing-tests

What frameworks are your #blogs running on if it isn't Wordpress? #php

when i was a kid, you could build a simple game or application by dragging and dropping a few UI controls, and gluing them together with a few dozen lines of BASIC or Pascal or HyperTalk. it might take 15 minutes, at most, to get your little character walking around on the screen. this is how we ended up with a lot of hilariously good and cheap shareware you could share on BBSes in the 90s.

for the past year i've been quietly working on building a software thingie that doesn't exist anymore. i've been building a software toolkit that's kinda like Visual Basic and HyperCard and Borland Delphi, designed for making tile-based 2d games.

i've been using it to build my own little goofy games, and improving on the drag'n'drop IDE as i figuring things out. it's not done yet, and has a long ways to go before it's ready for other people to start making their own little applications and games. think PICO-8 or ZZT if they had grown up on a steady diet of Windows 3.1 and GeoWorks Ensemble instead.

i'm really, really bad about polishing turds to infinity and never releasing them. to break that habit, i've built a mini-website for the IDE/Shareware Creation Kit. it's called Exigy, named like a bad 80s metal hair band or richard garriott game.

https://exigy.org

i'll be posting weekly blog/devlog updates there, so i don't irritate anyone with them on this account. there is an rss feed button at the top right if you hate my demonic php and css.

#shareware #ultima #php #blog #smolweb #zzt #indiedev #hypercard #vintageApple #exigy

➡️ The PHP manual has learned a new trick, you can now run the code right in the browser!

🥳 Thanks to @soyuka for the implementation!

#php #documentation

Doncs feia temps que estava donant-li voltes a un blog personal, del tipus smallweb, amb PHP tirant d'arxius xml (si m'agrada com són de clars els fitxers xml) i d'una sentada juntament amb el meu fill (@pswsm@mastodont.cat) que em va tirar un cable es va completar a falta de donar-li una mica de carinyo a la part del disseny (que si es smallweb, però si més no que quedi maca) i la presentaré oficialment! #smallweb #blog #php #xml

An #introduction post is probably appropriate. So: Hello from #norway !

I'm here hoping to find interesting #DIY #electronics and other nerdy projects, in addition to sharing my own stuff.

I've been fiddling with #esp32 microcontroller/WiFi modules for a while, and will probably post my share of esp32 related projects.

My primary programming languages are #php #cpp #javascript

I do #pcb design with #Kicad, simple 2D design with #qcad and 3D work in #freecad.

I write about some of my projects on my personal blog, https://espenandersen.no

My GitHub repository is found at https://github.com/espena

(Image from my garage workbench)