Earlier this week, Zend released their preview release of the plugin for the Eclipse editor, and several developers in the community are expressing their opinions on the matter. One such developer is Lukas Smith, who has posted two entries on his blog.

I was very happy to hear when Zend announced that they would join the Eclipse Foundation to facilitate the development of a core infrastructure for an open source PHP IDE. I have used Zend Studio to get around some of the limitations of my primary development environment Weaverslave. So I have high hopes for this open source effort. I just finished downloading and installing the preview though its too early to really comment on the experience.

The rest of the post is concerned with his views on the Eclipse project and how, with the help of Zend, they're making a solid open source PHP IDE. The second post deals more with his experiences with the editor, touching on specific likes/dislikes including syntax highlighting, general settings, and other performance-related issues.

Like I said yesterday I downloaded the IDE and played with it a bit. Note that its quite a hefty download if you go with the "all-in-one" package (so pick your mirror wisely!). But I kinda like software that you just unzip and go.

So again I see potential, so I just hope that the people involved make sure they do not forget about the open source development process along the way.

The main issue with xeditor so far was that it didn't do any sanity checking on the input it received. This now got solved by the integration of SafeHTML from http://pixel-apes.com/safehtml/ (up for you to decide if that's good enough for your needs). Further, Xavier is working on a way to use this on sites that already have some content using original ezxml and convert it on the fly. That could be a while off, still. We've also added some rough docs about the architecture of this beast. Being very much alpha stage software, it currently only lives in pubsvn, get it from there and try it on a development site, not a live one!

Yesterday I attended the Fifth International Conference on Aspect-Oriented Software Development.



In the evening I presented a poster on AspectPHP for which I received useful feedback as well as encouragement.

The ThinkPHP blog has posted this pointer to some new information on an anticipated piece of software in the PHP community - the Zend/Eclipse collaboration on a PHP IDE. The post provides a link to this new information over on the Zend site, a short introduction to installing the extension.

The preview page links you to the files you'll need to install the preview release as well as some simple instructions to get it working. There are three different ways to install it - downloading an Eclipse WST file, grabbing the module by adding a new update site, and downloading a Zip file with everything you'll need.

Remember, this is a preview release, so the functionality isn't 100% complete. There have already been some bugs/issues posted on the ThinkPHP Blog entry reflecting this.

If you're an eZ components fan and have been wondering where you can find some community for these powerful "building blocks" - listen up!

In this new post from Derick Rethans, he shares three different ways to get into the community:

• a mailing list
• the forums on the eZ systems' site
• an IRC channel over on the Freenode network - #ezcomponents.

All three are open to whatever questions, issues, or feedback you're willing to give.

There are a couple of channels to mention suggestions and provide feedback for the eZ components. There is a forum and a mailinglist. Something that might not be known though is that some of the developers hang out on the IRC channel #ezcomponents on the freenode network. Feel free to drop by with questions and feedback!

Chris Shiflett has posted about the release of the latest issue from php|architect - March 2006 - and some of the security-related content inside.

Another edition of php|architect has been published. I was especially excited to read this one, because it's Ilia's first month writing Security Corner. It's nice to see a topic explained from a different point of view, and there is still too little interest in security within the PHP community. (In other words, this is a rare opportunity.)

He discusses cross-site request forgeries, an attack first mentioned in php|architect back in 2003. Sadly, it remains one of the most dangerous, yet relatively unknown attacks. It deserves more attention.

Chris goes into more detail about the issue, noting some of the differences of opinion that he and Ilia seem to have about the finer points. There's also a pertinent secret shared about Chris' comment forms - check the post to see what it is.

Justin Silverton continues his "PHP Security Mistakes" series with this new post, looking at issues surrounding system calls, file uploads, and including files into your scripts.

In one of my previous articles, I mentioned the top 5 security mistakes made in PHP. This article is a follow-up, with some more common security mistakes.

For the three topics he describes the functionality PHP offers for them as well as a suggestion or two as to how you can prevent these issues from showing up in your scripts.

On GoodPHPTutorials.com, there's this helpful tutorial that anyone working with any sort of website that has a database backend should look into - a brief look at SQL injections with PHP and MySQL.

SQL injections are a major security risk in many PHP applications. Injections are caused when a web developer allows the end-user to manipulate a variable that is being inserted into a database query string, generally through the $_GET, $_POST or $_SESSION superglobals. When a value isn't verified, major problems can occur. Since MySQL is the most commonly used database platform for PHP applications, it seemed appropriate to write an article specifically related to that.

They cover different topics that you'll need to protect yourself against a basic level of SQL injections - the key is the validation of your data. They have code examples to help you along and explain each step, including outputting the data to the page (where things like cross-site scripting issues can occur).

Kore Nordmann has released the latest edition of his PEAR Image_3D package - version 0.4-alpha - including some great new features.

The new release of Image_3D (0.4-alpha) is out. It was quite some time ago, Richard Davey wrote his great introduction into Image_3D. He asked for some different types of lights, I didn't thought of, when I released Image_3D first. This needed a minor change in the API you use to create lights, but offers some great improvements. See changelog for details.

Some of the other additions mentioned include, as mentioned, the ability to create different types of lights (light, ambient, point, and spotlight) and the inclusion of an object that allows for the creation of bezier areas from an array of points.