The latest SecurityFocus Summary has been posted on the PHP Security Consortium site today, Issue #361.

Included in this issue are vulnerabilities for:

• SecurityImages Component Multiple Remote File Include Vulnerabilities
• Ajax Chat Multiple Remote Vulnerabilities
• ATutor Multiple SQL Injection Vulnerabilities
• Coppermine Photo Gallery Theme.PHP Remote File Include Vulnerability
• PHPAuction PHPAds_Path Variable Remote File Include Vulnerability
• myEvent Myevent.PHP Remote File Include Vulnerability

This is just a sampling of the issues reported, so head over to the full listing for the complete information.

For those in the Jacksonville, Florida area, Codewalkers has a something that might interest you - the forming of a new PHP user group for the area.

For those of you in Jacksonville, Florida (like me) there is a new PHP user group. You can find it at www.JaxPHP.org. Currently the domain just redirects to the Meetup.com page. I plan to try and go to these meetings and help in anyway I can. If you are in the Jacksonville area, sign up!

Their next meeting is happening in 31 days (the last one just happened on the 3rd, the upcoming one, on September 7th), but you can RSVP now to attend the next meeting. The group already has several members, so if you're interested, sign up today!

Gerd Schauffelberger writes on the PHP-Tools Blog today about the contents of the latest issue from the German PHP Magazine, specifically an article covering the PEAR package HTML_AJAX.

This article's target is (1st) to give a brief introduction to AJAX and how things work from Javascript an PHP side in contrary. Also (2nd) I wanted to show that you actually don't have to muck around with a mess of Javascript (browser compatibility issues and such) because it's it is all done by the Joshua Eichorn's HTML_AJAX framework.

The article doesn't build up an entire application (as Gerd mentions) but it does provide you a good base to work from and gives you a good direction to head from to learn more about this powerful package.

On the PHP Security Blog today, this note has been posted, a notification that a critical vulnerability has finally been fixed - the unset() issue.

Because there are meanwhile a lot of rumours about this vulnerability in the underground and because the PHP 4.4.3 release announcement does not mention this critical hole at all I wrote up a little article about it, which you can read here.

The article (from Hardened PHP) describes the issue - a problem in the hash tables of the Zend Engine, specifically the zend_hash_del_key_or_index function. The logic contained inside the function can find the wrong "bucket" of information and remove it. He also includes PHP code examples that show the issue in action.

To be protected, it's recommended to update to the latest versions of PHP that have been released - 4.4.3 and 5.1.4.

• Web Application Engineer (PHP, MySQL, AJAX and all that)
• mediagonal from Fribourg is looking for an Client-Side Web Developer and an Administrator / Allrounder
• and last but not least, local.ch is also looking for talent

For those times when it is inconvenient to access the online version of the eZ components documentation, we are now providing a downloadable version. The downloadable documentation applies to the latest released version of each component.

I just released PHP 4.4.3 which brings a number of security fixes (and other fixes) that were backported from the PHP 5.1 branch. None of the security issues are very critical, but it is a good idea to upgrade anyway as you never know what clever ways people come up with to try to hack your servers :)

For more information, see the release announcement and The ChangeLog.

This is not the last PHP 4.4 relase and the PHP team will continue to support it for some years to come.

Now that this year's OSCON has been drawn to a close, numerous bloggers are posting their perspectives on the event, and the latest of these is this new post from Chris Shiflett.

Several of my colleagues at OmniTI and I just returned from our trip to Portland for this year's OSCON. It's difficult to summarize such a conference in a single blog post, so I'll probably be blogging quite a bit over the next couple of weeks in an attempt to catch up as well as expand on a few things.

In his lengthy post today, Chris covers his experiences at the conference as well as some of the highlights:

• Monday's PHP-related talks: Scalable Internet Architectures, Power PHP Testing, High Performance PHP, and Essential PHP Security
• Wednesday's talks: Dirty Secrets of PHP 5's Ext/SOAP Extension, the PHP Lightning talks, and PHP 6 and Unicode
• Thursday's talks included: Rasmus' Get Rich with PHP 5 talk, I'm 200, You're 200: Codependency in the Age of the Mash-Up, and the PHP Security Testing talk from Chris
• Other talks included Writing Maintainable Code with PHP and Understanding ZFramework
• and, of course, "The Underpants Gnomes Strategy Guide: An eCards Case Study" from Terry Chay

This only touches on the things Chris mentions, so check out his post for the full story.

Hot on the heels of their previous patterns-related series, DevShed has posted this new tutorial with a look at the Visitor pattern, specifically as applied to objects.

You'll agree with me that one of the most interesting aspects of design patterns is precisely their practical side. Therefore, considering this undeniable fact, in conjunction with your permanent wish for extending your background in object-oriented programming with PHP, over the course of this series I'll be showing you some useful examples of how to build visitor objects, and more specifically how to include them in real-world applications.

They start with an example, complete with code, of a simple addElement call to store data in an array. The next logical step for storage is to an external resource, so they modify things slightly to write the data out to a file. Finally, they define the other side of things - the actual object that does the "visiting" to the previously defined classes.

ScratchProjects has posted a two-part series on cominging two powerful web technologies - PHP and Ajax - to create a simple, yet effective application, an RSS feed reader.

In part one of the series, they focus on the fundamentals - the "hows" of combining PHP and Ajax, introducting the code and its parts, then getting into the examples, showing how to make a simple call to the rss.php backend script to grab the RSS data and push it into a DIV on the page.

Part two jumps in with both feet, setting up the database you'll store the feed locations in before getting to the heart of the application. They create the form to add the feed to the database, make the functions to grab a list of the feeds from the database, and, finally, display the parsed results of those feeds on the page.

It's nothing fancy, but it does show the development of a simple application in two parts complete with the source code ready to be downloaded and adapted.