Nerdblog.pl

Tak na szybko

Dodano: 10.05.2013

Gdyby kogoś to interesowało - z Kohana PHP przeniosłem się (wreszcie) na Ruby on Rails i od pół roku jestem zatrudniony w krakowskiej firmie PuzzleFlow.

To tak na wypadek gdyby ktoś planował mi podesłać ofertę pracy w PHP ;)

0-day na PHP, Javę i ASP.NET

Dodano: 29.12.2011

Widzę, że nikt na głównej Joggera jeszcze o tym nie napisał, więc króciutka notka:

Wyszedł 0-day na PHP wykorzystujący bug w algorytmie tablicy haszującej. Dzięki generowaniu kolizji można wywrócić serwer lub przynajmniej zdrowo go przyciążyć. Problem oprócz PHP dotyczy także mniej lub bardziej innych popularnych języków (We show that PHP 5, Java, ASP.NET as well as v8 are fully vulnerable to this issue and PHP 4, Python and Ruby are partially vulnerable, depending on version or whether the server running the code is a 32 bit or 64 bit machine).

Pozostaje czekać na oficjalne łatki.

Więcej informacji (oraz wyjaśnienie problemu): Hash Table Collisions ≈ Packet Storm

Kohana 3.2 CRUD

Dodano: 06.09.2011

Hey, just to keep you updated - I've created a ready-to-go Kohana 3.2 CRUD using Formo. The only thing you have to do is set up your ORM models correctly and it's working out of the box :D

Feel free to fill any issues or send useful pull requests.

Deploying Kohana 3.2 application in production

Dodano: 05.09.2011

maslen on #kohana (freenode) asked about guide on preparing Kohana application to be deployed on production server. As there's no official guide, I've decided to write few pointers of my own.

Here's a list:

  1. Set your Kohana::$environment to Kohana::PRODUCTION. It's not really used in core (yet), but it's very useful to add your own debugging stuff in more complex applications that can't be seen in production. The best way to do so is modify your bootstrap.php adding something like this:
    if (isset($_SERVER['KOHANA_ENV']))
    {
            Kohana::$environment = constant('Kohana::'.strtoupper($_SERVER['KOHANA_ENV']));
    }
    else
    {
            Kohana::$environment = ($_SERVER['REMOTE_ADDR'] == '127.0.0.1' ? Kohana::DEVELOPMENT : Kohana::PRODUCTION);
    }
  2. Create your own 500 errors in place of Kohana's. The simplest way of doing so is creating your custom application/views/kohana/error.php with some nice, user friendly error in place. The better way would be creating customised Kohana_Exception (extending Kohana_Kohana_Exception - yes, I know it sounds silly) and setting your own public static $error_view. If you don't have any other solution in place, you can also create customised Log_Writer that sends you info about critical errors to e-mail (if you're lazy just hack something in Kohana_Kohana_Exception, but it's not me who's going to coder hell)
  3. Remember about disabling profiling and enabling caching on production machine. Once again it can be done using Kohana::$environment like this:
            Kohana::init(array(
                    'base_url'   => '/',
                    'index_file' => '',
                    'profile'    => (Kohana::$environment !== Kohana::PRODUCTION),
                    'caching'    => (Kohana::$environment === Kohana::PRODUCTION)
            ));
     
    There's also a profiling switch in Database configuration, don't forget about it. It may be a good idea to turn on caching for database too, depending on the project you're working on.
  4. Create your own, custom 403 and 404 error pages. It's very important and most often forgotten.
  5. It's a good practice to keep your framework + application and index with assets code in different directories with the former in some directory not accesible from web browser. I for example most often use directory structuring where application/modules/system are in core directory and index.php with uploads and assets in public_html. Unfortunately most of the cheap webhosting's shared accounts don't allow such configuration.
  6. (Edit: 7.09) I forgot about the most important part: always enable some kind of opcode cacher (XCache, APC). It'll give you a significant speed boost, sometimes up to 200-300% with properly written code. Results may vary though.

Of course it's not everything you can do to prepare your application for deployment. Don't forget about caching, use Fragment where possible and most importantly - don't be a cheapskate and don't try saving money on half-assed server.

Kohana 3 Pagination helper (using Jelly)

Dodano: 01.09.2011

While working on another database-to-html project I realized that 99% of pagination I'm doing is the same fragment of code so I isolated it into a very simple helper:

<?php
class Helper_Pagination
{
	public $pagination, $collection;
 
	public static function factory($jelly, $limit = 10)
	{
		return new Helper_Pagination($jelly, $limit);
	}
 
	public function __construct($jelly, $limit = 10)
	{
		if(is_string($jelly))
		{
			$jelly = Jelly::query($jelly);
		}
 
                $this->pagination = Pagination::factory(array(
                    'current_page'      => array('source' => 'query_string', 'key' => 'page'),
                    'total_items'       => $jelly->count(),
                    'items_per_page'    => $limit,
                ));
 
		$this->collection = $jelly->offset($this->pagination->offset)->limit($limit)->select();
	}
}

Can be quickly converted into standard Kohana's ORM:

<?php
class Helper_Pagination
{
	public $pagination, $collection;
 
	public static function factory($orm, $limit = 10)
	{
		return new Helper_Pagination($orm, $limit);
	}
 
	public function __construct($orm, $limit = 10)
	{
		if(is_string($orm))
		{
			$orm = ORM::Factory($orm);
		}
 
                $this->pagination = Pagination::factory(array(
                    'current_page'      => array('source' => 'query_string', 'key' => 'page'),
                    'total_items'       => $orm->reset(FALSE)->count_all(),
                    'items_per_page'    => $limit,
                ));
 
		$this->collection = $orm->offset($this->pagination->offset)->limit($limit)->find_all();
	}
}