A cross-site scripting (XSS) vulnerability was found in the PHP League's CommonMark library (league/commonmark) versions 0.15.6 through 0.18.x before 0.18.1. It allows remote attackers to insert unsafe URLs into <a> tags (even if allow_unsafe_links is false) by adding an encoded newline character in the middle (e.g., writing javascript as javascri%0Apt).

PHP 7.3 has been released, bringing some great new features to the language such as trailing commas in function calls, throwing errors when JSON parsing fails, array_key_first() / array_key_last() functions, and much more!

I'm pleased to share that my PHP 7 Upgrade Guide ebook has been featured in the Ultimate Programmer Super Stack bundle! This is a hand-curated collection of 25+ premium ecourses, bestselling ebooks, and bonus resources that will help new programmers:

This month I released updates for a few of my open-source projects including league/commonmark, league/html-to-markdown, and colinodell/json5.

Prevent Composer from updating your Symfony components to unsupported versions with the colinodell/symfony-lts-or-current metapackage.

After using phpbrew to manage my local PHP versions for a while, I got tired of re-compiling PHP after every release and decided to install multiple PHP versions side-by-side with Ondřej Surý's PPA. One of the features I missed from phpbrew was the ability to run a command like phpbrew use php-7.2.8 to automatically change the php command to that version, so I ended up implementing this feature myself using symlinks and shell aliases.

As you may know, Git is not a single application, but rather a toolkit containing many small programs and scripts that can manipulate the repository. This makes it trivial to chain those components into more-powerful, custom commands which can be defined as git aliases.

Here are some of the more-useful aliases I use on a daily basis:

I recently upgraded my system from Ubuntu 16.04 with Unity to Ubuntu 17.10 with Gnome Shell 3. One of the "features" I found annoying was that my IDE PhpStorm was not popping to the front and receiving focus whenever breakpoints were hit. I eventually figured out a solution and wanted to document it in case others were also searching for a solution.

I first confirmed that "Focus application on breakpoint" was indeed enabled in my settings:

Back in November I released colinodell/json5 - a JSON5 parser for PHP. It's essentially a drop-in replacement for PHP's json_decode() function, but it allows things like comments, trailing commas, and more.

Fast forward to this weekend when I received the following bug report from a user named Antonio:

league/commonmark is wrapping up 2017 with the release of version 0.17!

Changes include:

• Minimum PHP version bumped to 5.6
• New "max_nesting_level" setting
• A few performance optimizations
• Clean up deprecations and not-so-great code

For more info, check out: