A cross-site scripting (XSS) vulnerability was found in the PHP League's CommonMark library (league/commonmark) versions 0.15.6 through 0.18.x before 0.18.1. It allows remote attackers to insert unsafe URLs into <a> tags (even if allow_unsafe_links is false) by adding an encoded newline character in the middle (e.g., writing javascript as javascri%0Apt).
Recent Activity
PHP 7.3 has been released, bringing some great new features to the language such as trailing commas in function calls, throwing errors when JSON parsing fails, array_key_first() / array_key_last() functions, and much more!
I'm pleased to share that my PHP 7 Upgrade Guide ebook has been featured in the Ultimate Programmer Super Stack bundle! This is a hand-curated collection of 25+ premium ecourses, bestselling ebooks, and bonus resources that will help new programmers:
This month I released updates for a few of my open-source projects including league/commonmark, league/html-to-markdown, and colinodell/json5.
Prevent Composer from updating your Symfony components to unsupported versions with the colinodell/symfony-lts-or-current metapackage.
Have you ever botched a deployment and taken a site offline? I have—more times then I’d like to admit. What if we could completely automate the deployment process, make it lightning fast, remove most of the risk, and do it all without custom bash scripts? Better yet, what if we could use the same deployment process locally or trigger it via CI?
Releasing open-source libraries involves much more than sharing your GitHub URL with the world. There are many considerations and steps involved, especially if you want your project to be successful and long-lived.
After using phpbrew to manage my local PHP versions for a while, I got tired of re-compiling PHP after every release and decided to install multiple PHP versions side-by-side with Ondřej Surý's PPA. One of the features I missed from phpbrew was the ability to run a command like phpbrew use php-7.2.8 to automatically change the php command to that version, so I ended up implementing this feature myself using symlinks and shell aliases.
Software bugs are inevitable; some are especially difficult to track down, causing you to waste countless hours before throwing your hands up in defeat. It doesn't have to be this way! The mental fatigue and wasted time can be avoided by using strategies like identifying the most-appropriate tool, taking a logical & objective approach, challenging assumptions, listening to variables, isolating the code path, and reinforcing code with automated tests.
As you may know, Git is not a single application, but rather a toolkit containing many small programs and scripts that can manipulate the repository. This makes it trivial to chain those components into more-powerful, custom commands which can be defined as git aliases.
Here are some of the more-useful aliases I use on a daily basis: