Technology, Software, Linux and System Administration
Ed Finkler, for the past couple of weeks, has been collecting data from the NIST NVD to get stats on PHP application vulnerabilities. In his blog,
he released the top 20 PHP security issues statistics.
The data covers only reported vulnerabilities, between April 1 2006 and April 1 2007.
Thanks for the nice work!
This morning we launched the Google AJAX Feed API, an API that takes the pain out of developing mashups in JavaScript. Now you can mash up feeds using only a few lines of JavaScript rather than dealing with complex server-side proxies.
I was confident that using one of php5′s magic methods, __toString() would just work, but the fact is that the following code works in php version 5.2.1 but not in 5.1.6:
You can try this for yourself:
<?php
class ToStringTest {
protected $content;
public function __construct($content) {
$this->content = $content;
}
public function add($content) {
$this->content .= $content;
}
public function __toString() {
return $this->content;
}
}
$A = new ToStringTest('Hello, ');
$A->add('World!');
echo $A . "\n";
$
$B = new ToStringTest('Say ');
$B->add( $A );
echo $B . "\n";
?>
In php 5.2.1, output is:
Hello, World! Say Hello, World!
and in php 5.1.6
Hello, World! Say Object id #1
And then it hit me:
It is worth noting that before PHP 5.2.0 the __toString method was only called when it was directly combined with echo() or print().
Small piece of advise: always be sure to know what is a certain function’s behavior in the possible php versions your code will be running, or risk bad surprises.
Meanwhile… use something like
$SomeObject->_toString();