benwillies.com

Bug Fixes

PHP Session Collisions
 Wednesday, December 14, 2022

When hosting multiple web applications on the same server you will need to specify a different SESSION_PATH location in the configuration file for each application if either the SESSION_IDLE or SESSION_TIME are not zero in any configuration file. This is necessary because PHP periodically deletes all of the old session files within a given SESSION_PATH according to the minimum SESSION_TIME or the default of 24 minutes, so if you have one application that does not expire sessions for two hours then another application will very likely wipe-out the session data anyway unless the session data is stored in a different directory. For instance, the default location for session files is the /tmp directory but a much better configuration would be /tmp/sessions/application1, /tmp/sessions/application2, etc so just specify /tmp/sessions/application1 for the SESSION_PATH in application1's configuration file and /tmp/sessions/application2 for the SESSION_PATH in application2's configuration file and the framework will take care of building all of the directories with the proper permissions. And having a different SESSION_PATH for each application is a good idea even if you use the system defaults for SESSION_IDLE and SESSION_TIME.
Broken Buttons on iPad
 Friday, September 18, 2020

The recent upgrade to Safari on iPad has incorporated a few more changes for HTML5 compliance, which is a good thing, but something has caused the buttons on the various forms in the framework to stop working, meaning if you click a button, nothing happens (although you can still submit the form by hitting the Go key). This bug is most likely because of the anchor wraparound technique used for generating buttons in the framework which allowed older HTML5 non-compliant browsers to support custom buttons. It may be time to finally jettison the old browsers in favor of full HTML5 support.
Streaming Video Bug Fix
 Sunday, November 18, 2018

Normally, media content is pulled from the database and cached. The browser then downloads that content by the name of the cached file. However, the framework also supports streaming the content directly from the database without using a cache, which uses less memory but relies on the browser to cache the content. The streaming service helps the browser know when to download the file again, but there is more network traffic overall when streaming. Recently, the Safari and Chrome browsers on Mac OS X only made a change whereby video content is no longer downloaded all at once, but instead is only handled in "chunks" via a series of progressive callbacks. The complicated handshake for each of these chunk calls, coupled with the need to enforce security on each call through session management, has forced the streaming service to only provide video content to the Safari and Chrome browsers using a cached file. Video content is still streamed to all the other browsers on Mac OS X and all content continues to be streamed on Windows and Linux platforms without using a cache. Please note that although you can turn "CACHE_CONTENTS" off in the configuration script for your site, which is not recommended, some things will still be cached anyway.
PHP 7.1 Bug Fixes
 Saturday, May 12, 2018

PHP 7.1 continues down the road towards strict data typing which introduced a couple of very serious bugs, particularly concerning the initializing of arrays. It seems PHP is no longer performing an implicit type cast if a variable had been initialized to a string, like $x='', and subsequently converted to an array with $x[]='sdf'. Unfortunately, only a warning is posted to the log, but the value is truncated so $x[0] only contains "s". This caused a lot of problems and will surely doom many legacy PHP applications, where management might just decide to rewrite them in Java rather than perform the 7.1 upgrade. One of the big reasons why PHP is better, quicker and simpler than other languages is because of its support for loosely typed variables (in addition to being primarily a functional language at its core). It's a shame to see PHP losing sight of its original vision and taking it one step closer to redundancy. However, the application is now noticeably faster running PHP 7.1 with MariaDB 10.2 on the backend.
PostgreSQL 10.3 Working Again
 Sunday, April 29, 2018

The application is once again fully supporting PostgreSQL up to version 10.4 which introduced lots of performance improvements and features. As MySQL and MariaDB continue to move further into the corporate world with the introduction of complex features that really only make sense for large businesses, it's no wonder that interest in PostgreSQL is surging. Fortunately, PostgreSQL now includes some of the more interesting MySQL extensions, like GROUP_CONCAT and UPSERT, but also implements very strict data typing that is not required with MySQL, particularly concerning dates and integers.
Password Reset Links
 Tuesday, October 25, 2016

A potential security issue has been closed concerning the inadvertent exposure of password reset links to a third-party. You can read about it in an article by Derek Prior at thoughtbot. Since no external content is ever loaded within the framework, this could only be a problem if your framework-based application loaded images into a customized version of the password reset page, or if there were any links on that page pointing to a remote host. Please check-out how the password reset script provides a workaround to the issue using cookies.
1 2 3 4 Next
 Results 1-6 of 22
Advertisement