Merge branch 'gh-pages' of github.com:codeguy/php-the-right-way into gh-pages

_layouts/default.html

@@ -39,6 +39,7 @@
                     <li><a href="/#{{ post.title | downcase | replace:' ','_' | replace:'(','' | replace:')','' | replace:'.','' | replace:'-','' }}">{{ post.title }}</a>
                     {% assign lastIsChild = post.isChild %}
                 {% endfor %}
+                <li><a href="/#site-footer">Credits</a></li>
             </ul>
         </nav>
         <div class="site-content">
@@ -55,7 +56,7 @@
                 <a href="https://twitter.com/share" class="twitter-share-button" data-url="http://www.phptherightway.com/" data-size="large" data-hashtags="php">Tweet</a>
             </header>
             {{ content }}
-            <footer class="site-footer">
+            <footer class="site-footer" id="site-footer">
                 <h2 class="epsilon">Created and maintained by</h2>
                 <ul>
                     <li><a href="http://twitter.com/codeguy">Josh Lockhart</a></li>
@@ -68,9 +69,7 @@
                 </ul>
 
                 <h2 class="epsilon">Project contributors</h2>
-                <p>
-                    This project would not be possible without the help of <a href="https://github.com/codeguy/php-the-right-way/graphs/contributors">our amazing contributors</a> on GitHub.
-                </p>
+                <div id="contributors">Loading&hellip;</div>
 
                 <h2 class="epsilon">Project sponsors</h2>
                 <ul class="mbd">
@@ -84,5 +83,7 @@
         </div>
 
         <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
+        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script>
+        <script src="/scripts/setup.js"></script>
     </body>
 </html>

_posts/01-04-01-Mac-Setup.md

@@ -4,15 +4,21 @@ isChild: true
 
 ## Mac Setup
 
-OSX comes prepackaged with PHP but it is normally a little behind the latest stable. Lion comes with PHP 5.3.6 and Mountain Lion has 5.3.10.
+OSX comes prepackaged with PHP but it is normally a little behind the latest stable. Lion comes with PHP 5.3.6 and
+Mountain Lion has 5.3.10.
 
-To update PHP on OSX you can get the PHP executable through a number of Mac [package managers][mac-package-managers] or [compile it yourself][mac-compile] (if compiling, be sure to have installed either Xcode or Apple's substitute ["Command Line Tools for Xcode" downloadable from Apple's Mac Developer Center][apple-developer]). 
+To update PHP on OSX you can get it installed through a number of Mac [package managers][mac-package-managers], with
+[php-osx by Liip][php-osx-downloads] being recommended.
 
-For a complete LAMP package with GUI try [MAMP][mamp-downloads], otherwise consider the [Entropy 5.4][entropy-downloads] package.
+The other option is to [compile it yourself][mac-compile], in that case be sure to have installed either Xcode or
+Apple's substitute ["Command Line Tools for Xcode"][apple-developer] downloadable from Apple's Mac Developer Center.
+
+For a complete "all-in-one" package including PHP, Apache web server and MySQL database, all this with a nice control
+GUI, try [MAMP][mamp-downloads].
 
 [mac-package-managers]: http://www.php.net/manual/en/install.macosx.packages.php
 [mac-compile]: http://www.php.net/manual/en/install.macosx.compile.php
 [xcode-gcc-substitution]: https://github.com/kennethreitz/osx-gcc-installer
 [apple-developer]: https://developer.apple.com/downloads
 [mamp-downloads]: http://www.mamp.info/en/downloads/index.html
-[entropy-downloads]: http://php-osx.liip.ch/
+[php-osx-downloads]: http://php-osx.liip.ch/

_posts/04-01-01-Dependency-Management.md

@@ -1,3 +1,10 @@
 # Dependency Management
 
 There are a ton of PHP libraries, frameworks, and components to choose from. Your project will likely use several of them — these are project dependencies. Until recently, PHP did not have a good way to manage these project dependencies. Even if you managed them manually, you still had to worry about autoloaders. No more.
+
+Currently there are two major package management systems for PHP - Composer and PEAR. Which one is right for you? The answer is both.
+
+ * Use **Composer** when managing dependencies for a single project.
+ * Use **PEAR** when managing dependencies for PHP as a whole on your system.
+
+In general, Composer packages will be available only in the projects that you explicitly specify whereas a PEAR package would be available to all of your PHP projects. While PEAR might sound like the easier approach at first glance, there are advantages to using a project-by-project approach to your dependencies.

_posts/07-04-01-Data-Filtering.md

@@ -5,39 +5,35 @@ isChild: true
 ## Data Filtering
 
 Never ever (ever) trust foreign input introduced to your PHP code. Always sanitize and validate
-foreign input before using it in code.
-
-PHP functions `filter_var` and `filter_input` can sanitize text and validate text formats (e.g.
+foreign input before using it in code. The `filter_var` and `filter_input` functions can sanitize text and validate text formats (e.g.
 email addresses).
 
-Foreign input can be anything, from `$_GET` and `$_POST` form input data, some values in `$_SERVER`,
-the HTTP body via `fopen('php://input', 'r')`, etc are all considered foriegn inputs. It is not 
-limited to form data submitted by the user, both uploaded and downloaded files, session values and
-cookies count too.
+Foreign input can be anything: `$_GET` and `$_POST` form input data, some values in the `$_SERVER`
+superglobal, and the HTTP request body via `fopen('php://input', 'r')`. Remember, foreign input is not
+limited to form data submitted by the user. Uploaded and downloaded files, session values, cookie data,
+and data from third-party web services are foreign input, too.
 
-While foreign data can be stored, combined and accessed later, it is still a foreign input. Every
-time you process, output, concatenate or include some data in your code you should ask yourself if
+While foreign data can be stored, combined, and accessed later, it is still foreign input. Every
+time you process, output, concatenate, or include data in your code, ask yourself if
 the data is filtered properly and can it be trusted.
 
-Filtering is tailored to the specific data usage. For example, when including foreign input is passed 
-to a HTML page output it can execute HTML and JavaScript on your site! This is known as Cross-Site 
-Scripting (XSS) and can be a very dangerous attack. One way to avoid this is to sanitize all HTML tags
-in the input, or encode them.
+Data may be _filtered_ differently based on its purpose. For example, when unfiltered foreign input is passed
+into HTML page output, it can execute HTML and JavaScript on your site! This is known as Cross-Site
+Scripting (XSS) and can be a very dangerous attack. One way to avoid XSS is to sanitize all HTML tags
+in the input by removing tags or escaping them into HTML entities.
 
-That is of course one instance of filtering against a specific type of attach. Another example would be 
-when passing options to be executed on the command line. This can be extremely dangers and is usually bad 
-idea, but you can use the built-in `escapeshellarg` function to sanitize the arguments. 
+Another example is passing options to be executed on the command line. This can be extremely dangerous
+(and is usually a bad idea), but you can use the built-in `escapeshellarg` function to sanitize the executed
+command's arguments.
 
-One last example would be accepting foreign input to determine a file to load. This could be expoited by 
-changing the filename to a file path, so you need to remove and / from the path, so it cant load potentially 
-hidden or sensitive files.
-
-For performance, you can store filtered data and have it ready for usage next time. Just remember
-that data filtered for one kind of the output may not be sufficiently filtered for the other.
+One last example is accepting foreign input to determine a file to load from the filesystem. This can be exploited by
+changing the filename to a file path. You need to remove "/", "../", [null bytes][6], or other characters from the file path so it can't
+load hidden, non-public, or sensitive files.
 
 * [Learn about data filtering][1]
 * [Learn about `filter_var`][4]
 * [Learn about `filter_input`][5]
+* [Learn about handling null bytes][6]
 
 ### Sanitization
 
@@ -66,4 +62,5 @@ email address, a phone number, or age when processing a registration submission.
 [3]: http://www.php.net/manual/en/filter.filters.validate.php
 [4]: http://php.net/manual/en/function.filter-var.php
 [5]: http://www.php.net/manual/en/function.filter-input.php
+[6]: http://php.net/manual/en/security.filesystem.nullbytes.php
 [html-purifier]: http://htmlpurifier.org/

_posts/08-02-01-Test-Driven-Development.md

@@ -17,7 +17,7 @@ expected, from the point you build them all the way through the development cycl
 values going in and out of various functions and methods, you can make sure the internal logic is
 working correctly. By using Dependency Injection and building "mock" classes and stubs you can verify that dependencies are correctly used for even better test coverage.
 
-When you create a class or function you should create a unit test for each behaviour it must have. At a very basic level you should
+When you create a class or function you should create a unit test for each behavior it must have. At a very basic level you should
 make sure it errors if you send it bad arguments and make sure it works if you send it valid arguments.
 This will help ensure that when you make changes to this class or function later on in the development
 cycle that the old functionality continues to work as expected. The only alternative to this would be

_posts/08-04-01-Complementary-Testing-Tools.md

@@ -4,7 +4,7 @@ isChild: true
 
 ## Complementary Testing Tools
 
-Besides individual testing and behaviour driven frameworks, there are also a number of generic frameworks and helper libraries useful for any preferred approach taken.
+Besides individual testing and behavior driven frameworks, there are also a number of generic frameworks and helper libraries useful for any preferred approach taken.
 
 ### Tool Links
 

_posts/10-03-01-Object-Caching.md

@@ -0,0 +1,44 @@
+---
+isChild: true
+---
+
+## Object Caching
+
+There are times when it can be beneficial to cache individual objects in your code, such as with data that is expensive
+to get or database calls where the result is unlikely to change. You can use object caching software to hold these
+pieces of data in memory for extremely fast access later on. If you save these items to a data store after you retrieve
+them, then pull them directly from the cache for following requests you can gain a significant improvement in
+performance as well as reduce the load on your database servers.
+
+Many of the popular bytecode caching solutions let you cache custom data as well, so there's even more reason to take
+advantage of them. APC, XCache, and WinCache all provide APIs to save data from your PHP code to their memory cache.
+
+The most commonly used memory object caching systems are APC and memcached. APC is an excellent choice for object
+caching, it includes a simple API for adding your own data to its memory cache and is very easy to setup and use. The
+one real limitation of APC is that it is tied to the server it's installed on. Memcached on the other hand is installed
+as a separate service and can be accessed across the network, meaning that you can store objects in a hyper-fast data
+store in a central location and many different systems can pull from it.
+
+In a networked configuration APC will usually outperform memcached in terms of access speed, but memcached will be able
+to scale up faster and further. If you do not expect to have multiple servers running your application, or do not need
+the extra features that memcached offers then APC is probably your best choice for object caching.
+
+Example logic using APC:
+
+{% highlight php %}
+<?php
+$data = apc_fetch('expensive_data');
+if (!$data)
+{
+	$data = get_expensive_data();
+	apc_store('expensive_data', $data);
+}
+{% endhighlight %}
+
+Learn more about popular object caching systems:
+
+* [APC Functions](http://php.net/manual/en/ref.apc.php)
+* [Memcached](http://memcached.org/)
+* [Redis](http://redis.io/)
+* [XCache APIs](http://xcache.lighttpd.net/wiki/XcacheApi)
+* [WinCache Functions](http://www.php.net/manual/en/ref.wincache.php)

_posts/12-01-01-Resources.md

@@ -13,6 +13,7 @@
 * [Chris Shiflett](http://twitter.com/shiflett)
 * [Sebastian Bergmann](http://twitter.com/s_bergmann)
 * [Matthew Weier O'Phinney](http://twitter.com/weierophinney)
+* [Nikita Popov](http://twitter.com/nikita_ppv)
 
 ## Mentoring
 

_posts/13-01-01-Community.md

@@ -0,0 +1,24 @@
+# Community
+
+The PHP community is as diverse as it is large, and it's members are ready and willing to support new PHP programmers. You should consider joining your local PHP user group (PUG) or attending larger PHP conferences to learn more about the best practices shown here. You can also hang out on IRC in the #phpc channel on irc.freenode.com and follow the [@phpc][phpc-twitter] twitter account. Get out there, meet new developers, learn new topics and, above all, make new friends.
+
+[Read the Official PHP Events Calendar][php-calendar]
+
+## PHP User Groups
+
+If you live in a larger city, odds are there's a PHP user group nearby. Although there's not yet an official list of PUGs, you can easily find your local PUG by searching on [Google][google] or [Meetup.com][meetup]. If you live in a smaller town, there may not be a local PUG; if that's the case, start one!
+
+[Read about User Groups on the PHP Wiki][php-wiki]
+
+## PHP Conferences
+
+The PHP community also hosts larger regional and national conferences in many countries around the world. Well-known members of the PHP community usually speak at these larger events, so it's a great opportunity to learn directly from industry leaders.
+
+[Find a PHP Conference][php-conf]
+
+[php-calendar]: http://www.php.net/cal.php
+[google]: https://www.google.com/search?q=php+user+group+near+me
+[meetup]: http://www.meetup.com/find/
+[php-wiki]: https://wiki.php.net/usergroups
+[php-conf]: http://php.net/conferences/index.php
+[phpc-twitter]: https://twitter.com/phpc

scripts/setup.js

@@ -0,0 +1,26 @@
+(function ($) {
+    // Load contributors
+    var $contributors = $('#contributors');
+    if ( $contributors.length ) {
+        var fail = function () {
+            $contributors.html('<p>This project would not be possible without the help of <a href="https://github.com/codeguy/php-the-right-way/graphs/contributors">our amazing contributors</a> on GitHub.</p>');
+        };
+        $.ajax({
+            cache: false,
+            dataType: 'jsonp',
+            timeout: 3000,
+            type: 'GET',
+            url: 'https://api.github.com/repos/codeguy/php-the-right-way/contributors'
+        }).done(function (data) {
+            if ( data.data && data.data.length ) {
+                var $ul = $('<ul></ul>'), dataLength = data.data.length;
+                for ( var i = 0; i < dataLength; i++ ) {
+                    $ul.append(['<li><a href="https://github.com/', data.data[i].login, '" target="_blank">', data.data[i].login, '</a></li>'].join(''));
+                }
+                $contributors.html($ul);
+            } else {
+                fail();
+            }
+        }).fail(fail);
+    }
+})(jQuery);