CakePHP security issue

Recently I have stumbled upon thechaw.com--written by CakePHP core dev and developed in CakePHP. I just wanted to check if they have fixed the old security issue in CakePHP and found that the issue is still open.

Proof of concept

CakePHP memory error

In another time, found a famous memory error even in bakery.cakephp.org

Bottom line

CakePHP is open source and so you can fix these issues by yourself

Comments

BehaviorS.js - An alternative to Behaviour.js, event:Selectors and Low Pro libs for unobtrusive JavaScript programming

BehaviorS.js yet another unobtrusive JavaScript library similar to Behaviour.js and event:Selectors but in implementation uses hash based lookup without extending elements; so presumably it should be faster than the rest. The original script and idea was by JLof ; I extended it for DOMContentLoaded support, optimized a bit to avoid scanning of more depths, and added new rules support. I wanted to document the plug a long time and just got time to do it. For the time being BehaviorS.js is available here Update (2006-09-11) : Coralized the link to BehaviorS.js so as to save the load on free brinkster.com webpage Update (2006-09-27) : If the coralized link to BehaviorS.js doesn't work, use http://www21.brinkster.com/guideme/BehaviorS/

"PHP 5 Power Programming" Free in PDF

The book PHP 5 Power Programming is now available free of cost in downloadable PDF format at Bruce Perens' Open Source Series promotion site. Along with this book, a lot of other books are also available there for free! Details ISBN: 0-13-147149-X 2005. Pages: 720 Authors: Andi Gutmans , Stig Sæther Bakken , and Derick Rethans Download location: Perens Series Page (PDF) License: Open Publication License File size: 9.6MB Original price: $39.99 Edition: 2005

Problems with CakePHP - follow-up

Some people have responded including the Datepicker fame Marc Grabanski . So, this follow-up... First of all, I was not ranting nor complaining; I've just blogged/documented my experience. The common problem most of the people pointed out are that it scales for addons.mozilla.com. Those who have accessed their source code can understand that they've done lot of things and also the site is not database-intensive. You should really create a real database-intensive website to understand what I mean. The other point that been pointed out is about open source and community. Lot of people may not be knowing that it's 2 people pushing it and don't want others to be credited . The generic model or dynamic model idea was originally been from grigri and Marcel . It's hard to be called as open source as only few and sycophants are driving it's direction (I'm not talking about svn access) So, here are my humble checklist before you start shouting at me Did you read a...