PhpStorm Got New Version

Popular PHP IDE received version 2018.3 with a lot of new features and updates
23 November 2018   1280

JetBrains, specializing in the creation of IDE, announced the release of the final version of PhpStorm 2018.3. This cross-platform product is developed on the basis of the IntelliJ IDEA platform and is intended for development in the PHP scripting language.

The updated development environment works with PHP 7.3. Developers have improved support for DQL (Doctrine Query Language), a query language focused on the project's object model. DQL compiles requests for receiving or modifying data using user-created class names and fields. The IDE version for early access simply highlighted the lines of the code with the requests; in the final, full navigation and editing was implemented.

For PHPDoc, the concept of intersection (Intersection Types) was added, allowing variables to belong to several types at the same time. Improved some refactoring tools. HTTP requests can now be generated using run. The debugger was provided with the ability to search for variables.

When working with PHPUnit, you can automatically generate the setUp and tearDown methods used when running tests. This solution will speed up the work with the code.

JetBrains specialists have expanded the possibilities for working with the GitHub repositories. In PhpStorm 2018.3 a tool has been added for the management of pull request that allows you to view and sort them. Fixed IDE work with submodules: now when cloning a project, they are saved correctly.

The new development environment contains tools for automatically correcting the code and bringing it to industry standards, such as PSR-2. For this, the developers have included the PHP CS Fixer utility in PhpStorm 2018.3. Settings even allow you to define your own standards for the code.

Improved IDE interface itself. Implemented new search features, added new color schemes. Todo, an operator that generates a task list, like the example of similar tools in JavaScript, TypeScript, SQL, CSS, and HTML can now include several lines.

To work with databases, the developers reworked the code supporting these modules and included NoSQL DBMS Apache Cassandra and relational PostgreSQL into the system.

The previous version of IDE was released in July 2018. Then the developers added custom postfix fill patterns and reworked the structured search and replace.

Get more info at official blog.

WordPress Has Many Vulnerabilities, - RiskSense

According to the latest study on vulnerabilities in web frameworks and platforms, WordPress & Apache Struts have 57% of all vulnerabilities
19 March 2020   173

RiskSense published the results of an analysis of 1622 vulnerabilities in frameworks and platforms for the web, identified from 2010 to November 2019. Some conclusions:

  • WordPress and Apache Struts account for 57% of all vulnerabilities for which exploits are prepared for attacks. Next up are Drupal, Ruby on Rails and Laravel. The list of platforms with exploitable vulnerabilities also lists Node.js and Django, but they found one vulnerability with an exploit of 56 and 66 existing vulnerabilities. Of the most common vulnerabilities in WordPress, cross-site scripting is called, and in Apache Struts, problems with checking input data.
  • Projects in PHP and Java are leading in the number of vulnerabilities with existing exploits.
  • In 2019, the total number of vulnerabilities decreased, but the share of exploit vulnerabilities increased from 3.9% to 8.6%, mainly due to the increase in the number of exploits for Ruby on Rails, WordPress, and Java.
  • Cross-site scripting (XSS) is the most common vulnerability in a sample over 10 years. Vulnerabilities caused by incorrect verification of input data (24% of all vulnerabilities with exploits) are leading in the sample over 5 years, and XSS fell to 5th place.
  • Vulnerabilities that allow the substitution of SQL, code, and commands are relatively rare, but they are leading in terms of exploit availability - exploits were prepared for more than 50% of such vulnerabilities (60% for command substitution and 39% for code substitution).

Get more at the official press release.