PhpStorm Got New Version

Popular PHP IDE received version 2018.3 with a lot of new features and updates
23 November 2018   600

JetBrains, specializing in the creation of IDE, announced the release of the final version of PhpStorm 2018.3. This cross-platform product is developed on the basis of the IntelliJ IDEA platform and is intended for development in the PHP scripting language.

The updated development environment works with PHP 7.3. Developers have improved support for DQL (Doctrine Query Language), a query language focused on the project's object model. DQL compiles requests for receiving or modifying data using user-created class names and fields. The IDE version for early access simply highlighted the lines of the code with the requests; in the final, full navigation and editing was implemented.

For PHPDoc, the concept of intersection (Intersection Types) was added, allowing variables to belong to several types at the same time. Improved some refactoring tools. HTTP requests can now be generated using run. The debugger was provided with the ability to search for variables.

When working with PHPUnit, you can automatically generate the setUp and tearDown methods used when running tests. This solution will speed up the work with the code.

JetBrains specialists have expanded the possibilities for working with the GitHub repositories. In PhpStorm 2018.3 a tool has been added for the management of pull request that allows you to view and sort them. Fixed IDE work with submodules: now when cloning a project, they are saved correctly.

The new development environment contains tools for automatically correcting the code and bringing it to industry standards, such as PSR-2. For this, the developers have included the PHP CS Fixer utility in PhpStorm 2018.3. Settings even allow you to define your own standards for the code.

Improved IDE interface itself. Implemented new search features, added new color schemes. Todo, an operator that generates a task list, like the example of similar tools in JavaScript, TypeScript, SQL, CSS, and HTML can now include several lines.

To work with databases, the developers reworked the code supporting these modules and included NoSQL DBMS Apache Cassandra and relational PostgreSQL into the system.

The previous version of IDE was released in July 2018. Then the developers added custom postfix fill patterns and reworked the structured search and replace.

Get more info at official blog.

WordPress 5.0.0 Serious Vulnerability Found

Vulnerability allows to execute arbitrary code on the server, having the privileges of the Author 
20 February 2019   332

Simon Scannell has published information about the vulnerability in the WordPress, which allows to execute arbitrary code on the server, having the privileges of the Author of publications on the site. In WordPress 4.9.9 and 5.0.1 updates, partial protection was added to block the attack in the core WordPress code, but the problem remains completely unresolved and in the current release of WordPress 5.0.3 it can be exploited through additional errors in the plugins (it is noted that manifested in some popular plugins with millions of active installations).

The vulnerability was caused by two problems - the ability to override metadata in the database and errors in the processing of file paths. The first problem allows to override in the database the value of the post with the image parameters in the wp_postmeta table.

To solve the problem of transmitting PHP code under the guise of an image, the Imagick PHP extension feature is used, which, after editing, leaves the contents of EXIF ​​metadata unchanged, i.e. in the resulting image remain the same EXIF ​​parameters as in the original. Placing the PHP code instead of the EXIF ​​block, you can achieve its execution when you try to connect a specific theme template. When used to convert images to the PHP GD extension, the attack becomes more complicated, since GD clears EXIF ​​and a special selection of pixel values ​​is needed to execute the code, which, after being processed in GD, forms a PHP code.