News

CakePHP 1.1 API

Awesome news for you Cake 1.1ers. You haven't been forgotten about . Just like all us Cake 1.2ers you have a brand new API...fine...I know it's the same 1.1 API from before, that disappeared for awhile, but is back now. I was just trying to make the devs stuck working on 1.1 apps feel better. Now they're all listening to "Light A Match" by The Beautiful Mistake on repeat.

Tickets and Commits

/pages/home

The issue mentioned in the last digest, where the default home page (/pages/home) may be accessible, was fixed. This doesn't help the 5.32 million Cake apps that are already released (figure may not be accurate), but going forward this won't be an issue anymore. @snookca commented that he "should use it to build a secret page just for the curious." I think this is a great idea. For those of us that don't use /pages/home for anything, let's start sneaking Easter Eggs in there for other Cake devs to find. You may be putting your job at risk, but there are some things more important than steady income and dammit this is one of them.

XSS Vulnerability

Another important change was the patch to fix a XSS vulnerability in the paginator helper (#6134). I'm still waiting for the moment when hack TV writers pick up the terms XSS or XSRF and use it as technobabble. Something like:

Jack: Come on Chloe, we're running out of time. They're through two subnets with the CIP device.
Chloe: I'm trying but the server is locked down with redundant firewalls. I think I can hack a backdoor node with an XSS attack.

Of course if this were to ever happen within two minutes this entry would appear on F*** My Life:

Today, I realized I've wasted my entire career trying to inform people on the importance of web security. I don't think anyone is listening. FML -- Chris S.

In The Wild

Just one site to mention this week: justrosters.com, a slick looking staff scheduling tool by the team at Marvel Internet Group. I was going to use this site to schedule which of my harem are on duty at any given moment, but then I realized that they're all on call 24/7 and this would just give them the false hope that they actually had time off.

In The Blogs

Rails Envy

CakeBaker pointed out a cool feature in Rails that allows you to install plugins directly from a Git repository. Seriously, do not blog about something and expect me to not to steal it. I just can't help myself. I spent an hour with Wireshark trying to reverse engineer the Git protocol so I could make this work for CakePHP. Finally I got smart and went to the Rails code to see how they did it, only to find that Rails is just running system, calling the command line git client. Weak.

More XSS

You can't get away from the XSS. @brian_dailey pointed out this article about how addons.mozilla.org combats XSS attacks.

Do Not Leave Your Door Unlocked - I Will Clean Out Your House

I told you I can't not steal blog ideas. Tim posted this article about avoiding the router when using $html->link() and how it can save up to half a second. Shortly after I took another shot at achieving the same goal using caching.

The ACL Beast

Neil Crookes posted a query that will grab all the ACL permissions at once. Be warned, this query is not for the faint of heart. It feeds on three whole cows a day and has already killed one handler. I swear as soon as I read Neil's article I went to work on another solution to this problem. I actually have it pretty well sorted out, but decided not to release it because I've already stolen like three of Neil's posts and didn't want to make that last step to being 100% of a dick. I'm content hanging out in the 95%-97% range.

Here's another solution by dr. Hannibal Lecter. Probably better then my half-assed attempt linked in the comments.

Everyone together: "requestAction, we are sorry we doubted you"

I saved this one for last. Everyone bashes requestAction. It's just a given that using it sucks the life out of any app and those that use it are clueless. Well, Mark Story may have just made us all look like idiots. He took the time to actually benchmark it and it turns out it isn't that bad. I downloaded his sample, checked it over and ran it myself. His numbers hold up pretty well. Is this the programming equivalent of finding out that Verbal Kint is actually Keyser Söze and he's just been playing us all along?

In The Groups

I mention at the beginning of a recent screencast how developers love to talk about their IDEs. Shortly after this tread appeared and ended up with 53 messages. Of the 52 respondents I think there were 47 different IDEs mentioned.

In The Bakery

Star Power

I thought this jQuery star rating code looked pretty good. Although, I'm surprised it was approved, because it literally has nothing to do with CakePHP. Yea, there is a block showing how to create a generice form with the FormHelper, but the entire star rating part is front end jQuery.

Datasource Love

I love datasources. There I said it. Whenever my boss asks me if some code should go in a component, model, controller... I always answer datasource. I now practice the skinny controller, skinny model, fat datasource pattern. It's complete illogical, but do not even try to stop me. Anyway, if your looking to include some Twitter in your app you should probably check out this datasource.

Dropping Logs

I can't say I'm on board with the way this code tries to write the SQL log to a file. If I were going to do it, I'd probably steal the way the DebugKit does it. That way you don't have to change your DB driver and it works more then just one database. I know my version still outputs the SQL at the bottom...cut me some slack. I wrote this in 5 minutes.

I'm Out!

And on that note don't forget to subscribe to my feed or follow me on twitter.

As always if you think I missed something leave a comment. Or if you do something interesting and want it included in the next digest, send me an email.