» Be Careful with PHP’s version_compare

Be Careful with PHP’s version_compare

var_dump(version_compare("5.2.8-0.dotdeb.1", "5.2.8", "<="));

Expected result: bool(true)

Actual result: bool(false)

The moral of the story: use < or >.

» Agavi 1.0.0 Beta 6

Agavi 1.0.0 Beta 6 - Even More Secure

Default: Strict Validation ALWAYS

Agavi has a very special input validation system which, by default, will not let your application use any unvalidated input data. And this doesn’t mean only POST or GET parameters in HTTP world but also cookies and headers. Remember, those too are user input and must be considered insecure.

This strict validation mode has been the default setting for production environment for quite some time already but after Agavi was blamed for somebody’s poor input validation it was made default for development environments too. It had already been discussed earlier because different defaults for different environments was sometimes confusing and caused applications to break when moved to production.

Production-ready Exception Templates

Because people seem to be too lazy to configure exception templates for production use a new set of default templates was added to Agavi 1.0.0 Beta 6.

Download Agavi: http://www.agavi.org/download