Category: PHP

HTTPs, Reverse Proxys, and Port 80!?

By Matt Daum | 1 Comment on HTTPs, Reverse Proxys, and Port 80!?

Recently we were getting ready to deploy a new project which functions only over SSL.  The project is deployed on AWS using the Elastic Load Balancers (ELB).  We have the ELB doing the SSL termination to reduce the load on the server and to help simply management of the SSL certs.  Anyways the the point of this short post.  One of the developers noticed that on some of the internal links she kept getting a link something like “https://dev.app.com:80/….”, it was properly generating the link to HTTPS but then specify port 80. Of course your browser really does not like that as its conflicting calls of port 80 and 443.  After a quick look into the project we found that we had yet to enable the proxy headers and specify the proxy(s), it was we had to turn on `trust_proxy_headers`.  However, doing this did not fix the issue.  You must in addition to enable the headers specify which ones you trust.  This can be easily done via the following:

Here is a very simple example of how you could specify them. You just let it know the IP’s of the proxy(s) and it will then properly generate your links.

You can read up on this more in the Symfony documentation on trusting proxies.

Anyways just wanted to put throw this out there incase you see this and realize you forgot to configure the proxy in your app!

Symfony2: usort() Array was modified by the user comparison function

By Ashish Datta | 5 Comments on Symfony2: usort() Array was modified by the user comparison function

Earlier this week we were repeatedly getting notifications about a “usort() Array was modified by the user comparison function” warning for one of our new Symfony2 projects. The weird thing was the sort function was relatively straightward and looked something like:

Obviously not modifying the array. Anyway, Daum dug up this StackOvervlow thread which suggested that using introspection methods silently modify the array and trigger the warning but I’m clearly not using any of those either.

After some more poking around, we ran across a Doctrine bug specifically mentioning the usort issue. It turns out, because of how Doctrine’s lazy loading functionality works if the usort callback function causes Doctrine to lazy load it’ll silently modify the array and cause that warning. Great, so how do you fix it? It’s actually pretty straightforward, you just need to force the lazy loading before sorting the collection. I ended up with something like:

Anyway, fun fact of the day. Questions and comments always welcome.

PHP: Seven PHP developers you should be following on Twitter

By Ashish Datta | 4 Comments on PHP: Seven PHP developers you should be following on Twitter

A couple of days ago, a friend of mine looking to engage in the community asked me which experienced PHP developers he should follow on Twitter. An interesting question, and as I started looking through the @setfive follower list I realized we really don’t follow very many. Anyway, not wanting to leave him hanging, I put together a list of 5 developers that I thought were a good start.

This is obviously just a start, but I’d love everyone’s help to build out a list of solid PHP developers to follower on Twitter. If you leave them in the comments, we’ll pull together a single list and update this post once we have it!

Fabien Potencier

Co-founder and CEO for @SensioLabs, founder and project lead for @Symfony.
Tweeting from @fabpot and on the web at http://fabien.potencier.org

Jonathan Wage

Husband to @meganswage and director of technology @OpenSky. @ServerGrove @Symfony @DoctrineORM
Tweeting from @jwage and on the web at http://jwage.com/

Kris Wallsmith

Lead architect & symfony guru at @opensky. lead dev on assetic, buzz, spork. father of 3, widower of 1.
Tweeting from @kriswallsmith and on the web at http://kriswallsmith.net/

Chris Corbyn

Nerd, englishman, chatterbox, cake-a-holic, celery hater, Italophile, nu-melbournite, SitePoint/Flippa code monkey. I’m also @cosadici.
Tweeting from @d11wtq and on the web at http://chriscorbyn.co.uk

Dustin Whittle

Technologist, Architect, Open Source Advocate
Tweeting from @dustinwhittle and on the web at http://dustinwhittle.com/

Dries Buytaert

Creator of Drupal, Drupal project lead, co-founder and CTO of Acquia, and Mollom spam fighter.
Tweeting from @Dries and on the web at http://buytaert.net/

Lukas Smith

My twitter alter-ego is all about PHP and databases. My coding addiction is financed by @liip.
Tweeting from @liip and on the web at http://www.liip.ch/en

Joseph Bielawski

Software Developer – #Symfony2 #PHP Polish Twitter Translator
Tweeting from @stloyd and on the web at https://github.com/stloyd

Robin Muilwijk

Board member, eZ Publish Community Project Board : Open Source Advocate : Community Management : Social Media : Civil Servant : Information / Data Engineer
Tweeting from @i_robin and on the web at http://www.linkedin.com/in/robinmuilwijk

Anthony Ferrara

Anything Regarding Software Security, Performance, Quality and Architecture…
Tweeting from @ircmaxell and on the web at http://blog.ircmaxell.com/

Nikita Popov

18 year old student enjoying programming :)
Tweeting from @nikita_ppv and on the web at http://nikic.github.io/

Igor Wiedler

Philosopher.
Tweeting from @igorwesome and on the web at https://igor.io/

Matthew Weier O’Phinney

PHP and ZF Developer; crazed father of two.
Tweeting from @mwop and on the web at http://www.mwop.net/

William Durand

Student by day, full stack developer by night. Open-Source evangelist all the time.
Tweeting from @couac and on the web at http://careers.stackoverflow.com/williamdurand

Jordi Boggiano

Passionate web developer, specialized in web performance and php, #Composer lead, #Symfony2 developer. Partner at @nelmio, information junkie and speaker.
Tweeting from @seldaek and on the web at http://seld.be/

Giorgio Sironi

Developer at @Onebip. I search for the harmony between form and context. Software, science, economics.
Tweeting from @giorgiosironi and on the web at http://www.giorgiosironi.com/

Symfony2: Creating optgroups with an Entity type

By Ashish Datta | 4 Comments on Symfony2: Creating optgroups with an Entity type

Last week, I was working on a Symfony2 app where I wanted to generate optgroup tags inside the select box of an Entity form type. After poking around, I ran across a StackOverflow answer explaining how to do it. Basically, it turns out what you have to do is manually return a “choices” array from a class that has access to the Entity Manager. I ended up adding a method to my custom repository and passing that repository into my form:

It’s a bit messy and I’m surprised there isn’t an option on the Entity Type to pass in a callback with access to the Entity Manager to generate a choice list. Looking at the source of DoctrineType it looks like you could potentially create a custom type to extend the Entity type and then access the em from your custom function. Even that though, seems like overkill to accomplish something that is reasonably common.

Symfony2 and Impersonating Users, a Heads Up

By Matt Daum | 2 Comments on Symfony2 and Impersonating Users, a Heads Up

Recently I was working on a project in which it admins were able to impersonate other users.  It’s a fairly easy task to add to Symfony2, merely adding a switch_user reference to your firewall can make it possible, consult the Symfony docs for more on that.  One thing I noticed was that every now and then when testing I would get weird errors after switching between multiple users, however it didn’t always happen.  After some digging around, it turns out when you switch user it does not clear that sessions attributes, ie if you set attribute ‘hello’ to value ‘world’ it would persist after you’ve impersonated another user.  This caused a few issues as on this application we used the session to store a few things like which set of database connections you currently use.

After looking at the SecurityBundle configuration setup it was clear that there wasn’t any options to have it clear all session attributes on switch user.  At this point it was clear I needed to use an event listener as the firewall dispatched the SwitchUserEvent when a user successfully switched user.  Below is an excerpt from my services.yml
This makes it so that it will call the following code on a successful impersonation of a user:

It’s as simple as that, you can get the actual user by calling $event->getTargetUser(). Long story short, the session can have some tainted values when using switch user as all attributes are not cleared.