I'm happy to announce that as of today, my book entitled 'php|architect's Guide to Enterprise PHP Development' is available.

The book covers the entire development life cycle of PHP projects, and can be ordered through the php|architect website. php|architect has the following description:

"Whether you are running a large scale web app in a PHP-based environment, or if you are considering switching your site to PHP, our new book, php|architect's Enterprise PHP Development will surely be a valuable resource for you and your development team. This book is the only one of its kind and is unparalleled in terms of content and practical usefulness."

I leave that last sentence up to the judgement of the reader, but it's true that it's one of the few books that's not about PHP code, but about the entire development life cycle.

I owe a lot of thanks to Elizabeth Naramore and Marco Tabini of php|architect, for getting this book out.

If you order the book, also check out its companion website. I will collect feedback on that site, and will regularly post errata or other updates.

I just released ATK 6.1; It contains several new features such as Ajax based dialogs, a new language file (Indonesian), and several bug fixes.

The most important however is that it fixes an XSS vulnerability based on the usage of $_SERVER["PHP_SELF"] that we had overlooked.

It is recommended to upgrade ATK applications to ATK 6.1.

The release can be found on http://www.achievo.org/atk/download

The changelog is included in the release, and at http://www.achievo.org/atkdemo/atk/doc/CHANGES

Today it's exactly one year since ATK 5.6 was released. So the new release was long overdue.

It's finally here, along with a new website which has a lot less fuzz, and is more to the point.

The changelog is a whopping 1056 lines. This translates to rougly 300 changes for this release. We might say this is a new generation, which is marked with a new major version number, and a new default layout. And it finally has ajax support (the way you are used to in ATK: add a flag to add autocompletion to a field, add one line of code to make things refresh on the fly). Most of you have been using the nightlies for months now, so this may not be new for you, but many companies are still using 5.6 for their apps.

The new release can be downloaded here.

Given the amount of changes, upgrading might not be trivial. Consult the forum if you need help.

Yesterday someone reported a security issue in bugtraq:

http://www.securityfocus.com/bid/23992/info

Although the issue was reported directly to SecurityFocus and not to us, I want to stress that this is a bug in an old version of Achievo. Version 1.2 that was released over a year ago already had a fix for this issue. (The report originally didn't mention this but I had them include the info on 1.2 when I discovered the report.)

Those of you still running Achievo 1.1 are advised to upgrade to the latest stable version of Achievo, 1.2.1.

If that is not an option, the issue can be fixed in two ways:

• Make sure that register_globals is turned off in php.ini. The problem is not present when this setting is turned off.
• Edit index.php, and add the line $config_atkroot = "./"; right in front of the include of atk.inc

When in doubt, or if you have questions according to this issue, please consult the Achievo forum or contact me directly.