[OWASP-ESAPI] New PHP checkin. If you're a contributor, please check it out

Andrew van der Stock vanderaj at owasp.org
Fri Mar 13 03:11:15 EDT 2009

Hi folks,

For those of you working on the PHP port, there's a new check in. If  
you haven't been allocated a class yet, please checkout the current  
source, and state what you'd like to work on:

Claimed Backlog:

* ESAPI main class - AJV (done)
* Test framework ported to SimpleTest - AJV (mostly done)
* Exceptions - AJV (mostly done)
* Logger / Intrusion detector essentials - AJV (partially done)
* ESAPI configuration essentials - AJV (my next sprint)
* AccessController essentials - AJV

Where essentials are ... just enough to make it go and no more.  
Milestone one doesn't need a lot of the stuff that Milestones two and  
three requires.

Unclaimed (I think) Backlog:

* AccessReferenceMap (easy)
* IntegerAccessReferenceMap (easy)
* RandomAccessReferenceMap (easy)
* Encoder and all codecs (moderate)
* HTTPUtilities (moderate)
* StringUtilities (easy)
* Validator (hard) - must do *after* Encoder

The primary method to work is to set up your PHP IDE (I use Ganymede  
with PHP Eclipse and Subclipse, PHP 5.2.9, and MySQL 5.1 GA). Grab the  
source to both this project and the J2EE from Google Code SVN.

Pick your class and tell me about it. That's your sprint backlog for  
the next month.
Start with the tests. Port the tests from the J2EE source tree to PHP.
Then start coding so that your code passes the tests. I would only use  
the J2EE source as a guide as to how it's done. There's so many  
differences between J2EE and PHP that a line for line port will only  
work for a minority of code. For example, we don't need a push back  
string as PHP's string handling is very strong.

Once you're done with your class and you have passed all the tests,  
come and ask me for more work for the next sprint.

Tip: Search the PHP quick reference to see if there's functions ready  
to go. For example, PHP has a session token regeneration function, so  
HTTPUtilities :: ChangeSessionIdentifier becomes a one line wrapper  
around session_regenerate_id(). There are gems like this throughout  
PHP. Please search for them before cutting code.

Tip 2: We are targeting 5.2.x. Use SPL for basic data structures such  
as queues and heaps, iterators and other design patterns. They are  
fast and work well.


Don't hesitate to throw SPL exceptions, too, just document your use of  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090313/19d8e7e6/attachment.html 

More information about the OWASP-ESAPI mailing list