This is just a quick note to let you know of work we’ve just tried on the PublicWhip code base
We just attempted to make the PublicWhip code compatible with the PHP “Fig standards” in particular PSR-1-basic-coding-standard and PSR-2-coding-style-guide by utilising PHP Coding Standards Fixer. However, during testing it was quickly shown that due to the age of the PublicWhip code, it appears nearly impossible to automate the bringing of version 1 code up to standard (we even tried a reduced set of changes: in particular disabling the psr0 [“Classes must be in a path that matches their namespace”] and include [“Include and file path should be divided with single space”] fixes, but the site still errored).
This is another techy post – sorry guys!
Yesterday we rolled out a few more SQL injection fixes (we’ve moved the vast majority – if not all – of the public “used” SQL statements from mysql_* connection strings to parametrised PDO connections) and a number of XSS (Cross-Site-Scripting) vulnerability fixes to make the PublicWhip code even more secure. We’ve also tweaked import routines ever so slightly (to try and use “indexes” on table joins) and to provide a bit logging as to what is happening during the import. We also updated the code to move away from PHP short tags (such as “ echo..." and "= $variable" to make it a bit more usable (PHP now comes as "default" with short tags disabled) - we've also updated the mysql_escape_string statements to use mysql_real_escape_string as the first one has been depreciated (the latter is also being depreciated, but can still be used - hopefully this will buy us some time whilst we recode the site).
We also made some database optimisation changes in MySQL which should see some page load speed improvements and also enabled Apache suExec to help increase security that little bit more.
We've just finished pushing all the code changes to our new BitBucket repository at https://bitbucket.org/publicwhip/publicwhip-v1/ – the old GitHub repository will be maintained until at least April this year, but we urge people to move over to the BitBucket Git repository as soon as possible.