-
Archives
- May 2026
- April 2026
- November 2025
- September 2023
- March 2019
- March 2018
- June 2017
- May 2017
- November 2016
- September 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- December 2014
- October 2014
- September 2014
- May 2014
- April 2014
- March 2014
- January 2014
- November 2013
- October 2013
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
-
Meta
Tag Archives: php
Using PHP with Mustache: Practical Examples and Gotchas
If you want clean templates in PHP without pulling in a full framework, Mustache is a great fit. It keeps logic out of views, which forces you to prepare data in PHP first and makes templates easier to scan later. … Continue reading
Reading Laravel Config From a Queued Job — and the env() Trap That Bites You in Production
Today’s lesson came from a perfectly innocent-looking change in a Laravel app. We had a magic number — a chunk size — sprinkled across three call sites: 123foreach (array_chunk($userIds, 100) as $chunk) { SendOnboardingEmailJob::dispatch($chunk); } One reviewer flagged … Continue reading
When a Composer package vanishes from GitHub: don’t panic, and don’t delete vendor/
Today our CI/CD pipeline went red on a job that hadn’t been touched in months. The .gitlab-ci.yml was untouched. The branch built fine yesterday. composer install exploded. The relevant chunk of the failure log: 12345678Failed to download acme/some-nova-tool from dist: … Continue reading
Spatie activity_log: which method writes to which column? 🐘
If you’re using spatie/laravel-activitylog, you’ve probably written something like activity()->event(…)->log(…) a hundred times without thinking about where each piece lands in the database. The fluent API is friendly, but the column mapping isn’t obvious until you go look — so … Continue reading
The Null Coalescing Operator: A Small PHP Feature That Quietly Changed Everything
If you’ve been writing PHP for a while, you probably remember the days of nested „isset()” checks cluttering up every template and controller. Since PHP 7, there’s a much cleaner way — and if you haven’t fully embraced it yet, … Continue reading
BOLA in a Laravel Livewire app: when client-side state is the only thing standing between users and admin actions
A penetration test landed an interesting finding on a Livewire-powered admin panel I work on. The summary on the report read: Broken Object-Level Authorization (BOLA). A standard user can change a tenant-wide “who can access these assets” setting by replaying … Continue reading
Posted in Laravel, php
Tagged authorization, bola, laravel, livewire, owasp, php, security
Leave a comment
Laravel Sail: a developer’s cheat sheet 🐳
Laravel ships with Sail — a thin command-line wrapper around docker compose that gives you the whole Laravel toolchain (PHP, MySQL, Redis, Mailpit, Node) in containers, without you needing to install any of them on your host. The only thing … Continue reading