Cross-site Request Forgery (CSRF) is one of the traditional vulnerabilities that web applications have to deal with. Every web framework - including Symfony - supports CSRF protection out of the box. A lesser known vulnerability is Login CSRF, a special kind of CSRF attack.

Every now and then, there seems to be a lot of fuss in the PHP community about deprecations. In these discussions, deprecations are often discussed as if they are fatal errors. I think that is very wrong. Let’s reduce our expectations of deprecations. It’ll make everyones live much less stressful.

A very exciting time is coming with the biggest change for Symfony since Symfony 2.0: Symfony 6 has native PHP types on all its methods where it is possible. This will be a great push towards type safety in the PHP open source communities! Nicolas and Alexander have been working on and off for 2 years to create the best upgrade experience possible.
Now, 2.5 months before the stable release, it is YOUR time to shine! Especially if you maintain any open source project (not even directly linked to Symfony), we would love to hear from you to make sure the upgrade isn’t dramatically hard.

Symfony has a very rigid release schedule since Symfony 3.0. Predictable releases are often mentioned as a major advantage. Did you know that this schedule also includes a 2 month “stabilization phase”? This phase gives time to all libraries and bundles to catch up. Testing pre-releases is one of the best and least time consuming contributions you can make to Symfony. Let’s see how you can help Symfony by reservering 30 minutes during these 2 months!

After more than half a year of work and discussions, Symfony 5.1 ships with an experimental and revisited Security system. I’m incredibly excited about this system, as I think it opens up the component for a lot of possibilities. That’s why in the coming week, I’ll publish a series of blogposts about this new system. I hope you’ll be just as excited as I am and help realising the full potential with us!

Symfony uses a very flexible voter approach to grant access for a user. As this is often based on domain-specific requirements and decisions, the voters that come with Symfony are very basic. I would even argue that it’s better if you not use them, and only rely on custom security voters.

Setting up big Symfony components in a blank PHP project helps a lot to understand it. You’ll grasp the main architecture of the component much easier this way. Let’s try to understand Symfony Security by doing exactly this!

Repositories are just collections of things. A post repository is a collection of posts, a user repository a collection of users. They allow to abstract away all the persistence details. Yet, many people think of Doctrine repositories as purely related to Doctrine, leading to strange abstractions. Let’s create a normal collection with Symfony and Doctrine today!

“Your application should have thin controllers!” It’s one of the most common statements in framework-world. It’s the basis of creating a decoupled code-base. Yet, creating thin controller can be quite a challenge. Hostnet’s FormHandlerBundle can help you quite a bit. Let’s have a deeper look!

In this era of decoupling, lots of features are seperated into smaller libraries. If your bundle uses a PHP library, adding it to composer.json is quite easy. But what about frontend dependencies, like jQuery?

This static blog site is generated by Sculpin and hosted on GitHub Pages. In this article, I’ll tell you how you can setup automatic generation using Travis.

Een computer is logisch, hoe kan zo’n logisch apparaat nou random getallen maken? Vandaag nemen we een kijk in de PHP source om te kijken hoe het in PHP gedaan wordt.

Dat je kunt programmeren in objecten is waarschijnlijk al bekent. Maar dat je ook CSS in objecten kunt gebruiken is nog vrij nieuw. Tijd om dat eens te ontdekken!

Symfony2, ik ben er een groot fan van. Deze blogpost bevat een makkelijk weg om Symfony2 te leren als je alleen nog maar PHP ervaring hebt.

Vandaag bespreek ik een echte bleeding edge: Er is nog geen specificatie voor en het is gister beland in de alpha channel van Chrome.

Je hebt vast wel eens gewerkt met Ruby of Node.js en je hebt vast wel eens gedroomd hoe geweldig het niet zal zijn om een Gem (ruby) of Npm (node.js) te hebben voor PHP. Nu is het tijd om je dromen werkelijkheid te maken!

OO, elke beginner weet het wel: Denken in objecten en dat omzetten in een script. Maar OO is veel en veel meer, laat me even kennis maken met de, voor velen, onbekende kant van OO.

Google Maps kent iedereen wel en je kan er geweldige dingen mee doen. Om een Google Maps op jou website te krijgen zul je aan de slag moeten met de API van Google.