Why are these PHP tokens predictable?
Why are these PHP tokens predictable in production. The PHP code uses uniqid for session tokens, which is based on time and can be guessed. In PHP auth systems this enables session hijacking.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phptokenbug #phpuniqid #phpauth #pred...
Why does this PHP cache leak across tenants?
Why does this PHP cache leak across tenants in production. The PHP code uses a static cache without a tenant key, so one tenant sees another tenant's settings. In PHP multi tenant apps this becomes a privacy incident.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpc...
Why does this PHP timezone conversion shift dates?
Why does this PHP timezone conversion shift dates in reports. The PHP code parses a UTC timestamp as local time and then converts it, effectively double shifting. In PHP analytics this moves events by hours.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phptimez...
What's wrong with this PHP JSON parse?
What's wrong with this PHP JSON parse in an API handler. The PHP code treats empty arrays and valid zeros as errors because it checks for falsey values instead of json_last_error. In PHP services this rejects legitimate requests.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering...
Why does this PHP gzip handler crash servers?
Why does this PHP gzip handler crash servers on small inputs. The PHP code inflates compressed data without size limits, so a tiny payload can explode memory. In PHP webhooks this becomes a denial of service.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpgzipbomb ...
