OpenCart
Symfony
Our great sponsors
OpenCart | Symfony | |
---|---|---|
25 | 151 | |
7,210 | 29,192 | |
1.1% | 0.6% | |
10.0 | 10.0 | |
5 days ago | 3 days ago | |
PHP | PHP | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenCart
-
Open Cart Vulnerability Discussion on GitHub
Either way the PR (https://github.com/opencart/opencart/pull/12949/files) should have been accepte. Clearly the [^a-zA-z0-9_] regex will not do what it appears to be intended to do without the delimiters.
Hah, in one of the replies someone mentions a session hijacking issue https://github.com/opencart/opencart/issues/12939 but the guy's response was:
> what a great hacker! this man should be put on a pedestal for as the worlds greatest hacker for using inspect element and copy and pasting his user_token var from the browser. now if he can only get it to work on a 3rd party who's cookie and user_token he wont know! lets not forget SSL.
It was eventually fixed in another PR, despite the maintainer's lengthy ranting.
https://github.com/opencart/opencart/pull/12951#issuecomment...
The maintainer is apparently infamous for lashing out against people trying to report potential vulnerabilities.
He had a similar attitude all the way back in 2014:
> i'm closing this as its a waste of time.
https://github.com/opencart/opencart/issues/1269#issuecommen...
-
Trying out a medusa webshop
OpenCart
-
onlineshop for internal use.
I like - https://www.opencart.com. Requires bit of configuration initially but has good customisation. Wordpress plugin - https://woocommerce.com
-
Ask HN: Who wants to be hired? (July 2022)
Change to just a summary bullet point like:
* heavy contributed to upstream OpenCart (https://github.com/opencart/opencart) project
-
Asking for a friend: how to start an Instagram business and how much it costs?
Some quick finds: https://github.com/mhmdomer/ecommerce-laravel https://github.com/opencart/opencart
-
Solving Open Source Supply Chain Security for the PHP Ecosystem
> I don't get it, who is going to pay for the time and energy required to audit everything?
Not everything has to be audited. That's why there's different levels of attestations.
In terms of economic incentives: If you're a company bit by one of the recent supply chain issues (colors.js, etc.), you might be able to justify hiring a security vendor to audit the code that your company depends on. This would provide a net-positive benefit to the entire ecosystem, even if it's only a small set of audited code.
Maybe one day, we can even make this an expectation of large players. But that's a discussion for down the road.
On the opposite end of things, you have independent security consultants that want to establish their reputation so they can get paid engagements with software companies.
One avenue available to everyone is review open source software, report vulnerabilities to their maintainers. This can be thankless or even traumatic; i.e. https://github.com/opencart/opencart/pull/1594
Gossamer would open an alternative approach: Hang your shingle out by publishing negative (vote-against) attestations of vulnerable versions of open source software and positive attestations (e.g. code-review) of the versions that mitigated the issues they disclosed. Anti-malware vendors (e.g. WordFence) could even issue weaker positive assertions (spot-check) for WordPress plugin/theme updates after vetting the known-good releases. Security companies depend heavily on their ability to earn trust to thrive, and that's a hard market to break into; this offers another way in.
In short, the economic challenges you're imagining aren't the ones that this project will face. (Although, there will assuredly be challenges.)
Companies acting in their own self-interest can be leveraged to cover the hot paths of the universal dependency graph, and security up-starts can be leveraged to cover their blind spots. Given enough time, the ecosystem will eventually reach some sort of equilibrium, and many new opportunities will be made in the process.
> I presume the big package maintainers already have eyes on their stuff - symfony etc.
Read the discussion on the Symfony Encryption component: https://github.com/symfony/symfony/pull/39344
Just because they have eyes on their stuff doesn't mean that those eyes have the necessary domain-specific expertise to identify problems. If it weren't for Paragon (paragonie-security on Github) and their associates in the security industry, the issues identified in the earlier versions of the module would likely have persisted and been shipped.
Symfony
-
Top 12 PHP Frameworks For Web Development in 2024
Symfony is an open-source PHP framework developed by SensioLabs which has a thriving community of over 300,000 developers with 29k stars and 9.4k forks on GitHub. It provides a set of reusable PHP components and a development methodology for building complex and scalable web applications. It is recommended due to its advanced features and user-friendly environment. The user can also develop microservices.
-
Performance benchmark of PHP runtimes
Symfony 7
-
Show HN: Mutable.ai – Turn your codebase into a Wiki
Would be great to see for https://github.com/symfony/symfony, thanks! As that's a monorepo it may provide a challenge to the tool.
-
Shopware Changes since the 6.0 Dev Training Videos
As Shopware is mostly based on the Symfony framework, which is in turn based on the PHP language, we should also consider learning about the basics, which will also be useful for other frameworks apart from Shopware, like Symfonycasts, symfony.com, php.net.
-
Acquia, My Drupal Startup
Symfony is a PHP framework. https://symfony.com/
It caused much of the internal of Drupal to be re-written. This included how it was extended. With previous major versions you learned about new features and APIs. They followed mostly existing design patterns so it was easy to learn and updates your extensions for. With Symfony you had to learn whole new systems and ways of doing things. It was like learning something entirely new. And, porting extensions to it was far more work and time.
Also, the updates made Drupal slower while consuming far more system resources for the same thing. This increased costs to operate.
-
Drupal 10.1 On OpenBSD 7.3: Install with Composer
Drupal is one of the content management systems aka CMS. It has long history and good stability, which is based on PHP and Symfony.
-
Validating requests on Symfony Framework
Today Symfony is one of the most mature PHP frameworks in the world and because of this, it's used in various projects, including the APIs creation. Recently Symfony included various cool features, like mapping request data to typed objects, that appeared in version 6.3.
- Validando requests no Symfony Framework
-
30 Best Web Development Frameworks for 2023: A Comprehensive Guide
Symfony
- Como desenvolvi um backend web em Clojure
What are some alternatives?
PHPMailer - The classic email sending library for PHP
Open Classifieds - Yclas Self Hosted is a powerful script that can transform any domain into a fully customizable classifieds site within a few seconds.
Swoole - 🚀 Coroutine-based concurrency library for PHP
Slim Framework - Slim is a PHP micro framework that helps you quickly write simple yet powerful web applications and APIs.
ProxiTok - Open source alternative frontend for TikTok made using PHP
Spiral Framework - High-Performance PHP Framework
Saleor - Saleor Core: the high performance, composable, headless commerce API.
tesseract-ocr-for-php - A wrapper to work with Tesseract OCR inside PHP.
Laravel - Laravel is a web application framework with expressive, elegant syntax. We’ve already laid the foundation for your next big idea — freeing you to create without sweating the small things.
HTML Purifier - Standards compliant HTML filter written in PHP
Sylius - Open Source eCommerce Framework on Symfony
Phalcon - High performance, full-stack PHP framework delivered as a C extension.