Mobirise v3.06 – Style Changer, New Blocks & Icons, Social Feed & Comments

The new version 3.06 of Mobirise Website Builder is out. Zero coding, drag-and-drop site creation. Fully responsive, Bootstrap 4 based, and free.

What’s new in v3.06:
* “Style Changer” – edit fonts, colors and other options of the whole site in one click. (Mobirise 3 theme only)
* BlockPack Extension – 60+ new blocks for Mobirise3 theme – View all blocks      – Kenburns & parallax slider
– Intros with “typed” text effect and animated text background
– “Coming soon” intros and timelines
– Countdowns, counters, steps
– Accordions, toggles, tabs
– Progress bars and rounds
– Our team, our clients, testimonials carousels
* Updated ‘Icons’ extension – 2000 new icons added (5600+ icons total)
* “Social Feed” extension – latest posts from multiple social accounts
* “Social Comments” extension – Facebook, Google+ and Disqus comments
* “Resize Images” option – if turned OFF, the images will be added “as is” to page
* Improved “on scroll” animation – now much smoother
* Fixed bug when Code editor breaks the forms

Mobirise v3.06 Free Download
Download for Windows
Download For Mac
Mobirise v3.06 is free for both personal and commercial use.

Laravel 5.3.8 is released with new fakes for events, jobs, mail, and notifications

Laravel 5.3.8 is now released with new improvements for testing by included new fakes for events, jobs, mail, and notifications.

Here is a quick look at how these new testing featurs work:

Laravel Events

Laravel now provides three helpers for mocking events. The first is expectsEvents method which verifies the expected events are fired, but prevents any listeners for those events from executing. The second is the inverse doesntExpectEvents to verify that the given events are not fired:

public function testOrderShipping()
{
    $this->expectsEvents(OrderShipped::class);
    $this->doesntExpectEvents(OrderFailedToShip::class);

The next helper is withoutEvents which prevents all events from running:

public function testUserRegistration()
{
    $this->withoutEvents();

As an alternative to mocking, you may use the Event facade’s fake method to prevent all event listeners from executing.

use AppEventsOrderShipped;
use AppEventsOrderFailedToShip;
use IlluminateSupportFacadesEvent;

class ExampleTest extends TestCase
{
    /**
     * Test order shipping.
     */
    public function testOrderShipping()
    {
        Event::fake();

        // Perform order shipping...

        Event::assertFired(OrderShipped::class, function ($e) use ($order) {
            return $e->order->id === $order->id;
        });

        Event::assertNotFired(OrderFailedToShip::class);
    }
}

These same style helpers can also be used in jobs, mail, and notifications and the documentation is already updated with all the details.

Upgrading to 5.3.8 should just be a matter of running composer update and these new features will be available to be used.

Source: Laravel News

Laravel Spark v2 is now released

Laravel Spark, the commercial Laravel package that provides instant scaffolding for subscription billing, has just released v2.

The 2.0 release is a free upgrade for all license holders and it adds compatibility with Laravel 5.3 as well as deprecating the Spark installer in favor of using Composer directly.

This also adds dependency updates so it is compatible with both Echo and Passport that are new packages in Laravel 5.3.

The upgrade guide says you should review the entire Laravel 5.3 upgrade guide and make any changes to your application to reflect those changes. After that, there are no further code upgrades you need to make before using Spark 2.0.

Once you have completed applying the changes listed in the Laravel 5.3 upgrade guide, you are ready to upgrade your underlying Spark dependency.

Source: Laravel News

Edit your environment files through the browser with Brotzka .env-Editor

When you’re working with Laravel, every installation includes a .env example file in your application’s root folder. This allows you to keep sensitive information out of version control and makes it easier to have different configurations based on the environment your application is running.

Brotzka .env-Editor is a third party package that aims to offer alternatives to the current manual way for editing Environment variables through .env file. It provides a graphical user interface to view, manage, backup and restore .env file. Plus it provides a lot of useful functions that can be used in your application to manage your .env file dynamically.

Let’s take a look at this package.

Installation

First, install Brotzka .env-Editor through Composer:

composer require brotzka/laravel-dotenv-editor

Then add its Service provider in config/app.php:

'providers' => [
    ...
    BrotzkaDotenvEditorDotenvEditorServiceProvider::class,

Add the following line to your config/app.php aliases:

'DotenvEditor' => BrotzkaDotenvEditorDotenvEditorFacade::class,

Finally, you have to publish the config file and view so you can edit it as you want, run the following command in your terminal:

php artisan vendor:publish --provider="BrotzkaDotenvEditorDotenvEditorServiceProvider"

Now you have everything you need to start using the Brotzka .env-Editor.

Overview

If you opened .env-Editor configuration file config/dotenveditor.php, you will find two groups of settings, the first group is Path configuration which you can edit to specify the path for your project .env file and your .env files backup path:

'pathToEnv'         =>  base_path() . '/.env',
'backupPath'        =>  base_path() . '/resources/backups/dotenv-editor/',

The second setting group is GUI-Settings which you can choose to enable/disable editing .env via a graphical interface and the route that you can access this graphical user interface from:

// Activate or deactivate the graphical interface
    'activated' => true,

// Set the base-route. All requests start here
    'route' => '/enveditor',

Graphical User Interface

Now let’s access /enveditor via the browser to view Brotzka .env-Editor graphical user interface, you will see four different tabs:

1. Overview tab:

overview

After you click the Load button to import your .env file contents, you will see your current Environment variables as key/value pairs. On the right column, there are action buttons to edit or remove any variable from the list.

2. Add New tab:

add-new

In the Add New you can create a new variable in your .env file easily by filling the fields and clicking the Add button.

3. Backups tab:

backups

In the Backups tab, you can create a new backup of your .env file by clicking Create Backup button, bellow that there is a available backups list which have all your previous taken backups. And to the right of that list, you will find the action buttons which you can use to view, restore, download and delete a .env file backup.

4. Upload tab:

upload

And the last tab is Upload, which provide the ability to restore a previous .env file backup by uploading it from your storage, be aware that this will override your currently active .env file.

Managing .env files from your code

Brotzka .env-Editor provides a lot of useful functions that you can access through an instance of the DotenvEditor class. For example, there are functions for getting the value of a given key, checking if a key exists, adding the new key-value pair, changing a value of a variable, creating/restoring backups and more…
You can take a look at all available functions on .env-Editor docs.

Here is an example of utilizing .env-Editor functions to manipulate the .env file:

namespace AppHttpControllers;

use BrotzkaDotenvEditorDotenvEditor;

class EnvController extends Controller
{
    public function editDotEnv(){
        $env = new DotenvEditor();

        // Adds APP_ENV key if not existed
        if(!$env->keyExists("APP_ENV"){
            $env->addData([
                'APP_ENV' => 'production'
            ]);
        }

        // Changes the value of the Database name and username
        $env->changeEnv([
            'DB_DATABASE'   => 'laravel-news',
            'DB_USERNAME'   => 'diaafares',
        ]);
    }
}

That’s it, give Brotzka .env-Editor a try if you are looking for convenient ways to manage your .env file through your code or your browser. You can check out the source code of Brotzka .env-Editor at Github.

Source: Laravel News

The Bread and Butter Layout

Consider the most typical of website layouts: a head at the top, a main section – possible consisting of a sidebar and primary content – in the middle, and then a footer stuck to the bottom. Traditionally, we’ve used floats to accomplish this layout. But the truth is that floats were never truly meant for this sort of thing. Luckily, again, there’s a better way. In this episode, we’ll discuss the justify-content property more, while reviewing the margin-top: auto trick.

View the source for this episode on GitHub.
Source: Laracasts

ZF2016-03: Potential SQL injection in ORDER and GROUP functions of ZF1

ZF2016-03: Potential SQL injection in ORDER and GROUP functions of ZF1

The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained
prone to SQL injection when a combination of SQL expressions and comments were
used. This security patch provides a comprehensive solution that identifies and
removes comments prior to checking validity of the statement to ensure no SQLi
vectors occur.

The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is
vulnerable by the following SQL injection:

$db = Zend_Db::factory(/* options here */);
$select = new Zend_Db_Select($db);
$select->from('p');
$select->order("MD5("a(");DELETE FROM p2; #)"); // same with group()

The above $select will render the following SQL statement:

SELECT `p`.* FROM `p` ORDER BY MD5("a(");DELETE FROM p2; #) ASC

instead of the correct one:

SELECT "p".* FROM "p" ORDER BY "MD5(""a("");DELETE FROM p2; #)" ASC

This security fix can be considered an improvement of the previous
ZF2016-02 and
ZF2014-04 advisories.

As a final consideration, we recommend developers either never use user input
for these operations, or filter user input thoroughly prior to invoking
Zend_Db. You can use the Zend_Db_Select::quoteInto() method to filter the
input data, as shown in this example:

$db    = Zend_Db::factory(...);
$input = "MD5("a(");DELETE FROM p2; #)"; // user input can be an attack
$order = $db->quoteInto("SQL statement for ORDER", $input);

$select = new Zend_Db_Select($db);
$select->from('p');
$select->order($order); // same with group()

Action Taken

We fixed the reported SQL injection by removing comments from the SQL statement
before passing it to either the order() or group() methods; this patch
effectively solves any comment-based SQLi vectors.

We used the following regex to remove comments from a SQL statement:

const REGEX_SQL_COMMENTS = '@
    ((['"]).*?[^\]) # $1 : Skip single & double quoted expressions
    |(                   # $3 : Match comments
        (?:#|--).*?$    # - Single line comments
        |                # - Multi line (nested) comments
         /*             #   . comment open marker
            (?: [^/*]    #   . non comment-marker characters
                |/(?!*) #   . ! not a comment open
                |*(?!/) #   . ! not a comment close
                |(?R)    #   . recursive case
            )*           #   . repeat eventually
        */             #   . comment close marker
    )s*                 # Trim after comments
    |(?<=;)s+           # Trim after semi-colon
    @msx';

The patch is available starting in Zend Framework 1.12.20.

Other Information

This SQL injection attack does not affect Zend Framework 2 and 3 versions because the
implementations of ZendDbSqlSelect::order() and ZendDbSqlSelect::group() do
not manage parenthetical expressions.

Acknowledgments

The Zend Framework team thanks the following for identifying the issues and
working with us to help protect its users:

  • Hiroshi Tokumaru (HASH Consulting Corp.), who discovered the issue;
  • Masanobu Katagi (Japan Computer Emergency Response Team Coordination Center),
    who reported the issue;
  • Enrico Zimuel, who provided the patch.

Source: Zend security feed

Lumen 5.3 is released

Lumen 5.3 is now released and available for all. This is considered a maintenance release that upgrades the underlying packages to the Laravel 5.3 series.

Before upgrading your application to Lumen 5.3, you should review the Laravel 5.3 upgrade guide and make any applicable changes to your application according to which Laravel components you are using.

Once you have made the necessary adjustments to your application, you may upgrade your Lumen framework dependency in your composer.json file and run the composer update command:

"laravel/lumen-framework": "5.3.*"

For more information checkout the official Lumen documentation.

Source: Laravel News

A Navigation Menu

For step two of your flexbox crash-course, we’ll create a typical navigation menu, and then use flexbox to evenly distribute each item with perfect precision.

View the source for this episode on GitHub.
Source: Laracasts

1 2 3 43