Olivia
Online
markus staab | @[email protected]
@markusstaab
germany
Joined December 2011
140 Following
882 Followers
10.2K Posts
Pinned Tweet
Do you need help with #PHPStan in some form?
I have plenty of experience in contributing changes to PHPStan core, or implementing custom extensions.
https://t.co/h9OiAGlHIF
plz RT
@maks_rafalko @infection_php Yes, we have one based on Hoa\Regex in phpstan-src
I described a few use-cases on https://t.co/JpZ30LTxri
working on more precise #phpstan types, based on regex AST - lets make use of the new decimal-int-string type.
Type juggling has been exploited in real #PHP authentication bypasses. Here's the classic:
if ($userInput == $storedHash) { // login success }
If $storedHash starts with "0e" followed by digits (like "0e462097"), PHP treats it as scientific notation: 0 * 10^462097 = 0.
An attacker just needs to find an input whose MD5 also starts with "0e" + digits. Both sides evaluate to 0. 0 == 0 is true.
Known "magic hashes":
- MD5("240610708") = 0e462097...
- MD5("QNKCDZO") = 0e830400...
- SHA1("aaroZmOk") = 0e00000...
Fix: use === everywhere. Or better: hash_equals() for timing-safe comparison. Never == for security checks.
Who to follow
Tomas Votruba 
@VotrubaT
✍️ Writing a book about final solution to legacy https://t.co/ffWET1OvFW
😎 Upgrading PHP legacy projects
🤖 Automating PHP code with @rectorphp
PHPStan
@phpstan
Find bugs in your code without writing tests! Created by @OndrejMirtes
Nicolas Grekas 💙💛
@nicolasgrekas
@Symfony principal core-team member, @thephpf admin board. #PHP never dies! @ESPCI_Alumni+@HECAlumni
You might remember #PHPStan supports array-shapes for $matches in preg_match*() since ~June 2024.
RegEx AST based inference implemented before AI was even a thing.
Today I realized that we can re-use the existing RegEx inference for $subject :-).
https://t.co/uzRLz4BEnt
@alexdaubois since I recently added PHPStan rules to enforce use of #[SensitiveParameter] you might just give me a idea for a new opinionated rule to check whether such secrets are compared using hash_equals()
Composer 2.10 is out.
Native malware filtering via @AikidoSecurity, enabled by default on @Packagist. Plus a unified config.policy framework, deprecated source fallback, and wildcards in --with.
#php #phpc #composerphp
PHPStan 2.2: Unsealed Array Shapes, Safer Array Keys, and More! https://t.co/OmGcFeZtoW
Today we published our Impact and Transparency Report for 2025. We are incredibly grateful for our sponsors, partners, contractors, and individual financial contributors for without them, none of our work would be possible. 💙 🐘https://t.co/2vzvicGbom
#php #opensource
Goodbye PHPStan 2.1.x 👋 It's been nice 18 months. https://t.co/LXTfHcKbHD
Now onto PHPStan 2.2.0. It's coming on Thursday.
Togehter with @OndrejMirtes I will be at #neoscon to see what this awesome community has built over the years.
see you there
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.
Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.
If you haven't updated Composer to 2.9.8 or 2.2.28 (LTS), do so urgently! GitHub will restart the rollout of their new GitHub Actions tokens later today. They've improved secret masking to cover this Composer issue, but you're safer if you update. #composerphp #php #phpc
In case you are using global userland constants in PHP and you configured their types in the @phpstan configuration, starting with todays release we will error about invalid values in define() or const definitions (bleeding edge only).
https://t.co/6Bwv5Tku5s
New release: PHPStan 2.1.55 https://t.co/zquz1p2iq8 #phpstan
Infection 0.33.0 has been released.
- Testo test framework support (by @roxblnfk)
- Allow using the full width of the terminal for console output
Enjoy!
Do you use Infection with AI-generated code/tests? If so, what is the workflow / skills / prompts?
Is there anything we need to improve here to make it more useful?
GitHub Copilot is moving to usage-based billing 💸
"Starting June 1, 2026, Copilot usage will be measured in AI Credits (AICs) instead of Premium Requests (PRUs). 1 AIC = $0.01."
https://t.co/DuXExzXZJ4
In case you missed it 👀
@OndrejMirtes delivered an excellent session on “Crafting Custom PHPStan Rules” at PHP UK 2026.
Learn how to write custom PHPStan rules to enforce project standards, catch domain-specific bugs, and automate repetitive code review tasks.
Watch the full talk below ⬇️
https://t.co/L1ULIppAHO
@GromNaN The rule is smart enought to not error in tests
Had a idea for a new opinionated #phpstan rule, which should help to detect hardcoded secrets in the codebase.
Last Seen Users on Sotwe
Icy coco
Seen from Malaysia
แม่ปุ้ม สาวอโศก นัดเย็ด โชว์ฟรีค่ะ
Seen from Thailand
Vintage Shemales
Seen from Turkey
🔞🔥 PACKS 🔥🔞
Seen from Mexico
Serenagomes
Seen from Argentina
Cô Giáo Trang 9A1
Seen from Vietnam
علي النجفي💣
Seen from Austria
Sonyasary25
Seen from Mexico
Ensest CD Pasif
Seen from Turkey
安屿不乖
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers