This feature is only supported in the Ultimate edition.
The following is only valid when PHP Plugin is installed and enabled!
PHP support includes:
PHP development support is provided through the PHP plugin. The plugin is not bundled with IntelliJ IDEA, but it can be installed from the JetBrains plugin repository as described in Installing, Updating and Uninstalling Repository Plugins and Enabling and Disabling Plugins.
This part describes some procedures that are specific for developing PHP applications and some preliminary steps that are required to configure PHP development environment.
To develop an application using PHP
Follow these general steps:
- Configure the PHP development environment.
- Configure PHP interpreters as described in Configuring Local PHP Interpreters and Configuring Remote PHP Interpreters.
- Start creating a project from scratch. On the first page of the New Project wizard, choose PHP in the left-hand pane, then choose PHP Empty Project in the right-hand pane.
- Create and configure the required data sources (see Managing Data Sources).
- Populate the application using provided coding assistance.
- Deploy the application.
- Run the application. You can do it in several ways:
- From IntelliJ IDEA using a run configuration of the type PHP Web Page to view application output in a browser.
- From IntelliJ IDEA using a PHP Console run configuration to view the application output in the Run tool window.
- From IntelliJ IDEA, using a built-in Web server. This approach saves your time and effort because you do not need to deploy the application sources.
The following optional steps may be helpful:
Last modified: 6 March 2018
Run ConfigurationsConfiguring PHP Development Environment
Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake). The tool can be part of a solution to the OWASP Top 10 2013 A9 - Using Components with Known Vulnerabilities.
The OWASP Top 10 2013 contains a new entry: A9 - Using Components with Known Vulnerabilities. Dependency-check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.
The problem with using known vulnerable components was described very well in a paper by Jeff Williams and Arshan Dabirsiaghi titled, "The Unfortunate Reality of Insecure Libraries" (registration required). The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the National Vulnerability Database).
Dependency-check has a command line interface, a Maven plugin, an Ant task, and a Jenkins plugin. The core engine contains a series of analyzers that inspect the project dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool). The evidence is then used to identify the Common Platform Enumeration (CPE) for the given dependency. If a CPE is identified, a listing of associated Common Vulnerability and Exposure (CVE) entries are listed in a report.
Dependency-check automatically updates itself using the NVD Data Feeds hosted by NIST. IMPORTANT NOTE: The initial download of the data may take ten minutes or more, if you run the tool at least once every seven days only a small XML file needs to be downloaded to keep the local copy of the data current.