Ars Technica

HTML/PHP Code Cleanup/Beautifiers

For PHP, I don't know, but for HTML I use Tidy. I have no idea how it'll handle PHP, but if you have PHP embedded in your HTML, you probably have bigger problems than making it look good.
CSOonline

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure. Unknown attackers managed to break ...