Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Composer v1.6.4 Release (with Security Fix)
Apr 16, 2018 @ 10:50:02

Composer, the de-facto standard way to install PHP packages, has published a new release that includes a major security update. Jordi Boggiano made this comment about the release on Twitter:

After triaging/merging/fixing almost 200 issues in the last couple days, Composer v1.6.4 is out! ???? It contains a security fix and is therefore a much recommended update for all.

Other changes include fixes for:

  • a regression in version guessing of path repositories
  • the updating of package URLs for GitLab
  • init command not respecting the current php version when selecting package versions
  • exclude-from-classmap symlink handling

You can grab the latest version from the Composer site or you can use it's own self-update command.

tagged: composer release v164 security fix bugfix package

Link: https://twitter.com/seldaek/status/984744594566008832

Tomas Votruba:
New in Coding Standard 4: Long Line Breaks Automated and 3 Legacy Prevention Fixers
Apr 02, 2018 @ 09:51:11

Tomas Vortuba has continued his series covering the changes in the Easy Coding Standard for Symfony-based applications and the changes in version 4. In this new article he covers the updates around line breaks and legacy fixes.

Legacy code prevention, lines automated and clear naming of classes in huge projects. That all is coming to Coding Standard 4 (still in alpha).

Are you curious what work will now these 4 news fixers handle for you? Look inside.

He then goes through each of the changes and includes both the configuration changes to use it and what code changes it will make:

  • Let Coding Standard handle Line Length for You
  • Choose Line Length to Match Your Display
  • Keep Legacy Far Away with New ForbiddenStaticFunctionSniff
  • Prevent & references with ForbiddenStaticFunctionSniff
  • Clear Child Class Naming Once and For All with ClassNameSuffixByParentFixer

You can find out more about the standard in this project on GitHub.

tagged: symfony coding standard version4 linebreak legacy fix

Link: https://www.tomasvotruba.cz/blog/2018/03/29/new-in-coding-standard-4-long-line-breaks-automated-and-3-legacy-prevention-fixers/

Alison Gianotto:
So You Ran Composer as Root...
Nov 15, 2017 @ 10:50:09

Alison Gianotto has an article posted to her since basically answering the "now what?" question resulting from you running Composer as root on your system.

Composer is a PHP dependency manager that’s used in just about any modern PHP application, and it works similarly to how Bundler works for Ruby.

Even though Composer itself gives you a warning about not running it as root, lots of people disregard this warning and run it as root anyway. We run into this issue a lot on my open source asset management project, Snipe-IT, so I figured I’d write up how to fix this if you inadvertently (or advertently) ran composer as root.

She starts by describing the difference between "installing Composer as root" and "running the Composer install as root" (two very different things). She points out that, while Composer tries to prevent the second but permissions errors sometimes cause people to move forward as root anyway, despite the warning. She then shows how to fix the permissions issues so it can be run as a normal user, updating the files in .composer for the root account and re-running the install.

tagged: composer root permission fix tutorial cache

Link: https://snipe.net/2017/11/15/so-you-ran-composer-as-root/

Christian Weiske:
Fixing PHP4 constructors for PHP7
Apr 12, 2016 @ 12:07:42

Christian Weiske has posted a quick guide for those still dealing with PHP 4-style constructors in their code and how to upgrade them for PHP 7 (as it's completely deprecated now).

PHP 7 deprecates PHP4-style constructors. In PHP4, class constructor methods had the same name as the class. This was bad when switching base classes; you did not only have to change the class' extends declaration, but also calls to the parent constructor. PHP5 then introduced the generic __construct method name for class constructors, which solved the problem. ?

PHP7 will output a deprecation message when a class with a PHP4-style constructor is loaded

He suggests that a "quick fix" is to just rename the method to __construct and let PHP handle things as expected. However, dependencies in other classes (calling them in a PHP 4 way) could break because of this. He suggests a "real fix" that can be put in place until the remainder of the code is migrated - a method named the same as the old constructor but just calling __construct internally.

tagged: php4 constructor php7 fix named workaround

Link: http://cweiske.de/tagebuch/php4-constructors-php7.htm

SitePoint PHP Blog:
Contributing to PHP: How to Fix Bugs in the PHP Core
Apr 12, 2016 @ 10:37:27

On the SitePoint PHP blog Thomas Punt continues his series about how you can contribute back to the PHP language. In his previous post he talked about contributing to the PHP manual. In this latest part of the series he moves into something with a bit more complexity: contributing to the core of the language itself.

Previously, we covered contributing to PHP’s documentation. Now, we will be covering how to get involved with PHP’s core. To do this, we will be looking at the workflow for fixing a simple bug in the core.

Since submitting new features to PHP has already been explained pretty well, we will not be covering that here. Also, this article does not seek to teach PHP’s internals. For more information on that, please see my previous posts on adding features to PHP.

In this article he assumes you at least already have a working knowledge of the PHP source and how to locate/update code and execute it. He focuses instead on the bugfix process and workflow needed to:

  • find a bug to fix
  • create a test to reproduce the issue
  • use a debugger to find the exact spot where the problem is
  • and create a simple fix

In this case it's a pretty simple issue to correct, but there are much more complex things that would require more work than just a simple "if" check. This guide can help you get started on the correct workflow, however, and be sure you're handling things as the project expects.

tagged: contribute fix bug core language guide workflow test phpt

Link: http://www.sitepoint.com/contributing-to-php-how-to-fix-bugs-in-the-php-core/

Ethode.com:
Fixing Spaghetti: How to Work With Legacy Code
Jan 27, 2016 @ 12:09:38

On the Ethode.com blog they've shared some hints for working with legacy code to help you more effectively refactor your way out of the "spaghetti code" you might have right now. These are more general tips and aren't really PHP (or even really web application) specific but they're a good starting place for any refactoring effort.

Legacy code is software that generates value for a business but is difficult for developers to change. [...] The longer this goes on, the more frustrated customers get with the software due to quirky defects, bad user experiences and long lead times for changes. Developers are afraid to make changes due to the "Jenga effect" -- as one piece of code is changed or removed, it often leads to new defects being introduced in the system in sometimes seemingly unrelated places. This compounds into what is known as "technical debt".

They continue on talking about what "spaghetti code" is, how it can happen and some of the warning signs you can use to determine just how far down the rabbit hole you and your code are. They talk about "The Big Rewrite" everyone dreams of but points out that this is almost never a practical path. Instead they offer some good things you can do to help fix the problem: quarantining the problem, refactoring relentlessly, keeping it simple and "doing the dishes" as you go rather than letting the changes pile up.

tagged: legacy code refactor opinion advice fix software development

Link: http://www.ethode.com/blog/fixing-spaghetti-how-to-work-with-legacy-code

Lorna Mitchell:
Handling Composer "lock file out of date" Warning
Jan 22, 2016 @ 09:48:23

Lorna Mitchell has a post on her site that wants to help you out when Composer reports a "lock file out of date" warning when you try to update your Composer dependencies. She provides three options to help resolve this issue.

Composer is dependency management for PHP, and it consists of two main files: [composer.json and composer.lock]. Crucially, the composer.lock also includes a hash of the current composer.json when it updates, so you can always tell if you've added a requirement to the composer.json file and forgotten to install it.

The post includes three different ways to correct the warning message:

  • Option one: upgrade all of the things
  • Option two: try to work out which composer.json change caused this
  • Option three: do nothing, safely

The first two options are preferable to the last one (essentially overriding the error) but it could be used in cases where you think Composer is just getting things wrong.

tagged: composer lock file outofdate warning option fix override

Link: http://www.lornajane.net/posts/2016/handling-composer-lock-file-out-of-date-warning

Zend Developer Zone:
Introducing PHP 7 Express
Sep 18, 2015 @ 10:54:48

In a post on the Zend Developer Zone they've introduced a new offering from Zend as a part of their Zend Studio IDE - PHP 7 Express. This tool makes it easy to migrate your code to a working state with the upcoming PHP 7 release.

The PHP 7 revolution is well upon us and at the end of the year we should be seeing an official release. To help you prepare for the expected changes, the upcoming version of Zend Studio – Zend Studio 13, includes a new migration tool called PHP 7 Express. PHP 7 Express scans your PHP code for potential compatibility issues with PHP 7 and supplies you with all the information you need to get your projects ready for migration to PHP 7.

They give an example of refactoring as it relates to the uniform variable syntax changes and removing deprecated function calls. They walk you through the use of the tool (inside the IDE) and show an example of the results, how you can jump to the code for each of the issues listed and the recommendations it provides to correct it.

tagged: zend zendstudio php7express ide feature php7 optimize fix tool

Link: http://devzone.zend.com/6647/introducing-php-7-express/

David Sklar:
Fixing Broken UTF-8
Aug 27, 2015 @ 10:48:29

David Sklar has a post to his site showing you how to fix broken UTF-8 characters in content being passed through the normal string functions.

When working on the i18n bits of Learning PHP 7, I had a problem. My example showing how plain string functions such as strtolower() and strtoupper() mangle multibyte UTF-8 characters was making the book formatting/rendering pipeline barf. The processing tools are expecing nicely formatted, valid, UTF-8 encoded HTMLBook files. It didn’t like the mangled invalid UTF-8 characters in my example output.

To fix this, I wrote the following function to replace invalid UTF-8 sequences with the Unicode Replacement Character (U+FFFD).

He includes the code for this method that walks through the string, character by character, and checks the bytes it contains to see how it needs to be translated. There's plenty of comments in it too, explaining what it's doing as it goes along.

tagged: fix broken utf8 character function example unicode replacement

Link: http://www.sklar.com/php/2015/08/25/fixing-broken-utf8/

PHP.net:
PHP 5.6.8, 5.5.24 & 5.4.40 Released (Security Fixes)
Apr 17, 2015 @ 09:38:18

The PHP development group has released several different versions of PHP for the 5.5.x, 5.6.x and 5.4.x series with a long list of security issues fixed in each one (fourteen in total):

The PHP development team announces the immediate availability of PHP [5.4.40, 5.6.8, 5.5.24]. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.

Other items were fixed besides the security issues, so check out the Changelog to see those few other fixes. It's highly recommended that you update your installations to these latest versions. You can grab the latest either from the downloads page (source) or Windows users can go to winodws.php.net.

tagged: language release multiple security fix changelog upgrade

Link: http://php.net/archive/2015.php#id2015-04-16-3