Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ethode.com:
Fixing Spaghetti: How to Work With Legacy Code
Jan 27, 2016 @ 12:09:38

On the Ethode.com blog they've shared some hints for working with legacy code to help you more effectively refactor your way out of the "spaghetti code" you might have right now. These are more general tips and aren't really PHP (or even really web application) specific but they're a good starting place for any refactoring effort.

Legacy code is software that generates value for a business but is difficult for developers to change. [...] The longer this goes on, the more frustrated customers get with the software due to quirky defects, bad user experiences and long lead times for changes. Developers are afraid to make changes due to the "Jenga effect" -- as one piece of code is changed or removed, it often leads to new defects being introduced in the system in sometimes seemingly unrelated places. This compounds into what is known as "technical debt".

They continue on talking about what "spaghetti code" is, how it can happen and some of the warning signs you can use to determine just how far down the rabbit hole you and your code are. They talk about "The Big Rewrite" everyone dreams of but points out that this is almost never a practical path. Instead they offer some good things you can do to help fix the problem: quarantining the problem, refactoring relentlessly, keeping it simple and "doing the dishes" as you go rather than letting the changes pile up.

tagged: legacy code refactor opinion advice fix software development

Link: http://www.ethode.com/blog/fixing-spaghetti-how-to-work-with-legacy-code

Lorna Mitchell:
Handling Composer "lock file out of date" Warning
Jan 22, 2016 @ 09:48:23

Lorna Mitchell has a post on her site that wants to help you out when Composer reports a "lock file out of date" warning when you try to update your Composer dependencies. She provides three options to help resolve this issue.

Composer is dependency management for PHP, and it consists of two main files: [composer.json and composer.lock]. Crucially, the composer.lock also includes a hash of the current composer.json when it updates, so you can always tell if you've added a requirement to the composer.json file and forgotten to install it.

The post includes three different ways to correct the warning message:

  • Option one: upgrade all of the things
  • Option two: try to work out which composer.json change caused this
  • Option three: do nothing, safely

The first two options are preferable to the last one (essentially overriding the error) but it could be used in cases where you think Composer is just getting things wrong.

tagged: composer lock file outofdate warning option fix override

Link: http://www.lornajane.net/posts/2016/handling-composer-lock-file-out-of-date-warning

Zend Developer Zone:
Introducing PHP 7 Express
Sep 18, 2015 @ 10:54:48

In a post on the Zend Developer Zone they've introduced a new offering from Zend as a part of their Zend Studio IDE - PHP 7 Express. This tool makes it easy to migrate your code to a working state with the upcoming PHP 7 release.

The PHP 7 revolution is well upon us and at the end of the year we should be seeing an official release. To help you prepare for the expected changes, the upcoming version of Zend Studio – Zend Studio 13, includes a new migration tool called PHP 7 Express. PHP 7 Express scans your PHP code for potential compatibility issues with PHP 7 and supplies you with all the information you need to get your projects ready for migration to PHP 7.

They give an example of refactoring as it relates to the uniform variable syntax changes and removing deprecated function calls. They walk you through the use of the tool (inside the IDE) and show an example of the results, how you can jump to the code for each of the issues listed and the recommendations it provides to correct it.

tagged: zend zendstudio php7express ide feature php7 optimize fix tool

Link: http://devzone.zend.com/6647/introducing-php-7-express/

David Sklar:
Fixing Broken UTF-8
Aug 27, 2015 @ 10:48:29

David Sklar has a post to his site showing you how to fix broken UTF-8 characters in content being passed through the normal string functions.

When working on the i18n bits of Learning PHP 7, I had a problem. My example showing how plain string functions such as strtolower() and strtoupper() mangle multibyte UTF-8 characters was making the book formatting/rendering pipeline barf. The processing tools are expecing nicely formatted, valid, UTF-8 encoded HTMLBook files. It didn’t like the mangled invalid UTF-8 characters in my example output.

To fix this, I wrote the following function to replace invalid UTF-8 sequences with the Unicode Replacement Character (U+FFFD).

He includes the code for this method that walks through the string, character by character, and checks the bytes it contains to see how it needs to be translated. There's plenty of comments in it too, explaining what it's doing as it goes along.

tagged: fix broken utf8 character function example unicode replacement

Link: http://www.sklar.com/php/2015/08/25/fixing-broken-utf8/

PHP.net:
PHP 5.6.8, 5.5.24 & 5.4.40 Released (Security Fixes)
Apr 17, 2015 @ 09:38:18

The PHP development group has released several different versions of PHP for the 5.5.x, 5.6.x and 5.4.x series with a long list of security issues fixed in each one (fourteen in total):

The PHP development team announces the immediate availability of PHP [5.4.40, 5.6.8, 5.5.24]. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.

Other items were fixed besides the security issues, so check out the Changelog to see those few other fixes. It's highly recommended that you update your installations to these latest versions. You can grab the latest either from the downloads page (source) or Windows users can go to winodws.php.net.

tagged: language release multiple security fix changelog upgrade

Link: http://php.net/archive/2015.php#id2015-04-16-3

Rob Allen:
SSL certificate verification on PHP 5.6
Dec 23, 2014 @ 12:15:41

Rob Allen has a quick tip posted today about SSL certificate verification in PHP 5.6 and things that need to be updated thanks to recent improvements in PHP's SSL handling.

I recently updated my local OS X Zend Server installation to PHP 5.6 and when I ran composer self-update, I got this error message: "The "https://getcomposer.org/version" file could not be downloaded: SSL operation failed" [...] Googling around, I finally worked out that there have been various SSL improvements in PHP 5.6 and that the problem was that it couldn't find any OpenSSL certificates on my system. This isn't a total surprise as OS X has been moving away from using OpenSSL internally in favour of its own libraries.

To resolve the issue he found where PHP was looking for certificates (using openssl_get_cert_locations) and how a quick "brew install" of the needed OpenSSL handling resolved the issue. Then, in the php.ini file a quick update to the "openssl.cafile" path points it to the right certificate.

tagged: certificate validation ssl openssl php56 tip fix

Link: http://akrabat.com/php/ssl-certificate-verification-on-php-5-6/

Squizlabs Blog:
PHP_CodeSniffer 2.0.0 released
Dec 05, 2014 @ 12:03:34

The Squizlabs blog has an announcement about the release of the latest major version of the popular PHP_CodeSniffer tool for PHP - CodeSniffer v2.0. Among the updates in this latest release is a major one - the automated fixing of issues the tool finds.

Nineteen months ago, I started work on a project to allow PHP_CodeSniffer to fix the problems that it finds. Doing this required a lot of changes to the core classes, a lot of iteration and refactoring of the fixing and testing code, and an enormous amount of time and testing across many PHP projects to ensure I am confident enough to release something that actually modifies code. I could keep writing unit tests forever, but I've finally got to a point where I am happy to release this first version of the PHP Code Beautifier and Fixer (PHPCBF), for when you just can't be bothered fixing coding standard errors yourself.

The fixes are made possible through the newly introduced "PHP Code Beautifier and Fixer" (PHPCBF) tool. When the CodeSniffer tool is run against your code the PHPCBF kicks in too and tells you which of the issues can be automatically fixed. Additionally, you can now add custom code to your custom sniffer rules to enable this auto-fix functionality yourself. He also includes a list of the other updates in the release including:

  • a new information report to show you how your code is written rather than if it conforms to a standard
  • the ability to set command line arguments in ruleset.xml files
  • the ability to create your own custom reporting classes and use them with PHP_CodeSniffer
  • support for running on HHVM

You can find out more information about this release in the PEAR or GitHub changelogs.

tagged: phpcodesniffer v2 release automated fix phpcbf

Link: https://www.squizlabs.com/php-codesniffer/2.0.0-released

Dejan Angelov:
Experimental upgrading to Laravel 5: How I did it
Nov 24, 2014 @ 12:57:18

In a recent post Dejan Angelov shares the process he went through to upgrade an application to Laravel 5, yet to be released (at least at the time of this post).

Over the past weeks, Taylor introduced many great changes and new features that we’ll be able to use in the new version, firstly numbered 4.3 and later 5. According to the framework’s six month release cycle, it should had hit stable late this month or in early December. Because of that, I started to play with it and to apply the changes to make my application use it.

However, a couple of days ago, Taylor wrote a blog post on the Laravel’s blog saying that because of the importance of this release, the release date will be postponed to January. Considering this, everything you’ll read here MUST NOT be applied to applications that are currently in production.

He starts with some of the major differences, including changes in the dependencies required and the removal of the "start.php" file for bootstrapping the application. He talks about the changes in startup and shutdown as well as autoloading. He looks at directory structure changes and the addition of a base namespace. He then gets into how to fix these issues, one at a time, including code and configuration changes that need to be made. This includes updates to the facades, changes for middleware, environment configuration, pagination and routing. There's lots of other changes happening with Laravel 5, so be sure to check out the full post if you're interested in the steps you might need to take when this latest version is released.

tagged: upgrade laravel5 framework change configuration code fix

Link: http://angelovdejan.me/2014/11/22/experimental-upgrading-to-laravel-5-how-i-did-it.html

Evert Pot:
Composer's bug now fixed
Feb 24, 2014 @ 12:38:06

Evert Pot has posted an update to a previous post around Composer's vulnerability around installing the wrong packages in the case of a conflict. In this latest post he points out, however, that the bug is now fixed.

As an update to my previous post, the composer security problem now appears fixed. Good to see that a quick response was possible after all.

The original issue was caused by the "replace" functionality, allowing the possibility for an incorrect package to be installed instead of the one requested. Other posts with more details include this one from Pádraic Brady and Nils Adermann. if you're a Composer user, it's highly suggested you update your currently installed version (run a "composer self-update").

tagged: composer bug security vulnerability fix selfupdate

Link: http://evertpot.com/composer-bug-fixed

PHP.net:
PHP 5.3.27 Released - PHP 5.3 Reaching End of Life
Jul 12, 2013 @ 09:17:15

The PHP development group has officially released the latest bugfix release in the PHP 5.3.x series - PHP 5.3.27:

The PHP development team announces the immediate availability of PHP 5.3.27. About 10 bugs were fixed, including a security fix in the XML parser (Bug #65236). Please Note: This will be the last regular release of the PHP 5.3 series. All users of PHP are encouraged to upgrade to PHP 5.4 or PHP 5.5. The PHP 5.3 series will receive only security fixes for the next year.

You can get this latest release from the downloads page (or here for Windows users). As the update fixes a security issue, it's recommended that you upgrade (see this bug).

tagged: release language endoflife security fix update

Link: http://php.net/index.php#id2013-07-11-1