Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Tomas Votruba:
How to Slowly Turn your Symfony Project to Legacy with Action Injection
Apr 24, 2018 @ 09:55:49

Tomas Votruba has a new post to his site showing how to "turn your Symfony project to legacy" through the use of action injection for mapping controllers and methods to request handling.

The other day I saw the question on Reddit about Symfony's controller action dependency injection. More people around me are hyped about this new feature in Symfony 3.3 that allows to autowire services via action argument typehints. It's new, it's cool and no one has a bad experience with it. The ideal candidate for any code you write today.

Since Nette and Laravel introduced a similar feature in 2014, there are empirical data that we learn from.

Today I'll share the experience I have from consulting few Nette applications with dangerous overuse of this pattern and how this one thing turned the code to complete mess.

He starts off with some example code, asking where the issue is showing a call to a service handler to process the an argument. This would be used when a controller is registered as a service to help reduce the amount of work to define routes and add more "magic" for request handling. While the idea sounds good, he points out some of the issues with the approach including dependency injection problems and how, if it expands outside of controllers, it can lead to a poorly written application.

tagged: symfony injection action legacy nette dependency issue

Link: https://www.tomasvotruba.cz/blog/2018/04/23/how-to-slowly-turn-your-symfony-project-to-legacy-with-action-injection/

Checkpoint Research Blog:
Uncovering Drupalgeddon 2
Apr 13, 2018 @ 10:22:46

On the Checkpoint Research blog there's a recent post covering the recent critical Drupal bug, a.k.a. Drupalgeddon 2, and providing a deeper look into the bug and how the exploit worked.

Two weeks ago, a highly critical (21/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security team. This vulnerability allowed an unauthenticated attacker to perform remote code execution on default or common Drupal installations.

[...] Until now details of the vulnerability were not available to the public, however, Check Point Research can now expand upon this vulnerability and reveal exactly how it works.

The post covers the basic issue, a lack of input sanitization on Form API requests, and what versions it existed in. It then dives into the technical details, showing a proof of concept for the exploit and how an attacker might locate a place in the application to use it. It also looks behind the scenes at the code that handles the request and shows where the issue lies. The post ends with a look at "weaponizing" the exploit and executing whatever code you'd like on the server.

tagged: drupal security issue drupalgeddon2 indepth technical detail

Link: https://research.checkpoint.com/uncovering-drupalgeddon-2/

php[architect]:
April 2018 Issue Release - Testing In Practice
Apr 04, 2018 @ 12:55:59

php[architect] magazine has published its latest issue (April 2018): Testing in Practice. This month's edition includes articles such as:

  • PHPUnit Worst Practices by Victor Bolshov
  • Easier Mocking with Mockery by Robert Basic
  • Testing Strategy With the Help of Static Analysis by Ondrej Mirtes
  • Evolved PHP by Chris Pitt

The usual columns have also returned covering adding auth to a Laravel application, creating a training program at work, isolation in production and serverless systems. If you're curious to see what the content is like, they've also provided a free article to give you a taste: Testing Strategy With the Help of Static Analysis

You can find out more about this issue (or pick up a copy of your own) over on the php[architect] website.

tagged: phparchitect april2018 issue release

Link: https://www.phparch.com/2018/04/testing-in-practice-april-2018/

php[architect]:
March 2018 Issue Released - Long Running PHP
Mar 02, 2018 @ 13:16:54

php[architect] magazine has announced the publication of their latest issue, the March 2018 edition: Long Running PHP.

Some of the articles featured in this issue include:

  • "PHP Daemons and Long-Running Processes" by Tim Lytle
  • "Evolving PHP" by Chris Pitt
  • "Containers Are a Pile of Lies! Part Two" by Larry Garfield
  • "Hands on With Accessibility" by Derek Binkley

Other topics mentions in the usual columns cover the Lumen framework, code reviews, signed Git commits, running a user group and the use of Twitter for PHP development. You can check out the full list of articles in this latest issue and get a copy of your own on the php[architect] site. If you're interested in the content of the issue, be sure to check out this month's free article.

tagged: phparchitect magazine march2018 longrunningphp issue release

Link: https://www.phparch.com/magazine/2018-2/march/

php[architect]:
January 2018 Issue Released - Setting up to Succeed
Jan 08, 2018 @ 11:27:15

php[architect] magazine has posted about the release of their first issue for 2018 - "Setting Up to Succeed" for January.

Setting Up to Succeed includes articles on:
  • Background Processing & Concurrency With PHP by Matthew Schwartz
  • Securing Your Site in Development and Beyond by Michael Akopov
  • Don’t Wait; Generate! by Ian Littman
  • PHP Sessions in Depth by Jeremy Dorn

    Joe Ferguson’s looks at Laravel’s Collection class in Artisanal: Using Data Collections. If you’re looking to hire this year, read The Dev Lead Trenches: Finding Someone New by Chris Tankersley. In Education Station, Edward Barnard takes over and looks at What is a Real Programmer? James Titcumb says Thank You, OSS Maintainers in Community Corner. Eric Mann explains why logging is an OWASP Top Ten 2017 ASR in Security Corner: Updates to the OWASP Top Ten—Logging. To start 2018, Eli shares his New Year’s Resolutions in finally{}.

As with all previous issues, if you'd like to "try before you buy" they've offered a free sample article, the tutorial from Jeremy Dorn covering PHP sessions in depth. You can pick up a copy of this issue for your own on the php[architect] site or subscribe for a full year of PHP goodness with either a digital or print subscription.

tagged: phparchitect magazine january2018 success issue release

Link: https://www.phparch.com/magazine/2018-2/january/

php[architect] Podcast:
Episode 4: Modern Magento
Dec 07, 2017 @ 11:25:52

The php[architect] podcast, hosted by PHP community members Eric van Johnson and John Congdon, has posted their latest episode today: Episode 4 - Modern Magento.

In this episode, we dive into the November 2017 issue and how to use Magento as your ecommerce platform.

Topics covered include debugging, contributing to Magento, payment gateways and headless applications. Oscar Merida and Eric Mann also stop in to talk about development environments and PCI-DSS. You can listen to this latest episode either using the in-page audio player or by downloading the show directly for listening at your leisure. If you enjoy the episode, be sure to subscribe to their feed to get updates when new shows are released.

tagged: podcast phparchitect magento ep4 november2017 issue

Link: https://www.phparch.com/podcast/episode-4-modern-magento/

php[architect]:
December 2017 Issue Released - Talking Code
Dec 05, 2017 @ 11:56:35

The php[architect] magazine has released their latest issue for December 2017 - Talking Code. Articles in this latest issue include:

  • "Chatbots and PHP" by Katy Ereira
  • "Artificial Intelligence (AI) - The Future of Internet Services" by Kesha Williams
  • "Command and Query API Design in Magento 2" by Michiel Rook
  • "Learning Machine Learning, Part Three: Data Wrangling" by Edward Barnard

The usual columns are all returning including the Education Station, he Dev Lead Trenches and Security Corner. You can check out this issue and the rest of the articles on the issue's page on the php[archtect] website. If you'd like a sample of what's inside, be sure to check out this free article from (Eric Mann* covering one of the latest security-related features added in PHP 7.2: native libsodium support.

tagged: phparchitect magazine december2017 talkingcode issue release

Link: https://www.phparch.com/magazine/2017-2/december/

php[architect]:
November 2017 Issue Released - Modern Magento
Nov 07, 2017 @ 11:30:20

php[architect] magazine has released their latest issue - the November 2017 edition, "Modern Magento".

Articles in this month's issue include:

  • 11 Debugging Tricks in Magento by Sergii Kovalenko
  • Editing the Magento Core For Fun and Profit by Joshua Warren
  • Command and Query API Design in Magento 2 by Igor Miniailo
  • Headless and Serverless: Writing Modern PHP Applications by Eugene Tulika

All of the usual columns are returning too including the "Education Station", "Community Corner" and "Artisanal". This month's issue is completely free to give you an idea of what kind of content you can expect from the magazine. You can pick up a copy of your own (or subscribe for the year) over on the php[architect] site.

tagged: phparchitect magazine november2017 modern magento issue release

Link: https://www.phparch.com/magazine/2017-2/november/

Facile.it Engineering Blog:
Is it all PHP OPCache's fault?
Oct 05, 2017 @ 10:49:39

In a new post to the Facile.it Engineering Blog author Salvatore Cordiano wonders if it's all PHP OpCache's fault when it came to an issue they were seeing post-deploy.

Upon migrating to a new infrastructure we started experiencing cache issues after each deploy: as we refreshed pages that were updated by the new release, we didn’t see the right content for a very short period of time. Initially, we wrongly assumed that the cause of this issue was the PHP OPcache extension but, after our investigation, we understood that real path cache was the culprit.

He starts from the beginning (a good place to start) and gives some background on the application they were working with and what they were trying to correct. After they deployed the newly pushed version wouldn't show when the pages loaded for a little while. He covers the deployment process they use and the commands/scripts they use. They started wondering if it was somehow PHP's own Opcache functionality that was caching the pages and not releasing them right away. They made some updates to their deployment process to try to resolve this.

After some investigation, however, it was discovered that the realpath caching was at fault. It wasn't updating the cache to point to the newly released files. In order to correct the issue, they tinkered with the php.ini settings related to the cache to disable it when the code is pushed.

tagged: opcache realpath cache deployment issue tutorial

Link: https://engineering.facile.it/blog/eng/realpath-cache-is-it-all-php-opcache-s-fault/

php[architect]:
October 2017 Issue Released - Composing Software
Oct 04, 2017 @ 11:19:48

php[architect] magazine has an announcement on their site about the release of the latest edition of the publication, the October 2017 issue: Composing Software.

Articles in this month's edition include:

  • Managing Private Dependencies by Andrew Cassell.
  • Alain Schlesser writes about Uncommon Ab(Uses) of Composer.
  • Read about Building Software that Lasts by Susanne Moog.
  • Continue Building Software that Lasts by Edward Barnard.

The usual columns return as well - Education Station, Artisanal, The Dev Lead Trenches (and many more). You can pick up a copy of your own directly from the site, either opting to get the single issue or a year-long subscription. If you want to "try before you buy" and see what the content is like, you can check out this free article about managing private Composer dependencies.

tagged: phparchitect magazine october2017 composing software issue release

Link: https://www.phparch.com/magazine/2017-2/october/