Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Viva64.com:
Analysis of PHP7
Apr 29, 2016 @ 12:15:56

On the Viva64.com site they've posted the results of their own evaluation of PHP 7 in terms of both the source of the language itself and the libraries it makes use of.

Sometimes checking a project one more time can be quite amusing. It helps to see which errors were fixed, and which ones got into the code since the time it was last checked. My colleague has already written an article about PHP analysis. As there was a new version released, I decided to check the source code of the interpreter once again, and I wasn't disappointed - the project had a lot of interesting fragments to look at.

They start with a brief look at PHP 7 including when it was released, some of the features/functionality included and the tool they used to do the analysis. They talk about some of the difficulties in the analysis process and how the widespread user of macros tripped it up a bit. They includes some code examples from PHP's source and the warnings that their PVS-Studio returned. The post ends with a brief look at the third-party libraries PHP uses and the responsibility the project takes in including them.

tagged: php7 analysis language source scanner pvsstudio results

Link: http://www.viva64.com/en/b/0392/#ID0EWECK

PHP.net:
PHP 5.5.35, 5.6.21 and 7.0.6 Released
Apr 29, 2016 @ 08:29:36

On the main PHP.net site they've announced the latest releases of all currently supported versions of the language: PHP 5.5.35, 5.6.21 and 7.0.6. These are bugfix released with, among several others, security related corrections.

The PHP development team announces the immediate availability of PHP [5.5.35, 5.6.21 and 7.0.6]. This is a security release. Several security bugs were fixed in this release.

The PHP 7 release fixes two newly identified vulnerabilities: CVE-2016-3078 (Zip handling) and CVE-2016-3074 (GD functionality). As these are security releases it is highly recommended that you upgrade your current installations as soon as possible. You can get these latest versions from the main PHP.net downloads page or from windows.php.net for the Windows binaries.

tagged: language release bugfix security php55 php56 php7

Link: http://php.net

Pascal Martin:
INI directives are evil!
Apr 28, 2016 @ 12:58:40

In a new post to his site Pascal Martin shares some thoughts about why INI directives are evil, mostly in how they could be used to enable/disable major pieces of functionality in the PHP language.

A few times, while evolutions were discussed for PHP 7, someone suggested a new feature could be optional, depending on an INI configuration directive — the idea being each user could then enable it or not.

Still, the idea of directives that could change, sometimes deeply, the behavior of a programming language… It scares me!

He goes back in time a bit to talk about a feature like this that was once a part of the language (happily removed now): "magic quotes". He points out that, while the intent was to provide security to submitted data, the results were disastrous if it was moved to another server without the setting enabled. He also points out some of the steps that have to be taken when a new directive controlling a major feature is introduced - even worse if you're creating a product to run on other peoples' servers.

In any case, before suggesting "but they could allow us to enable or not this feature with a simple INI directive" for ideas as critical as a weak or strict typing mechanism, ask yourself: do you really want two languages with very distinct behaviors, and applications and libraries that work only on some combinations of configuration values?
tagged: ini directive feature language evil opinion

Link: https://blog.pascal-martin.fr/post/ini-directives-are-evil.html#fn:why-optionnal-feature

SitePoint PHP Blog:
Easy Multi-Language Twig Apps with Gettext
Apr 14, 2016 @ 12:55:08

The SitePoint PHP blog has a post from editor Bruno Skvorc showing you how to integrate gettext with Twig to make it easier to internationalize your application with multiple languages and strings.

There are many approaches for adding new languages to your application’s UI. Though some userland solutions like symfony/translation are arguably simpler to use, they’re slower than the good old native gettext by an order of several magnitudes.

In this tutorial, we’ll modify an English-only application to use gettext. Through this, we’ll demonstrate that getting internationalization up and running in an already existing app is not only possible, but relatively easy.

He starts with some of the bootstrapping you'll need to do to get the "nofw" project up, Twig installed and them hooked together. He briefly introduces gettext and how it's used in PHP (with the _() handling) and provides an example defining a locale and the language files to match. He shows how to generate the .pot files, add a new language and the code needed to hook in the Twig_Extensions_Extension_I18n extension. The post ends with some "bonus scripts" to help make things a bit simpler: bash scripts to hide some of the complexity of the process.

tagged: tutorial gettext internationalization i18n multilanguage language locale

Link: http://www.sitepoint.com/easy-multi-language-twig-apps-with-gettext/

SitePoint PHP Blog:
Contributing to PHP: How to Fix Bugs in the PHP Core
Apr 12, 2016 @ 10:37:27

On the SitePoint PHP blog Thomas Punt continues his series about how you can contribute back to the PHP language. In his previous post he talked about contributing to the PHP manual. In this latest part of the series he moves into something with a bit more complexity: contributing to the core of the language itself.

Previously, we covered contributing to PHP’s documentation. Now, we will be covering how to get involved with PHP’s core. To do this, we will be looking at the workflow for fixing a simple bug in the core.

Since submitting new features to PHP has already been explained pretty well, we will not be covering that here. Also, this article does not seek to teach PHP’s internals. For more information on that, please see my previous posts on adding features to PHP.

In this article he assumes you at least already have a working knowledge of the PHP source and how to locate/update code and execute it. He focuses instead on the bugfix process and workflow needed to:

  • find a bug to fix
  • create a test to reproduce the issue
  • use a debugger to find the exact spot where the problem is
  • and create a simple fix

In this case it's a pretty simple issue to correct, but there are much more complex things that would require more work than just a simple "if" check. This guide can help you get started on the correct workflow, however, and be sure you're handling things as the project expects.

tagged: contribute fix bug core language guide workflow test phpt

Link: http://www.sitepoint.com/contributing-to-php-how-to-fix-bugs-in-the-php-core/

PHP.net:
PHP 5.6.20 & 5.5.34 Released
Apr 01, 2016 @ 09:22:01

The main PHP.net site has officially announced the release of the latest versions in the PHP 5.5.x and 5.6.x series: PHP 5.6.20 and PHP 5.5.34.

The PHP development team announces the immediate availability of PHP [5.6.20 and 5.5.34]. This is a security release. Several security bugs were fixed in this release. All PHP [5.6 and 5.5] users are encouraged to upgrade to this version.

These releases fix issues in several parts of the language including Curl handing, Fileinfo, Mbstring and ODBC. You can get these latest versions from the main downloads page or windows.php.net for the Windows binaries.

tagged: language release php56 php55 bugfix security update download

Link: http://php.net/archive/2016.php#id2016-03-31-4

AppDynamics PHP Blog:
Predicting the Future of PHP Security – Part 3
Mar 24, 2016 @ 09:30:15

On the AppDynamics blog there's a post from Omed Habib where he looks at the current state of security in the PHP language and makes predictions about the future of it in PHP and where the language might be heading.

In some ways security is an infinite game of chess on a board the size of the world. For every move you make, the hackers have a countermove ready. They are highly motivated to take what you have, so the game never ends; it just switches players once in awhile. In this final blog in the series, we are going to review the game board, with a look at the most recent changes to security in PHP 7 and earlier supported versions. Then, we’ll try to look a few moves ahead with predictions for the future of PHP security.

In the article he talks about PHP's popularity and how it has somewhat worked against it and its reputation when it comes to secure development. He covers PHP 7 and some of the security-related updates that came with it including:

  • whitelisting classes on unserialize
  • the cryptographically secure random number generator
  • patches for buffer overflows and memory leaks

He ends the post looking at a possible future of the language based on comments made in this other article., suggesting that one possible place for the language to head is into the IoT (Internet of Things) space and interacting with the devices on the other end.

tagged: predictions security language php7 features patches iot direction

Link: https://blog.appdynamics.com/php/predicting-the-future-of-php-security/

Symfony Finland:
It's time to get creative with the Symfony Expression Language
Mar 21, 2016 @ 10:39:23

On the Symfony Finland site there's a post encouraging you to "get expressive" with the Symfony Expression Language. The Symfony Expression Language is a part of a component in the Symfony framework that allows for custom evaluation and action in the form of a specially formatted string.

Way back in November 2014 the Symfony team introduced the ExpressionLanguage component. It is essentially a simplified version of control structures that you use in the Twig templating language, producing a single value in the end.

The feature has a number of uses, but seems to be under utilized by the Symfony and PHP communities - especially in higher level functionalities. [...] I think there is a lot of room for developers to adopt the component in many different functionalities, not only for routing, access control and so on.

The post goes on to talk about expression languages in general and how they're present in other languages too (like Java with JUEL). He then shares a basic example evaluating the data in an array and getting back a pass/fail result.

tagged: symfony expression language tutorial introduction juel java

Link: https://www.symfony.fi/entry/its-time-to-get-creative-with-the-symfony-expression-language

Toptal Blog:
Introduction To PHP 7: What's New And What's Gone
Mar 14, 2016 @ 12:04:12

The Toptal blog has a new post talking about PHP 7 including some of the new things it includes (and what's gone from previous versions of the language).

One of the most exciting events in 2015 in the PHP world was the release of PHP 7, 10 years on from the release of the last major version, PHP 5. With a major step forward, PHP 7 introduces plenty of new features and performance upgrades. [...] This guide should serve as a quick tour on what to expect if you plan on moving your existing applications, or building new ones, on top of PHP 7.

He starts with a topic quite a few people wondered about - "where did PHP 6 go?". Following this he gets into some of the performance boosts that PHP 7 brings with it and updates to the "syntactic sugar" it offers developers to make their lives easier. He then gets in to the new features in this version like:

  • Scalar Parameter Types & Return Type Hints
  • Engine Exceptions
  • Anonymous Classes
  • CSPRNG Functions
  • Unicode Codepoint Escape Syntax

He finishes off the article looking at the migration from PHP 5 to PHP 7 and highlights some of the potential compatibility issues that could pop up during the migration.

tagged: php7 introduction features compatibility overview language php5

Link: https://www.toptal.com/php/php-7-performance-features

SitePoint PHP Blog:
Implementing the Range Operator in PHP
Mar 07, 2016 @ 12:55:47

The SitePoint PHP blog has a new tutorial posted (a repost from this article used with permission) about implementing a new operator in the PHP core language: a "range" operator. This operator allows the definition of a range of values (integer/float) as an internal PHP representation.

In the post below, Thomas Punt implements the range operator in PHP. If you’ve ever been interested in PHP internals and adding features to your favorite programming language, now’s the time to learn! This article will demonstrate how to implement a new operator in PHP. The following steps will be taken to do this: updating the lexer, updating the parser, updating the compilation stage and updating the Zend VM. This article therefore seeks to provide a brief overview of a number of PHP’s internal aspects.

He starts with a look at the range operator and how the intended functionality would work (including when the errors would be thrown). He then goes through the steps listed above and makes additions to the source, complete with the C code to make each change. The article is not only a good look at how to add a custom operator but also gives a good overview of the internals of PHP and how things fit together.

tagged: range operator implementation language c thomaspunt tutorial

Link: http://www.sitepoint.com/implementing-the-range-operator-in-php/