Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Nicolas Grekas:
RFC for a Secure Unserialization Mechanism in PHP
Aug 24, 2018 @ 15:40:04

On his Medium.com site Nicolas Grekas talks about a new RFC that's been proposed to provide a safer method for serializing and unserializing values in native PHP functionality.

PHP serialization/unserialization has several drawbacks. [...] To mitigate these security issues, the unserialize() function handles an allowed_classes option since PHP 7.0. Implementing Serializable has this security-mitigation advantage of allowing authors to filter the allowed classes in the subgraph managed by their objects. This feature is only a mitigation because not all use cases know all the possible classes beforehand.

He starts by listing out some of the issues with both the current implementations of serialization and unserialization in PHP. From there he makes a proposal for some new functionality to help make things a bit more sane:

  • a __serialize magic method
  • a new S type representing serialized data
  • a new __unserialize magic method
  • automatic protection around destructors during the unserialization process

He finishes up the post talking about some of the expected benefits of this kind of functionality and a few of the extra considerations that would need to be thought through as a part of the implementation.

tagged: serialize unserialize rfc proposal functionality overview

Link: https://medium.com/@nicolas.grekas/rfc-for-a-secure-unserialization-mechanism-in-php-ee4c7fd01c88

Symfony Finland:
MySQL 8.0 released with new features and improved performance
Apr 25, 2018 @ 11:57:45

On the Symfony Finland site they cover a recent announcement from MySQL about the release of their latest version: MySQL 8.0. In this post they cover some of the new features and performance improvements that come with this new version.

The MySQL development team has announced the General Availability of the MySQL 8.0.0 Open Source database.

This is the version following MySQL 5.7 that was released in late 2015 with interesting features like extensive JSON field support. Plenty of work has gone into this version as well and in an introductory post goes in-depth into all the enhancements.

The post includes a listing of eight topics (ironically) for the new updates including:

  • Support for Window functions, Common Table Expressions, NOWAIT and SKIP LOCKED, Descending Indexes, Grouping, Regular Expressions, Character Sets, Cost Model, and Histograms (SQL)
  • Geography support. Spatial Reference Systems (SRS), as well as SRS aware spatial datatypes, spatial indexes, and spatial functions.
  • Remote management, Undo tablespace management, and new instant DDL.
  • OpenSSL improvements, new default authentication, SQL Roles, breaking up the super privilege, password strength, and more.

Check out the rest of this post for more of the overview or MySQL's official announcement for the full details.

tagged: mysql8 release feature overview performance database

Link: https://symfony.fi/entry/mysql-8-0-released-with-new-features-and-improved-performance

Martin Hujer:
PHP 7.2 is due in November. What's new?
Sep 12, 2017 @ 10:15:58

In a new post to his site Martin Hujer looks ahead at the next major release for the PHP language - PHP 7.2 - and what new features and changes are coming with it.

PHP 7.2 is planned to be released on 30th November 2017 (see the timetable). And it comes with two new security features in the core, several smaller improvements and some language legacy clean-ups. In the article, I will describe what the improvements and changes are. I read the RFCs, discussions on internals and PRs on Github, so you don't have to.

Among the changes he lists are updates like:

  • Argon2 Password Hashing
  • Make Libsodium a Core Extension
  • Object typehint
  • Counting of non-countable objects

He also lists out some of the things that will be deprecated in 7.2 including parse_str without a second argument, create_function, mbstring.func_overload and asset with a string argument. You can check out these and other other changes coming (along with code examples) in the full post.

tagged: php72 language release upcoming feature deprecation overview

Link: https://blog.martinhujer.cz/php-7-2-is-due-in-november-whats-new/

Laravel News:
BotMan 2.0 PHP Chatbot Framework
Sep 01, 2017 @ 09:20:20

On the Laravel News site today there's a new post covering the release of BotMan v2.0, one of the more popular chatbot libraries for PHP.

BotMan is a framework agnostic PHP Chatbot framework designed to simplify the task of developing innovative bots for multiple messaging platforms, including Slack, Telegram, Microsoft Bot Framework, Nexmo, HipChat, Facebook Messenger, WeChat and many more.

BotMan 2.0 was released earlier this week with a bunch of improvements and exciting changes.

As a part of this new release, functionality was abstracted out into separate repositories making it easier to maintain those features without having to change core code. They then include an example of using the the library to create a simple chatbot that replies to a simple "hello" message. They also cover some of the more advanced features including middleware handling and natural language processing support. There's also a tool, BotMan Studio, that's included with the package to help make testing your chatbot script easier. The post wraps up with an example of using this to test the chatbot and a list of some of the other new features in v2.0.

tagged: botman chatbot framework release v2 overview example

Link: https://laravel-news.com/botman-php-chatbot

Delicious Brains Blog:
Grav CMS | Self-Hosted WordPress Alternatives Part 2
Aug 30, 2017 @ 11:52:33

On the Delicious Brains blog they've posted the second part of their series sharing some self-hosted alternatives to WordPress for your CMS needs. In this new article they focus on Grav.

When I started the Self-Hosted WordPress Alternatives series in July with a review of Craft CMS, there were several comments asking what I thought of Grav – an open source flat-file CMS that also has a really cool looking website.

I had never heard of Grav before, but was immediately drawn to it for a few reasons. It’s open source, which is one of the things that I really love about WordPress since it enables a much larger community to work on the project. And since it’s a file-only CMS, there is no database to mess around with which in theory could make development and migrations easier in the long run.

The tutorial then walks you through the installation process and some examples of it in use (including screenshots of the UI). He also covers the core architecture of the tool, theme usage, SEO integration and eCommerce solutions that play well with Grav. He finishes the post looking at the quality of the current documentation and what kind of pricing and licensing Grav comes with.

tagged: series part2 wordpress alternative grav flatfile overview

Link: https://deliciousbrains.com/grav-cms-self-hosted-wordpress-alternatives-part-2/

Fabien Potencier:
Symfony 4: Directory Structure
Apr 11, 2017 @ 11:53:59

Fabien Potencier continues his look at what's coming in the next major release of the Symfony framework (v4) in this new post to his site. In it he talks about changes to the default directory structure that Symfony 4-based applications will use.

Symfony 3 came with a slightly different directory structure than Symfony 2. Symfony 4 will also come with a reworked directory structure. Mostly incremental adjustments to support new features and best practices.

The Symfony 3 directory structure introduced a more standard Unix-like directory structure, with less sub-directories. Symfony 4 keeps going in that direction.

There's six changes he mentions specifically, each with a brief summary of what they'll contain:

  • Tests under tests/
  • Templates under templates/
  • Configuration under etc/
  • Source Code under src/
  • Temporary files under var/
  • Web files under web/

He ends the post with a quick note that, while these will be defaults, all of it is optional and these directories will be created automatically if they don't exist.

tagged: src etc template test structure directory symfony4 var web overview

Link: http://fabien.potencier.org/symfony4-directory-structure.html

Pascal MARTIN:
Series - Introduction to PHP 7.1 (Update)
Sep 15, 2016 @ 09:42:57

Pascal Martin has made the tenth post in his series covering PHP 7.1 and how it differs from previous versions. While this series was previously mentioned there have been significant updates to the series warranting a new post.

Here is the full list of the current ten articles he's written up so far:

There's lots of good information about this upcoming minor release in each of these articles as well as an interesting view into the release process for a new PHP version.

tagged: types enhancements testing overview preview articles series php71 update

Link: https://blog.pascal-martin.fr/post/php71-en-introduction-and-release-cycle.html

Pascal MARTIN:
Series - Introduction to PHP 7.1
Sep 08, 2016 @ 10:51:15

Pascal MARTIN has been in the process of posting a series of articles to his site covering the upcoming PHP 7.1 release including coverage of both new and deprecated features. So far there's four articles post with the latest coming out today:

A new minor version of PHP is just around the corner: PHP 7.1! Its release date is not really set yet, as it depends on the amount of bugs that will be reported and fixed on Releases Candidates, but it should happen before the end of this year. One year after PHP 7.0, this first minor release will bring its fair share of new enhancements!

Let’s take a look at those, going with about ten posts spread over the next few days.

So far he's covered:

Keep an eye on his site in the upcoming days for more pots in this series, helping you to prepare for the 7.1 release before it happens.

tagged: php71 series articles preview overview testing enhancements types

Link: https://blog.pascal-martin.fr/post/php71-en-introduction-and-release-cycle.html

Matt Stauffer:
Introducing Mailables in Laravel 5.3
Aug 05, 2016 @ 10:57:32

Matt Stauffer has posted the next in his "what's coming in Laravel 5.3" series today with this look at "mailables" to help make sending mail simpler in Laravel-based applications.

For the longest time, sending mail in Laravel has felt clumsy compared to the relatively light APIs of most other Laravel features. I'm not saying it's awful—it's still so much cleaner than its competitors--but it's often confusing to figure out what goes in the closure and what doesn't, what the parameter order is, etc.

Mailables are PHP classes in Laravel 5.3 that represent a single email: "NewUserWelcome", or "PaymentReceipt". Now, similar to event and job dispatching, there's a simple "send" syntax, to which you'll pass an instance of the class that represents what you're "dispatching"; in this context, it's an email.

He gives an example of the updated syntax for calling these "mailables", how to create them with the artisan command and their structure/usage. He also shows how to pass data into the object and some other included features (like customizing the delivery list, queuing and working with attachments).

tagged: mail sending laravel mailable class interface overview

Link: https://mattstauffer.co/blog/introducing-mailables-in-laravel-5-3

Robert Basic:
Events in a Zend Expressive application
Aug 05, 2016 @ 09:40:47

Robert Basic has written up a new post sharing a method he came up with for event handling in a Zend Expressive application. He makes use of Zend's own EventManager component to integrate it with some of his work from a previous post.

Three weeks ago I wrote a post on how to utilize Tactician in a Zend Expressive application. Today I want to expand on that post a little by adding the possibility to trigger and listen to events using the Zend EventManager component.

Using events allows our application to respond to different events that occur during a request.[...] This allows for a better separation of concerns in some cases, because if we take this approach, our code that deals with [the current functionality] doesn’t care any more what happens after that

He then gets into the code, showing how to install the EventManager component and how to create/inject an event manager into a current object (a Command). He then shows how to attach en event to the handler and perform an action when the event is hit. He points out one issue with this kind of setup, however: the need for all dependencies to be created prior to the event being attached. Fortunately the Zend EventManager comes with DI container support making it simpler to access dependencies needed during the firing of the event.

tagged: zendexpressive framework application event eventmanager tutorial overview introduction

Link: https://robertbasic.com/blog/events-in-a-zend-expressive-application/