News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stanislav Malyshev:
unserialize() and being practical
November 04, 2014 @ 10:49:40

Stanislav Malyshev has a new post to his site talking about his proposal for a filtered unserialize change and why he sees it as a practical next step.

I have recently revived my "filtered unserialize()" RFC and I plan to put it to vote today. Before I do that, I'd like to outline the arguments on why I think it is a good thing and put it in a somewhat larger context. It is known that using unserialize() on outside data can lead to trouble unless you are very careful. Which in projects large enough usually means "always", since practically you rarely can predict all interactions amongst a million lines of code. So, what can we do?

He touches on three points that would make it difficult to just not use it this way (on external data) including the fact that there's not really any other way to work with serialized data in PHP. He suggests that by adding filtering to the unserialize handling of the language it can protect from issues around working with serialized external data.

Is this a security measure? [...] Yes, it does not provide perfect security, and yes, you should not rely only on that for security. Security, much like ogres and onions, has layers. So this is trying to provide one more layer - in case that is what you need.
0 comments voice your opinion now!
unserialize rfc filter practical security reasons

Link: https://php100.wordpress.com/2014/11/03/unserialize-and-being-practical/

Anthony Ferrara:
What's In A Type
October 24, 2014 @ 13:55:39

In a new post to his site Anthony Ferrara takes on the topic of typing in PHP, discussing some of the main ideas around the current typing scheme and the discussions being have about potential changes.

There has been a lot of talk about typing in PHP lately. There are a couple of popular proposals for how to clean up PHP's APIs to be simpler. Most of them involve changing PHP's type system at a very fundamental level. So I thought it would be a good idea to talk about that. What goes into a type?

He starts at the highest level, covering what "typing" is in general and some of the tradeoffs that come with being a strongly typed versus weakly typed language. He then gets into PHP's two "semi-independent type systems" - one for objects and one for everything else. He includes some code examples to illustrate and how, for the non-object handling, context means everything for how the types are switched. He also talks about polymorphism, the chaos that could come from scalars becoming objects and a current RFC suggesting the addition of "safe casting" functions to PHP to provide less "magic" when shifting values from one type to another.

0 comments voice your opinion now!
type switching casting rfc proposal function weak strong

Link: http://blog.ircmaxell.com/2014/10/whats-in-type.html

Pascal Martin:
September 2014 on internals@php
October 07, 2014 @ 09:35:15

Pascal Martin has posted his latest edition of the happenings on the PHP internals mailing list for the month of September. In this latest edition he covers some of the major topics discussed this past month including:

  • the "Implicit isset() in Shorthand Ternary Operator" RFC (or, as it came to be known, the "Null Coalesce Operator" RFC)
  • An RFC for a "loop + or control structure"
  • an opinion to make PHP 7 transtyping operations more strict
  • the RFC to "Remove alternative PHP tags"
  • another RFC proposed to "Fix list() behavior inconsistency"

There's links to lots of other topics and various messages on the list including lots of other RFCs and plenty of discussion around them. Check out the full post for more great information and links around last month's php.internals happenings.

0 comments voice your opinion now!
internals september mailinglist sept2014 summary rfc discussion

Link: http://blog.pascal-martin.fr/post/php-mailing-list-internals-september-2014-en

Phil Sturgeon:
The Neverending Muppet Debate of PHP 6 v PHP 7
July 24, 2014 @ 10:18:14

Phil Sturgeon has posted about something he calls the "neverending muppet debate of PHP 6 versus PHP 7. As the PHP language moves forward, the PHP 5.x series is coming to a close. The discussion as started up whether to name it "PHP 6" or "PHP 7" and both sides have their proponents.

There are a few major, important conversations happening in the PHP internals mailing list as we speak: The Facebook lot heading up a specification based off of PHP 5.6 Should phpng be moved into master to be the base of the next major PHP version How can we best go about scalar typehinting? There is also another conversation: Should it be PHP 6 or PHP 7 Wait... what?

He goes on to provide a little context, pointing out that back in 2010 PHP 6 was being slated for release as the next major version of the language (this was around the PHP 5.2 days). Unfortunately, it stalled out and some of what was planned went into PHP 5.3. This didn't stop publishers from releasing books and articles about "PHP 6" though. It's already being put up for a vote with "PHP 7" pulling ahead. Phil also includes more context around the discussions, sharing the main points of each side and snippets from the RFC and mailing list thread currently ongoing.

0 comments voice your opinion now!
debate php6 php7 naming internals rfc version

Link: http://philsturgeon.uk/blog/2014/07/neverending-muppet-debate-of-php-6-v-php-7

Daniel Cousineau:
PHPRFC Internals Logo
July 23, 2014 @ 09:32:56

As anyone who subscribes to the php.internals mailing list knows, there can be a lot of drama around some of the discussions for the future of the language, both in its features and surrounding technical concerns. Daniel Cousineau has posted a lighter take on some of this drama and is issuing his own "RFC" for a proposed mascot for internals - the DramaLlama.

Branding and PR is an increasingly important factor in programming language viability and adoption. Visible instability in the core team is off-putting to large organizations who depend on long term reliability and support and only encourages them to look to languages and tools with more stable and professional core teams. This RFC proposes that the PHP core team get ahead of the issue and introduce a logo, separate from the public facing project, to provide a sense of professionalism that is lacking. I humbly submit the DramaLlama as the superior candidate.

His proposed mascot, shown here, bears the PHP logo on the side of a cartoon purple llama. As Daniel puts it, the llama is a "proud, capable animal" that can deal with a lot and still stand up under a heavy burden.

By not adopting a logo, the PHP core team risks losing the respect and trust of the end user community. However it could be argued that the core team has survived without this and could do so indefinitely.

The post is practically dripping with sarcasm, but it's a good mood-lightener around some of the drama that can come from the clash of multiple personalities in the PHP internals community.

0 comments voice your opinion now!
rfc internals logo funny llama dramallama mailing list

Link: http://dcousineau.com/blog/2014/07/22/phprfc-internals-logo/

Derick Rethans:
No to a Uniform Variable Syntax
July 17, 2014 @ 09:32:15

There's been an RFC that's recently made it through the voting process and was approved for inclusion in PHP6, the uniform variable syntax handling. When these changes are put into effect, some of the odd syntax you had to use for things like variable variables will be cleared up and standardized. However, Derick Rethans stood out as the only "no" vote, here's why...

As you might have heard, PHP developers voted on an RFC called "Uniform Variable Syntax". This RFC "proposes the introduction of an internally consistent and complete variable syntax". In general, this RFC argues for making PHP's parser more complete for all sorts of variable dereferences. [...] Thirty people voted for, and one against: Me. Does that mean that I am against a unified variable syntax? No, I am not. I am actually quite a fan of having a consistent language, but we need to be careful when this hits existing users.

He points out that there's known backwards compatibility breaks in the changes and this breaks the semantics of the language. While the BC breaks are understood, Derick suggests that this is one of the worst changes a language can make: "...and this is exactly why people whine that PHP breaks BC and does not care about its users".

0 comments voice your opinion now!
rfc uniform variable syntax against vote semantics language

Link: http://derickrethans.nl/uniform-variable-syntax.html

Three Devs & A Maybe Podcast:
The PHP-FIG/RFC, CodeIgniter 3 and PyroCMS with Phil Sturgeon
June 16, 2014 @ 09:42:13

The Three Devs & A Maybe podcast has released a new episode, #29 - The PHP-FIG/RFC, CodeIgniter 3 and PyroCMS with Phil Sturgeon with (obviously) guest Phil Sturgeon.

This week we are lucky to have the one n' only Phil Sturgeon on the show. Starting off conversation with how he got into programming, we move on to his time using and contributing to the CodeIngiter and FuelPHP projects. This leads us on to discuss the current status of CodeIgniter 3.0 and his experiences with porting PyroCMS to Laravel. Among other things we then touch upon the 'Wordpress positive feedback loop', the PHP-FIG (Framework Interop Group) and the PHP-RFC (Request for Comments) process. We wrap up the show with some sound and interesting advice to any budding/new developer.

Besides Phil's own background and PyroCMS they also talk about CodeIgniter, PHP: The Right Way, methods on primitive types and PHPBridge. You can listen to this episode either using the in-page player or by downloading the mp3. You can also subscribe to their feed for this and other great shows.

0 comments voice your opinion now!
threedevsandamaybe podcast ep29 phpfig rfc codeigniter philsturgeon

Link: http://threedevsandamaybe.com/posts/the-php-fig-rfc-codeigniter-3-and-pyrocms-with-phil-sturgeon/

Evert Pot:
HTTP/1.1 just got a major update.
June 10, 2014 @ 11:23:57

While not specific to PHP, the HTTP specification that defines how web applications talk has gotten a major update in its latest version. In his latest post Evert Pot summarizes some of these changes and how they'll impact the work you're doing.

The IETF just published several new RFCs that update HTTP/1.1 [...] These documents make the original specification for HTTP/1.1 obsolete. As a HTTP geek, this is a big deal.

These new RFCs include definitions of standards around message syntax and routing, conditional requests, authentication, the 308 status code and the forwarded HTTP extension. Evert gets into the details of some of the changes, pointing out the major changes first and places where ambiguity has been resolved. He also includes a list of other "interesting things that have changed" in these new specs including clarifications around dealing with unexpected whitespace, the removal of the default charset of ISO-8859-1 and that the 204, 404, 405, 414 and 501 status codes are now cacheable.

0 comments voice your opinion now!
http11 http specification rfc update summary

Link: http://evertpot.com/http-11-updated/

Pádraic Brady:
PHP 5.6 and SSL/TLS Getting Better But Will PHP Programmers Actually Use It?
January 31, 2014 @ 11:24:32

In his latest post Pádraic Brady looks at a new addition to PHP (well, to be included in the next release) related to the SSL/TLS handling it provides in streams. He's happy to report that things are improving. This commit integrated an RFC allowing for TLS perr verification in PHP streams.

The RFC reverses PHP's course and provides PHP streams with defaults that enable both peer verification and host verification. The patch implements the RFC and it lets PHP leverage the local system's own certificate stash (e.g. Debian's ca-certificates) where possible to avoid PHP having to distribute a bundle of its own and while also assisting in backwards compatibility. [...] Once we have a PHP streams/sockets system with a passable level of default security, the rest will be left to programmers on the ground to change their practices.

With this new functionality coming in PHP 5.6, he strongly encourages developers to change how they're currently doing things and embrace this new verification to keep their code safer.

0 comments voice your opinion now!
ssl tls php56 programmer peer verification rfc

Link: http://blog.astrumfutura.com/2014/01/php-5-6-and-ssltls-getting-better-but-will-php-programmers-actually-use-it/

PHP Town Hall:
Episode 12 Awesome RFCs and Yolo
September 12, 2013 @ 11:54:43

The PHP Town Hall podcast has released their latest episode, #12, Awesome RFCs and YOLO:

Silex and PHP contributor Igor Wiedler joins Ben and Phil to talk about his recently accepted RFC: Importing namespaced functions along with a bunch of other super-nerdy things that he has been working on.

There's also mentions of other RFCs like the variadics and argument unpacking proposals. You can listen to this latest episode either through the in-page player or by downloading it directly. You can also subscribe to their feed to get the latest episodes.

0 comments voice your opinion now!
ep12 rfc yolo igorwiedler podcast phptownhall

Link: http://phptownhall.com//blog/2013/09/11/episode-12-function-autoloading/


Community Events





Don't see your event here?
Let us know!


library tool laravel update composer version language symfony voicesoftheelephpant series security release introduction package podcast framework mvc opinion community interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework