Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Changes coming to the Laravel release cycle
Dec 05, 2016 @ 09:20:35

On the Laravel News site there's an announcement posted about a change in the Laravel release schedule, an update from the original 2013 announcement.

Yesterday, Taylor announced on Twitter that this is going to be changing to a January and July cycle, pushing each release out a month from its current schedule.

This has two primary advantages for the development team and the first is it allows more time for testing after Symfony’s release. The second advantage is it’ll better coincide with Laracon, the yearly Laravel conference.

This means a bit of a delay on the release of the next major version of the framework (v5.4) but only by one month. The six month cycle will then resume after that slight delay. You can find out more about the remainder of the release cycle in the original post based on Taylor's comments at Laracon 2013.

tagged: laravel release cycle update taylorotwell delay symfony laracon

Link: https://laravel-news.com/release-cycle-changes

PHP.net:
PHP 5.6.28 Released
Nov 14, 2016 @ 12:12:58

The PHP.net site has posted the official announcement about the latest release in the PHP 5.6.x series: PHP 5.6.28:

The PHP development team announces the immediate availability of PHP 5.6.28. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

Fixes included in this release relate to:

  • core language functionality
  • GD image manipulation
  • fixing an overflow in the IMAP functionality
  • a SQLite issue fetching an integer as a string

As always, you can get this latest release from either the main downloads page (for source packages) or windows.php.net for the Windows binaries. As a reminder, the active support for the PHP 5.6.x series will be ending at the end of 2016 (December 31st) so there's never been a better time to upgrade to PHP 7.

tagged: language release php56 security update download

Link: http://php.net/index.php#id2016-11-10-3

Tumblr Engineering Blog:
PHP 7 at Tumblr
Nov 11, 2016 @ 13:07:07

The Tumblr Engineering blog has a new post with details about how they made the switch to PHP 7 in their previously PHP 5 codebase (and some of the things they learned along the way).

At Tumblr, we’re always looking for new ways to improve the performance of the site. This means things like adding caching to heavily used codepaths, testing out new CDN configurations, or upgrading underlying software.

Recently, in a cross-team effort, we upgraded our full web server fleet from PHP 5 to PHP 7. The whole upgrade was a fun project with some very cool results, so we wanted to share it with you.

They start off with the timeline of events, starting with the original hackday project out through the final PHP 7 deployment in production less than a year later. They cover some of the testing methods they employed during the transition and the impact of the update on their application on request latency, CPU load and memory usage. They wrap up the post talking about some of the PHP 7-specific things they made use of in their update including anonymous functions and scalar type hinting.

tagged: tumblr php7 update php5 hackday project testing performance

Link: https://engineering.tumblr.com/post/152998126990/php-7-at-tumblr

Zend Developer Zone:
WordPress updates Plugin Guidelines
Nov 11, 2016 @ 12:55:11

The Zend Developer Zone has a new post with information about some updates from the WordPress project about what plugin authors must do to be compliant with the rules of the WordPress Plugin Directory.

After five years, the WordPress plugin team has updated the Plugin Guidelines. These are the guidelines that WordPress plugin authors must comply with to be included in the WordPress Plugin Directory.

The guidelines were soft-launched last month so that they could be vetted by the larger plugin developer community community. On November 1st, 2017, they were officially announced “Revised Guidelines Are Live” by Mika Epstein.

Overall, these guidelines are good. They are solid, well communicated and clear to anyone who reads them.

The ZDZ post focuses in on just two of the guidelines that were updated with a few brief thoughts in each:

  • #4. Keep your code (mostly) human readable
  • #9, The plugin and its developers must not do anything illegal, dishonest, or morally offensive

They point out that, while the intent is good for #9, the term "morally offensive" is very broad and could be interpreted in many ways by many different groups.

tagged: wordpress plugin update directory official guidelines

Link: https://devzone.zend.com/7331/wordpress-updates-plugin-guidelines/

Paragon Initiative:
Guide to Automatic Security Updates For PHP Developers
Oct 25, 2016 @ 12:51:21

On the Paragon Initiative blog they've posted a guide to handling automatic security updates for PHP developers, helping to prevent security-related issues by keeping your libraries up to date.

Most of the software security vulnerabilities known to man are preventable by careful development practices. [...] However, even if you're trying to do everything right, eventually we all make mistakes and ship exploitable software.

[...] By making updates manual rather than automatic, you're forcing your customers to take all the responsibility for making sure that your mistakes don't hurt their business. Only a very small minority of your customers might prefer the responsibility of verifying and applying each update themselves. [...] Automatic security updates reduce the interval between points 2 and 3 from possibly infinite to nearly zero. That's clearly a meaningful improvement over manual patch management.

The post then walks through the aspects of a secure automatic update system that includes offline cryptographic signatures, transport layer security and separation of privileges (who will perform the actual update). The author gets into a bit of detail for each item on the list, explaining how the system should be set up and some tools you can use to start working up the process in your own applications.

tagged: automatic security update developers tutorial system

Link: https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers

TutsPlus.com:
Internationalizing WordPress Projects: Updates With WordPress 4.6
Oct 13, 2016 @ 12:07:47

TutsPlus.com has posted the latest in their "Internationalizing WordPress" series today, focusing on some of the changes that have come with the release of WordPress 4.6.

Throughout this series, we've covered exactly what you need to do to internationalize your WordPress projects. If you've not read any of the previous posts, I recommend checking them out.

Though there have been some changes to how internationalization and localization work in WordPress 4.6, that doesn't mean the previous tutorials are irrelevant. It just means that the way you opt to distribute your plugins and their localizations will change.

And that's what we're going to be covering in this tutorial.

You'll need to be caught up on the series before following along with this article. It defines some of the basics and gets your WordPress install in a certain state. Then they get into the changes with the WordPress update including a brief overview of how the internationalization and localization functionality now works and the idea of "just-in-time" translations.

tagged: wordpress update internnationalization localization version

Link: https://code.tutsplus.com/tutorials/internationalizing-wordpress-projects-updates-with-wordpress-46--cms-27155

Jason McCreary:
Update PHP on Mac OS X
Sep 20, 2016 @ 10:15:26

Jason McCreary has posted an update to his guide for installing PHP on Mac OS X and replacing the version of PHP that comes with El Capitan (5.5) with a handy package manager more specific to PHP installations.

As noted in my posts on Installing Apache, PHP and MySQL on Mac OS X, OS X comes pre-installed with Apache and PHP. Unfortunately, as of Mac OS X 10.11 (El Capitan) the pre-installed version of PHP is still 5.5. As PHP 5.5 has reached end of life, I imagine the pre-installed version of PHP will be updated with Mac OS 10.12 (Sierra). However, it may only be PHP 5.6.

So what do you do if you want to upgrade or install a different PHP version on your Mac? Well, you could use Homebrew. But I found a pre-packaged alternative - PHP OSX.

With this package manager, the installation is only a few steps but he lists them out with a bit more detail to help you understand what's happening:

  • Installing PHP (your choice of version)
  • Configuring Apache (loading the php5 shared module)
  • Updating your PATH
  • Configuring PHP
tagged: osx update language version package simple installation tutorial

Link: http://jason.pureconcepts.net/2016/09/upgrade-php-mac-os-x/

Pascal MARTIN:
Series - Introduction to PHP 7.1 (Update)
Sep 15, 2016 @ 09:42:57

Pascal Martin has made the tenth post in his series covering PHP 7.1 and how it differs from previous versions. While this series was previously mentioned there have been significant updates to the series warranting a new post.

Here is the full list of the current ten articles he's written up so far:

There's lots of good information about this upcoming minor release in each of these articles as well as an interesting view into the release process for a new PHP version.

tagged: types enhancements testing overview preview articles series php71 update

Link: https://blog.pascal-martin.fr/post/php71-en-introduction-and-release-cycle.html

Joe Ferguson:
Solidify Fragile Tests
Sep 05, 2016 @ 11:43:27

In this post to his site Joe Ferguson gives some advice on solidifying tests in your system that are a bit more fragile. Every test suite of any larger size has these kinds of tests - ones that usually pass but sometimes fail (and then pass just fine on the next run).

On my first week at the new job I was tasked to fix some tests that were logging data. While the fix was simple enough, by using `PsrLogNullLogger as Logger` instead of `MonologLogger` in the test, during the process I ran into another test that appeared quite fragile.

He gives an example of a fragile test, one based on a method that returns a "food" value, that would potentially fail if the data returned is not in the right order. He found the issue was with the use of the assertArraySubset check and how, thankfully, the fix was as easy as changing the assertion (and using an array_diff to help with the check).

tagged: solidify fragile tests unittest check assertion update

Link: https://www.joeferguson.me/solidify-fragile-tests/

Sculpin Blog:
Deprecating Phar Distribution and Embedded Composer
Sep 02, 2016 @ 12:18:29

On the Sculpin blog Beau Simensen has posted an update about a change in how the project will be released in the future, most notably deprecating the phar release and switching to an embedded Composer installation.

If you are currently using a globally installed phar distribution for Sculpin you should migrate to a per-project Composer installed version of Sculpin as soon as you can. [...] Any plans for Sculpin 3 would have required reworking the phar build and distribution process

In typical programmer fashion, I let myself get bogged down in the details of eventually needing to deploy Sculpin 3 phar builds rather than working on Sculpin 3. What little time I had to spend on Sculpin last year was sunk on solving this problem. [...] The last officially available Sculpin phar is not compatible with PHP 7.

He talks about his earlier goals to make v3 of Sculpin PHP 7-only but, in the process of the work to get to that point, several roadblocks came up preventing it. He talks about self-updating phars and finally realizing that, for the good of the project, a move to the embedded Composer setup is the best method for keeping dependencies in sync. He ends the post with the steps you'll need to take to migrate from the phar release to the managed version and an example commit of how the Sculpin site itself was migrated.

tagged: sculpin static generator project phar embedded composer update

Link: https://blog.sculpin.io/2016/08/31/deprecating-phar-distribution-and-embedded-composer