Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP.net:
PHP 5.6.18 & 5.5.32 Released
Feb 05, 2016 @ 09:49:31

On the main PHP.net site they've officially announced the release of the latest versions in the 5.6.x and 5.5.x series: PHP 5.6.18 and PHP 5.5.32.

The PHP development team announces the immediate availability of PHP [5.5.32 and 5.6.18]. This is a security release. Several security bugs were fixed in this release. All PHP [5.5 and 5.6] users are encouraged to upgrade to this version.

As always you can download this latest release from either the main downloads page or from windows.php.net for the Windows binaries. If you'd like to see exactly what was fixed in these releases, check out the full Changelog.

tagged: language version security bugfix upgrade

Link: http://php.net/archive/2016.php#id2016-02-04-3

Rasmus Lerdorf:
Upgrading PHP on the EdgeRouter Lite
Jan 26, 2016 @ 10:30:33

Rasmus Lerdorf has shared a post to his site detailing how he upgraded his EdgeRouter Lite router (hardware) to use PHP 7 for the uI handling and processing, upgrading it from the PHP 5.4 it came installed with.

After nearly 7 years of service I retired my Asus RT-16 router, which wasn't really a router, but a re-purposed wifi access point running AdvancedTomato. In its place I got a Ubiquiti EdgeRouter Lite. It is Debian-based and has a dual-core 500MHz 64-Bit MIPS CPU (Cavium Octeon+), 512M of ram and a 4G removable onboard USB stick for < $100. The router is completely open and, in fact, any advanced configuration has to be done from the command line. The Web UI has been improving, but there are still many things you can't do in it. In other words, exactly the type of device I prefer.

He made use of the open platform the router has to upgrade both the PHP installation and a bit of the web UI code to make things work happily with PHP 7. There's just three steps in his process:

  • Getting a Big-Endian MIPS64 build of PHP 7
  • Configuration (php.ini)
  • Fixing broken stuff

The "broken stuff" in this last item was only a few small changes that needed to be made to the web UI code for raw POST data fetching and session writes. He ends the post with a little summary of the performance post-changes and some about the opcode handling and memory use per request.

tagged: router edgerouter ui version language install upgrade configuration bigendian mips64 php7

Link: https://toys.lerdorf.com/archives/59-Upgrading-PHP-on-the-EdgeRouter-Lite.html

Laravel News:
Laravel Release Process
Jan 21, 2016 @ 09:22:33

On the Laravel News site they've posted about the framework release schedule for the next few minor version releases and the support levels each will include.

At Laracon 2013 in Washington D.C., Taylor announced the first official release cycle for the framework. [...] By having an official release cycle, it allows us as end users to plan around when we need to perform upgrades and also the dev team a way of knowing what is coming and when. Since this announcement all new releases have followed this schedule.

He talks briefly about the 5.1 release of the framework and how it changed up the flow by adding long term support (two years for bugfixes, three for security). He then outlines the release schedule from the 5.1 LTS release out to 5.5, the next LTS release. This is only a guideline for now and could possibly change in the future but at least it gives an idea of the schedule of things to come.

tagged: laravel framework release process schedule longtermsupport version

Link: https://laravel-news.com/2016/01/laravel-release-process/

Lorna Mitchell:
Relying on A Dev-Master Dependency in Composer
Dec 23, 2015 @ 10:52:51

In this post to her site Lorna Mitchell makes an interesting point about relying on libraries/packages that recommend using dev-master as the target of choice when installing via Composer. It started from a Tweet and lead to more discussion. She share some of that and more about her own thinking in this post.

If your project installation instructions recommend requiring dev-master in composer, I may need to reconsider my choice of package. [...] I got a few responses asking me to expand so I thought I would take the opportunity to write more than 140 characters on this topic.

She talks about the types of dependencies she prefers to add to her systems and how, usually, the code that lives in dev-master is not actually what's desired. It could be in any state after all - broken or correct. She points out three places where she'd see this kind of dependency as "okay" but points out that they are rarely seen in a mature project. She ends with a recommendation to users to look for dev-master entries in their own composer.json files and replace them with a release to prevent issues in the future.

tagged: devmaster composer dependency reliance version stable

Link: http://www.lornajane.net/posts/2015/relying-on-a-dev-master-dependency-in-composer

Laravel News:
Laravel 5.2 is released!
Dec 22, 2015 @ 11:12:47

The Laravel News site has posted about the release of Laravel 5.2, the next minor release in the 5.x series of the framework. Along with this release comes several new features and additions to current ones:

Laravel 5.2 is now officially released and available to everyone. This release features multiple authentication driver support, implicit model binding, simplified Eloquent global scopes, opt-in authentication scaffolding, middleware groups, rate limiting middleware, array validation improvements, and more.

He then gets into a bit of detail about these new features added including:

  • Auth Scaffolding
  • Implicit model binding
  • Laravel 5.2 Form Array Validation
  • Database Session Driver
  • Middleware Groups
  • Rate Limiting

There's brief code examples for each of the items (where needed) and links back to the documentation for more information on the feature's use.

tagged: laravel news release framework version v52

Link: https://laravel-news.com/2015/12/laravel-5-2-is-released/

Matt Stauffer:
Form array validation in Laravel 5.2
Dec 17, 2015 @ 11:23:35

Matt Stauffer has kicked off a new series on his blog about some of the new features in Laravel 5.2 and how to use them effectively. In this first part of the series he looks at form array validation and using it on more complex form submissions.

Form array validation simplifies the process of validating the somewhat abnormal shape of data HTML forms pass in when the array syntax is used. If you're not familiar with it, a common use case is when you allow a user to add multiple instances of the same type on one form.

[...] But how do we validate this? Prior to 5.2, it's a bunch of manual work. Now, Laravel understands this nesting structure and can validate against it uniquely.

He compares the new validation handling with a standard validator (for a single text string) and shows how a "dot" (period) notation can be used to define the more complex rules. You can even use asterisks for wildcard making at any level. Definitely a nice addition to the validation handling in the framework.

tagged: form validation array laravel5.2 version wildcard complex tutorial series part1

Link: https://mattstauffer.co/blog/form-array-validation-in-laravel-5-2

Zend Developer Zone:
On Security and PHP
Dec 14, 2015 @ 10:23:46

On the Zend Developer Zone Cal Evans has posted an article about a topic that's always hot in any development community - security. In his post, "On Security and PHP", he comments on some recent metrics reported by a larger application security company and provides a bit more realistic view into the world of PHP security (and some possible downfalls of their metrics).

Yet another consultant group has decided that their traffic stats are too low so they need to “shake things up a bit”. As usual, they picked PHP as the whipping boy. No, I am not going to link to them; too many people are already doing that unironically. [...] So we have a consulting group that has discovered that compiled languages have fewer security issues than dynamic languages. In other news, water is wet. This insight isn’t a revelation to anyone who has worked with a compiled language.

He also points out the leap they make between the PHP-related results to the two pieces of software that power a large part of the web, WordPress and Drupal. He mentions the recent installation statistics published by Jack Skinner and how, when it boils down to keeping the actual language secure, nothing is better than keeping things patched. Cal summarizes the current state of things (and where we should be heading) well:

We can all agree that PHP code used to be notoriously insecure due in part to it’s low point of entry, but so was the entire Internet. As we learn, we are writing better and more secure code. Sadly reports like the one highlighted here do nothing more than perpetuate old stereotypes. The truth is that yes, PHP code has flaws, much like Python code, node.js code, and Ruby code. We’ve got fewer this year than last, and hopefully, we will have fewer next year. We are getting better. Sadly, not all applications get better at the same rate. Some people just will not bother to patch old code. That is not a language problem, that is a people problem. (It doesn’t lessen the importance of the problem, but let’s at least properly identify it)
tagged: security zenddeveloperzone development language version

Link: http://devzone.zend.com/7052/on-security/

Symfony Blog:
Improving the Symfony Release Process
Dec 11, 2015 @ 10:49:10

On the Symfony blog there's a new post from Javier Eguiluz talking about improvements to the Symfony release process that will be starting with the 3.0.0 stable release (already release so already in place).

The Symfony Release Process is arguably one of the best selling points of the Symfony project. Thanks to our predictable and transparent process, companies can plan years in ahead their Symfony integration.

The recent launch of Symfony 2.8, which will be the last minor version of the 2.x branch, made us think about further tweaks in the release process. That's why during his past SymfonyCon Paris 2015 keynote, Fabien Potencier announced the new Symfony release process.

The main changes for the process are around how many minor versions will be published, standard vs long term support status of these releases and the timing of major/minor releases. With this schedule in place, it's projected that Symfony 4 will be released in November of 2017.

tagged: symfony release process improvement schedule minor major version

Link: http://symfony.com/blog/improving-the-symfony-release-process

Jack Skinner:
PHP Version Roundup - PHP Install Statistics for 2015
Dec 09, 2015 @ 10:43:49

Jack Skinner has posted his latest "roundup" results of the most popularly installed versions of PHP across the web. In the post he looks through the percentage of installations for each version and how many are "secure" (currently supported and in a popular/stable linux distribution).

Last year, Anthony Ferrara posted an excellent round up of PHP versions in the wild, specifically focusing on the volume of un-patched versions running production websites. Even as an estimate it was an eyeopening moment for many people.

Using data from w3techs and, while the raw data isn't posted, what's there is good enough for an estimation. He talks some about the definition of "secure" in the context of the results and lists the current versions of several popular linux distributions and the versions they support. His results are then grouped by minor release and created some graphs for the results to help with visualization. The remainder of the post shares these results for PHP versions 5.6, 5.5, 5.4, 5.3 and yes even 5.2/5.1. The results end with overall numbers/graphs of the most widely installed versions and what percentage of those are considered "secure". With PHP 7 just released the results are a little discouraging but it is good to see things trending the right way since last year's results.

tagged: version roundup install popular language secure linux supported w3techs

Link: https://developerjack.com/blog/2015/12/09/php-version-roundup/

Community News:
Slim Framework v3.0.0 Released
Dec 08, 2015 @ 12:51:17

The Slim Framework project has officially announced the release of the next major version of their popular microframework: Slim 3.0.0.:

We are delighted to release the first stable version of Slim 3, 3.0.0 following a series of release candidates. [...] Slim 3 is a major update with all parts of the framework updated.

New features in this major version release include:

  • the change to a container-interop compatible dependency injection system
  • complete PSR-7 support
  • an update to internal classes to code against interfaces rather than concrete classes
  • route callback binding to $this (the Container instance)

They've also gotten rid of some of the "cruft" that had built up over previous versions and slimmed down (pardon the pun) the codebase making it even simpler and more component driven. They've posted installation instructions to help you get started and a simple skeleton application you can drop in and be up and running quickly.

tagged: slim3 framework microframework release announcement major version

Link: http://www.slimframework.com/2015/12/07/slim-3.html