Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Symfony Finland:
Why have Controllers as Services in Symfony?
Feb 29, 2016 @ 09:13:05

On the Symfony Finland blog there's a post that talks about Symfony controllers and services and how making the controllers services instead could be beneficial.

Controllers are quite straightforward in their actions (ha-ha) and simply take requests and return responses. The concept of a services is simple too, it's technically just a PHP object that performs a task over and over again somewhere in your application.

[...] Using services for tasks repeating in multiple locations of your application undoubtedly makes sense, but why should you shrinkwrap your controllers into a service? If you look at the official Symfony Demo Application does not do this. So why should yours?

Once again he uses the eZ Platform software to illustrate the point, describing how it packages up the controllers into services, including the configuration required to make it work. He shows how the dependency injection works and how controllers/services can call actions in other controllers/services easily.

tagged: controller service symfony ezplatform tutorial configuration yaml

Link: https://www.symfony.fi/entry/why-have-controllers-as-services-in-symfony

Loïc Faugeron:
The Ultimate Developer Guide to Symfony - Routing
Feb 17, 2016 @ 10:38:40

Loïc Faugeron has posted the next part of his "Ultimate Developer Guide" series covering individual Symfony components. In this new article he details the routing component.

In this guide we explore the standalone libraries (also known as "Components") provided by Symfony to help us build applications. We've already seen: HTTP Kernel and HTTP Foundation [and the] Event Dispatcher. We're now about to check Routing and YAML.

He starts with a basic overview of the component and what kind of top-level handling it provides. He describes the UrlMatcherInterface and its role in the routing process and a simple collection of Route instances that implement it. Then he gets into the YAML component, providing a simple example defining the routes for your application. He shows how it's converted from the YAML structure into a PHP-based (array) output and is then dumped into a RouteCollection to define the resulting routes.

tagged: symfony routing ultimate developer guide tutorial series yaml

Link: https://gnugat.github.io/2016/02/17/ultimate-symfony-routing.html

Toptal.com:
True Dependency Injection with Symfony Components
Jan 20, 2016 @ 10:37:39

On the Toptal.com blog there's a recent post about true dependency injection with Symfony between components in your application and only using the dependency injection container for its intended purpose.

Symfony2, a high performance PHP framework, uses Dependency Injection Container pattern where components provide a dependency injection interface for the DI-container. This allows each component to not care about other dependencies. [...] But this means DI-container can be used as a Service Locator.

[...] In this article we will try to build a Symfony2 application without implementing Service Locator pattern. We will follow one simple rule: only DI-container builder can know about DI-container.

They start off by talking about the structure of the dependency injection container and how it relates to the three main types: controller, method and property injections. He then starts in on creating the sample project and requiring only the Symfony DI, configuration and Yaml components. He then creates a ContainerBuilder class and sets up the HttpKernel functionality to pull the response from the container. He then makes a simple controller with a default action that just responds with text. With this working he updates it to pull in an input variable. He then makes updates to the application with changes to the route handing, templating (Twig), Doctrine (database) and tag handling.

tagged: dependency injection di symfony component framework router yaml container tutorial httpkernel

Link: http://www.toptal.com/symfony/true-dependency-injection-symfony-components

ServerGrove Blog:
Linters for PHP projects
Jun 03, 2015 @ 12:34:53

In a new post to the ServerGrove blog they look at linting tools for various circumstances including standard PHP, Twig templates and Composer configuration.

Today’s projects are built up from dozens of different components, configuration files, third-party libraries, tests, build scripts, etc. And even if you have the greatest test suite, bad things can happen sometimes. It’s important to catch bugs as early as possible, and syntax validators can be a great (and easy) addition to your continuous integration system. You would be surprised at how many problems are caused by syntax errors. At ServerGrove, we see these kind of problems with our clients almost every day.

Their list shows you how to lint (syntax check) several different types of content:

  • standard PHP code
  • Twig templates
  • Composer configuration
  • XML files
  • Bash scripts
  • JSON files
  • YAML files

Some of them use tools that already come built-in (like PHP's "-l" or Twig's "twig:lint") but others require the use of external software such as xmllint or melody. Command examples are also included for each.

tagged: lint project types twig bash composer xml json yaml tools

Link: http://blog.servergrove.com/2015/06/02/linters-php-projects/

SitePoint PHP Blog:
Getting Started with Symfony2 Route Annotations
Nov 06, 2014 @ 09:27:25

On the SitePoint PHP blog today there's a new tutorial posted that gets into the details on one of the powerful (and most used) components of the Symfony framework, the Router, and how to interact with it via annotations. Symfony's route annotations allow you to define functionality at the controller level or via a YAML configuration file.

When you download the Standard Symfony 2 Distribution, it includes an interesting bundle named SensioFrameworkExtraBundle which implements a lot of great stuff, especially the opportunity to use annotations directly within your controllers. The idea behind this article is not to convice developers to embrace this way of doing, but to point the finger at an alternative method to easily configure controllers. Keep in mind that there is no magic recipe, it depends on what you need in each specific scenario. Symfony 2 implements a strong built-in component to manage all the routes of an application: the Routing Component. Basically, a route maps a URL to a controller action.

His example sets up a simple blog and compares the two ways of configuring the routing: one side putting it all in the YAML configuration and the other in the controller docblocks (annotations) themselves. He adds a base page for showing the listing of posts and a single article route, complete with slugs. He also shows how to add in some additional configuration handling to do things like set default values, making things required and enforcing the HTTP method on the request (GET, POST, PUT, etc)

tagged: route annotations introduction docblock tutorial yaml configuration settings

Link: http://www.sitepoint.com/getting-started-symfony2-route-annotations/

Gonzalo Ayuso:
Building a Pimple/Container from a YAML file
Sep 29, 2014 @ 10:54:10

In a recent post to his site Gonzalo Ayuso shows how to create a Pimple container (a dependency injection container) from a YAML configuration definition using a simple handler already included in Pimple.

[In a conversation with Máximo Cuadros about Dependency Injection Containers] I said that I prefer Symfony´s DIC instead of Pimple, mainly because its configuration with YAML (or even xml) files. But In fact we can customise Pimple/Containers with YAML files in a similar way than we do it with Symfony’s DIC. In this example we’re going to see one way to do it.

While Pimple does come with the "Container" functionality to make this happen, Gonzalo points out that using it this way violates several of the SOLID design principles. Instead, he offers an alternate solution - using the Config component from Symfony to handle the creation of the container using an already established YAML format. He includes an example YAML configuration structure, the matching Pimple code for it and a code sample showing how the YAML is parsed into the same result. You can find the code on his GitHub account if you're interested in the full structure.

tagged: pimple symfony container solid config yaml dependencyinjection

Link: http://gonzalo123.com/2014/09/29/building-a-pimplecontainer-from-a-yaml-file/

ServerGrove Blog:
Symfony2 components overview: Config
Feb 21, 2014 @ 12:13:57

The ServerGrove blog has a new post today in their Symfony2 component spotlight series, this time focusing on the Config component.

After a few weeks, we continue with the Symfony2 components series. This time we are going to be talking about the Config component, which helps you to load and validate configuration values, regardless of their source.

They show how it can be used to parse YAML files and give a basic overview of its architecture. Sample code is included for a "blog generator" example that parses the given YAML structure and a loader to pull in the file. The component also includes caching functionality for larger configurations and allows you to define multiple loaders for different sources.

tagged: symfony2 component overview config yaml tutorial

Link: http://blog.servergrove.com/2014/02/21/symfony2-components-overview-config

Gonzalo Ayuso:
Scaling Silex applications (part II). Using RouteCollection
Mar 06, 2013 @ 09:21:31

Gonzalo Ayuso has posted a second part of his look at scaling Silex (here's part one). In this new article he shows how to use the RouteCollection functionality instead of defining the routes in the DI configuration.

In the post Scaling Silex applications I wanted to organize a one Silex application. In one comment Igor Wiedler recommended us to use RouteCollections instead of define the routes with a Symfony’s Dependency Injection Container. Because of that I started to hack a little bit about it and here I show you my outcomes:

He includes example code for creating the application, setting up the main "routes.yml" file with some defaults and two other files for routes in other parts of the site - "api" and "blog". Then he makes the controllers related to these three sections with basic actions catching each of the routes. The source for the entire thing is over on github.

tagged: silex scaling application tutorial routercollection yaml

Link:

Gonzalo Ayuso:
Scaling Silex applications
Feb 12, 2013 @ 09:54:54

Gonzalo Ayuso has posted yet another helpful Silex hint for those using this microframework and wanting to scale up their applications past the prototype stage - an extension to allow route definition in a YAML configuration.

My idea is to store this information within a Service Container (we will use Symfony’s DIC). For example here we can [define] our routes.yml. [...] We need to implement one Extension for the alias “routes”. We only will implement the needed functions for YAML files in this example.

He includes the code for the extension ("SilexRouteExtension") that can be used to parse the "routes.yml" file to inject the custom routing into your application. This includes the pattern to match, the controller to route it to and the target method. You can also set some requirements like the request method (in this case "GET").

tagged: scale silex extension yaml route configuration file

Link:

Pádraic Brady:
Getting Ahead In Security By Watching The Neighbours
Jan 18, 2013 @ 11:53:52

In his latest post Padraic Brady talks some about the recent security issues that happened with Ruby on Rails that allowed for remote code execution and how, if you use code blindly, you could be in for a similar fate.

Code execution vulnerabilities are, by definition, hideous monsters. The ability for external inputs to enter an execution context (i.e. injecting or manipulating code that is executed on the server) can be difficult to spot through the haze of convenience that such machinations are often designed to deliver. In Rail’s case, that convenience was to automatically cast data entries in XML or YAML inputs into Ruby types including, unfortunately, Symbols and Objects.

These types of “buried” code execution vulnerabilities are still easy to locate in PHP, at least, because you are still restricted to normal code execution pathways in the absence of Ruby’s dark magic, e.g. eval(), include(), require_once(), system() and, let’s not forget, unserialize().

He talks about how, if you're not careful with the code (third party libraries) that you use in your applications - or don't adhere to good security practices in your own - you could be vulnerable to a similar style of attack. After some investigation on his part, he discovered an issue related to this in the Symfony2 YAML parser (now fixed with a new release).

To summarise…

Pay attention to competing applications or frameworks – their problems may also be your problems. If you’re worried about arbitrary code execution vulnerabilities then audit your code. You can even, as a sanity check, use grep to find uses of functions like eval(), unserialize(), etc and analyse where their parameters’ might originate from.

tagged: rubyonrails security vulnerability code execution yaml symfony2

Link: