PHP Annotated – February 2021
Greetings everyone,
In this edition of PHP Annotated, you can read about the latest release of PHP, updates of PSR standards, and the new RFC proposals. As usual, we’ve curated a collection of PHP-related articles, tools, videos, and streams to share with you.
⚡️ News
- PHP 8.0.2, 7.4.15, 7.3.27
The 8.0 and 7.4 updates include a variety of bug fixes, as well as a security fix for the SoapClient. The 7.3 branch received only the security fix.PHP 7.2 and earlier versions of PHP are no longer supported. If you are using an older version, please consider upgrading to PHP 7.4.
- PHP-FIG published updates for PSR-6 and PSR-13 standards.
Each received two new versions, as defined in the PSR evolution plan.In both cases, the first version adds types to the arguments and the second adds them to the return values. The updates require PHP 8 because they use union types and
static
for the return type.PSR-6 diff: 1.0.0 vs 3.0.0.
PSR-13 diff: 1.0.0 vs 2.0.0.As users of those PSR, you can start supporting the original & the first of those two releases right away & 2nd+3rd afterwards; example:
psr/link:^1.0 (now, 1.1 already compatible!)
psr/link:^1.1|^2.0 (then)psr/cache: ^1.0 (now)
psr/cache: ^1.0|^2.0
psr/cache: ^2.0|^3.0— PHP-FIG (@phpfig) February 4, 2021
- PhpStorm 2021.1 Early Access Program has started – Be the first to try out the new features for the upcoming release.
- Developer Ecosystem Survey 2021 from JetBrains
It’s quite long, but it includes a PHP section. Check last year’s results for some additional PHP insights:
🐘 PHP Internals
- [RFC] Object keys in arrays
Nikita Popov suggests making it possible to use objects as keys in regular arrays.$obj1 = new stdClass; $obj2 = new stdClass; $array = []; $array[$obj1] = 1; $array[$obj2] = 2; var_dump($array[$obj1]); // int(1) var_dump($array[$obj2]); // int(2)
The reason for the proposal is the fact that in RFC Enumerations, the values of enums are objects. And therefore it would not be possible to use them as array keys.
But the consequences of such a change are significant, as every function that accepts an array would have to expect not just integer or string keys.
- [RFC] Object scoped RNG Implementations
Therand()
andmt_rand()
functions for generating pseudorandom numbers will produce the same sequence for the same seed valuesrand()
. But they use global state, which means it’s not possible to create multiple generators with different seed values and use them simultaneously.Go Kudo proposes adding an object API to work with pseudo-random sequence generators to solve the global state problem.
$seed = 1234; $rng = new RNG\MT19937($seed); $array = [1, 2, 3, 4, 5]; shuffle($array, $rng);
If you need cryptographically secure random numbers, then you should use random_bytes() or random_int().
- [RFC] Change Default mysqli Error Mode
As part of the improve mysqli initiative, this RFC suggests the first step to make the “exception throwing mode for errors” the default one. Currently, this result is achieved by adding the following call:mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
Some of the major open-source users of mysqli are CodeIgniter, WordPress, and phpMyAdmin.
- Inheritance Cache
Dmitry Stogov presented a pull request in which he implemented inheritance caching.The cache improves the performance of a Symfony "Hello World" application by 8%. And you don’t need to do anything to get it. Just update your version of PHP and make sure opcached is enabled.
- [RFC] Property Accessors ! early draft !
Nikita created a draft proposal for accessors, that is separate getters/setters for each property.The RFC suggests adding several features.
The ability to declare asymmetric access modifiers:class User { public string $name { get; private set; } // или вот так public string $prop { public get; private set; } }
The ability to declare read-only properties:
class Test { // Read-write property. public $prop { get; set; } // the same as `public $prop;` // Read-only property. public $prop { get; } }
The ability to add validation with the keyword
guard
:class User { public string $name { guard { if (strlen($value) === 0) { throw new ValueError("Name must be non-empty"); } } } }
The ability to use the lazy keyword for
lazy
initialization:class Test { public string $somethingExpensive { lazy { return computeSomethingExpensive(); } } }
In 2013, a similar proposal was discussed for PHP 5.5, but it failed in the vote.
At the moment, this is still a super early draft that hasn’t even been discussed in Internals, so let’s wait for the official announcement.
- 🗳 [RFC] var_representation() : readable alternative to var_export()
Thevar_export()
function has long been the subject of complaints. At the very least there was an RFC with a suggestion to change the array syntax fromarray( )
to[ ]
.Now this is a proposal to simply introduce a new function,
var_representation($value, int $flags=0) :string
, which corrects the deficiencies ofvar_export()
. - 🗳 [RFC] Enumerations – Voting on the enums has begun and looks quite promising.
- ✅ [RFC] Array unpacking with string keys – Accepted for PHP 8.1.
- ❌ [RFC] Dump results of expressions in `php -a` – Declined.
- New in PHP 8.1 – An overview of the new features in PHP 8.1 from Brent Roose that is updated with the changes as they are made. If you want even more details, check the list of changes on php.watch.
You can also follow new RFCs and votings at PHP RFC Watch.
🛠 Tools
- fabpot/local-php-security-checker – Checks composer.json for dependencies with known vulnerabilities. The FriendsOfPHP/security-advisories is used as a vulnerability database.
- funivan/PhpClean – A plugin for PhpStorm that adds a lot of interesting inspections, like declaring types everywhere, not having extra comments, and using composition instead of inheritance. Learn more in the intro post.
- wasmerio/wasmer-php – WebAssembly runtime for PHP. The extension allows you to run and use any wasm binary from PHP. For example, you can take a Rust library, compile it to Wasm, and use it on any platform from PHP just like a Composer package. The performance is also quite good. You can learn more about it in this blogpost.
- temporalio/sdk-php – Despite being a work in progress, this is already a very interesting PHP-SDK for temporal.io, an event-sourcing engine that is used by Uber.
Here is an example of a cumulative transaction:
Details
#[Workflow\WorkflowInterface] class LoopWorkflow { private array $values = []; private array $result = []; private $simple; public function __construct() { $this->simple = Workflow::newActivityStub( SimpleActivity::class, ActivityOptions::new()->withStartToCloseTimeout(5) ); } #[SignalMethod] public function addValue( string $value ) { $this->values[] = $value; } #[WorkflowMethod(name: 'LoopWorkflow')] public function run( int $count ) { while (true) { yield Workflow::await(fn() => $this->values !== []); $value = array_shift($this->values); $this->result[] = yield $this->simple->echo($value); if (count($this->result) === $count) { break; } } return $this->result; } }
It uses RoadRunner and reactphp/promise under the hood.
- vimeo/php-mysql-engine – MySQL query simulator (engine) in pure PHP. In a post about the tool, Matt Brown talks about how implementing this engine has made running tests in Vimeo twice as fast.
- cweagans/composer-patches – A plugin for Composer that allows you to apply patches to dependencies. This is useful if your changes are too specific and don’t make sense as a full-fledged pull request for a package/framework, and you don’t want to maintain a fork.
Symfony
- chaos-php/chaos-monkey-symfony-bundle – A Chaos Monkey analog for Symfony apps. It recreates all sorts of extreme situations to test the application for stability.
- A week of Symfony #736 (February 1-7 2021)
- Elasticsearch – the right way in Symfony.
Laravel
- Laravel adds parallel testing capabilities out of the box based on paratestphp/paratest. Read this blog post about adapting the tests to run in parallel.
- Laravel: New Release Schedule – A major version will now be released once a year instead of every 6 months. The schedule is available at laravelversions.com.
- 📺 Building a multi-domain multi-tenant SaaS app with JetStream by Julien Bourdeau.
- 📺 Laravel Worldwide Meetup #5: Hotwire in Laravel (Tony Messias), Single Database Multi Tenancy (Kevin McKee).
Yii
- New components of the upcoming Yii 3: yiisoft/i18n, yiisoft/request-body-parser, yiisoft/cache, yiisoft/arrays.
💡 Misc
- Getting started with mutation testing.
- Colliding PHP arrays – Interesting post on how you can use the fact that arrays in PHP are hash tables to perform a DoS attack.
In 2011, Nikita wrote a similar post on how inserting 2^16 = 65536 values into a PHP array can take 30 seconds instead of the expected 0.01 seconds.
- php.watch: PHP Curl Security Hardening – This article identifies places that could be insecure when using cURL in PHP and discusses how to protect yourself.
- Build a Telegram bot in PHP and test it locally with beyondcode/expose.
- How to build a dynamic GitHub profile with GitHub Actions and PHP.
- Webshell was hidden in an infected PHP script in whitespace characters – Analysis of a backdoor found on a compromised server.
- Contract Tests — How to write tests to ensure consistent behavior across all implementations of an interface.
- Benchmarks of different frameworks and CMSs with PHP 5.6, 7.*, and 8.0.
📺 Videos
- 8 Things You’ll ❤️ About PHP 8 by Gary Clarke.
- Xdebug 3: Diagnostics – What to do when Xdebug does not work.
- Refactoring PHP Platform – LiveStream #3 from Christoph Rumpel.
- How to use the terminal in PhpStorm by Christoph Rumpel.
Check out Christoph’s upcoming course: Mastering PhpStorm. - Live-coding a Bref Queue – A stream from Matthieu Napoli, author of Bref.
- Creating generative art with PHP and profiling with Blackfire.io.
- PHP Release Radar:
• Episode 2: PHP 8 – With Sara Golemon and Gabriel Caruso discussing 8.0, the basics of the PHP extensions, and the different ways to participate in the project.
• Episode 3: Psalm 4 – With Matt Brown, the author of Psalm.
• Episode 4: XDebug 3 – With Derick Rethans.
🔈 Podcasts
- PHP Ugly podcast:
• #222: – PHP Security Tools.
• #221: – The PHP Big Short. - PHP Internals News podcast:
• #73 – With Larry Garfield about Enums.
• #74 – About the Fibers with Aaron Piotrowski, Amphp maintainer.
Thanks for reading!
If you have any interesting or useful links to share in the next installment of PHP Annotated, please leave a comment on this post or send me a tweet.
Your JetBrains PhpStorm team
The Drive to Develop