PHP Annotated Monthly – August 2018

Roman Pronskiy

Hello everyone! PHP Annotated Monthly is back in the game. This issue recaps news and notable materials of the last month. Read about PHP 7.3.0 Beta 3, Composer 1.7, and other releases, accepted PSR-17, Laravel Nova, an overview of Yii 3.0, a lot about async PHP including alternative Fiber API, security in PHP, a portion of useful tools, and many more!

⚡️ News & Releases

• PHP 7.3.0 Beta 3 — The last beta in the cycle. The next release will be RC 1 on September 13. Full changes list of 7.3. For extension developers, there is a list of changes in the internal API.
  Check out what’s New in PHP 7.3 in a thorough post or quickly overview in 30 seconds in diffs.
• PHP 7.2.9
• PHP 7.1.21
• PSR-17: HTTP Factories — The new standard is officially accepted. It defines interfaces of factories for creating HTTP-objects that are compatible with PSR-7.
• Composer 1.7

🐘 PHP Internals

• [RFC]: Typed Properties 2.0 — The proposal is postponed until the next major release of PHP. Meanwhile, Dmitry Stogov shared benchmark results of overhead for this feature.

🛠 Tools

• phpstan/phpstan — Powerful static analysis tool. See what’s new in v0.10 in Ondřej Mirtes’ talk.
• nbs-system/snuffleupagus — Security module for PHP 7 inspired by oldy Suhosin. Prevents running potentially harmful code in runtime.
• adsr/phpspy — Low-overhead sampling profiler for PHP 7.
• php-enqueue/enqueue-dev — Message queue tool with many transports support AMQP (RabbitMQ, ActiveMQ), STOMP, Amazon SQS, Redis, Doctrine DBAL, Filesystem, MongoDB. As well as frameworks Symfony, Laravel, Yii, and Magento.
• DavidBelicza/PHP-Science-TextRank — TextRank algorithm implementation for automatic text summarization.
• soluble-io/soluble-mediatools — Wrapper around ffmpeg for working with mediafiles.
• maxbeckers/amazon-alexa-php — Library for developing Amazon Alexa skills. Alternative to phoice/phlexa-expressive-skeleton.
• spiral/roadrunner — High-performance PHP application server, load-balancer, and process manager written in Golang. You may also use it to run PHP on AWS Lambda.
• formapro/pvm — Powerful tool for describing workflows, business processes, and state machines. UI is also available.
• adhocore/phint — Helps to generate a new project skeleton from a template.

Symfony

• A week of Symfony #608 (20-26 August 2018)
• How to build a scalable Symfony application on Kubernetes
• 9 Features of Symfony Plugin You Should Not Miss in Gifs
• Defining dynamic access rules in a database
• Executing database migrations at scale with Symfony and Doctrine

Yii

• Overview of upcoming Yii 3.0
• yiigist.com — Directory of Yii packages.
• degree757/yii2-s — One more attempt to run Yii2 on Swoole. Alternative to deepziyu/yii2-swoole.

Laravel

• Laravel Nova — Taylor Otwell announced a paid administration panel for Laravel. Check out Taylor’s demo at Laracon, and the getting started post. Additional packages are available on novapackages.com.
• imanghafoori1/laravel-heyman — Аuthorization and validation in a fluent interface and human language.
• swooletw/laravel-swoole — Running Laravel on top of the Swoole async engine. Alternative to https://github.com/hhxsv5/laravel-s.
• About MySQL views and using them with Laravel Eloquent
• Handling inbound emails in Laravel with Mailgun
• Tutorial Laravel + JWT
• Building a Password Less Authentication System with Laravel Signed Routes
• Style guide and best practices for Laravel

Async PHP

• concurrent-php/ext-async — Actively developed alternative implementation of fiberphp/fiber-ext. Besides low-level Fiber API, the extension includes managing async tasks capabilities.
• PHP Roundtable Podcast #076: Concurrency, Generators & Coroutines
• ReactPHP Tutorial #11: Using PSR-15 Middleware — See full series of ReactPHP tutorials.
• clue/reactphp-csv — Streaming CSV parser. Intro post.

CMS

• Early Rendering: A Lesson in Debugging Drupal 8
• Magento Tech Digest #29: Aug 20 – Aug 27, 2018

🚨 Security

• Remote Code Execution on packagist.org — Critical vulnerablity allowed running code on the server by passing a special string instead of URL to a new package adding form. Already fixed.
• Creating a PHP extension backdoor
• New PHP exploitation technique — (Not so) long time ago unserialize() used to be a constant source of vulnerabilities. It’s been more than a year though since issues in it are not considered security problems. The post is about vulnarability of phar:// stream wrapper.
• Analysis of vulnerability in Swoole PHP [CVE-2018-15503]
• Nicolas Grekas: RFC for a Secure Unserialization Mechanism in PHP
• How and Why Developers Use Asymmetric (Public Key) Cryptography in Real-World Applications.

Misc

• Never type hint on arrays
• Best practices on commenting code
• On negative architecture — Or the rules that will guarantee that specific problems cannot occur in your codebase.
• When to add an interface to a class
• Service locator: an anti-pattern
• Don’t clone your PHP-objects — use myclabs/DeepCopy
• Refactor Your PHP legacy Code (real projects examples)
• Domain Objects Without Behavior? The Case of the Anemic Domain Model
• Bitmask Constant Arguments in PHP
• Evolution of PHP developer in pictures

🎥 Audio & Video

• SymfonyLive San Francisco 2017
• Laracon US 2018 Videos

Thanks for reading!

Your JetBrains PhpStorm Team
The Drive to Develop

Subscribe to PHP Annotated

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. ("JetBrains") may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we've got you!