PHP Annotated Monthly – November 2014

PHP Annotated MonthlyTime flies! This is already the third installment of PHP Annotated Monthly, our monthly overview where we highlight the most interesting content from around the web, posted by developers like us.

In the past month we’ve learned that the HTML5 recommendation has become final and Docker is coming to Windows, some day. Great news, but there’s more awesome PHP news out there. Read more in this edition of PHP Annotated Monthly!


A fresh batch of PHP releases is available: PHP 5.4.34, PHP 5.5.18 and PHP 5.6.2 all come with security-related bugfixes. Check the changelog for more details.

A pull request has been submitted for PHP to support read-only properties (see RFC). It introduces a new readonly keyword which makes a property readable for everyone, but writable only to the containing object. Until now we had to hack this into our objects using the __get and __set magic methods, but having a readonly keyword would be so much cleaner. Let’s hope it gets accepted soon!

The PSR-0 autoloading standard has been deprecated in favor of the PSR-4 standard. It makes sense, as they both touch the same topic: autoloading, namespaces and paths.

If you want to know what is happening on PHP’s internals@ mailing list, Pascal Martin does a monthly blog post on noteworthy discussions, RFC’s and much more.

Unserializing objects from unknown data is always a risk. But sometimes we have to, for example when building libraries that may be used by others. How do we prevent PHP Object Injection in such cases? That’s where Stas Malyshev’s filtered unserialize() RFC comes in.

Peter Kokot made a nice overview of how PHP has evolved over the last 20 years.


A new Drupal 8 beta 3 will hit the Internet on Wednesday, November 12th. Drupal 7.32 has been released, containing a number of security fixes.

Symfony 2.6.0 beta 1 was just released, as always backward compatible but with a ton of new features. A number of debugging components have been added, as well as forms and validation improvements. A full list of changes is available from the announcement blog post.

Yii 2.0 is there, so now is a good time to read up on all that is new and what has changed. Three years of development have resulted in a lot of good things, like PHP namespaces, Composer and Bower integration, a dependency injection container and much more. Tuts+ also posted a tutorial on getting started with Yii 2.0.


Rafael Dohms blogged about version selection in Composer. He compares the different version constraints we can define in our composer.json file and what effect they have on the versions being installed and Composer performance.

More Composer: Peter Petermann wrote a post about how we can create project skeletons using Composer. A good read, as it definitely helps with not repeating the same tasks over and over again when starting new projects.

In any development community, not only PHP, there has been discussion about how to version REST APIs. Some prefer to version the URL, others say that versioning should happen in the HTTP headers. Flame wars and religious discussions aside, Willem-Jan Zijderveld does an excellent job explaining and implementing API versioning using the HTTP Accept header.

The FriendsOfPHP security advisories database is now public domain. It lists all security vulnerabilities reported in frameworks such as Doctrine, DomPdf, Laravel, SabreDav, Symfony, Swiftmailer, Twig, Yii and Zend Framework. We can upload our composer.lock to check if there are known security issues in our dependencies. Speaking of security… Vic Cherubini blogged about preventing SQL injection attacks.

Nicolas Scolari blogged about Symfony route annotations. He explains an alternate way of defining routes in our application, using annotations instead of YAML files. And Daniel Espendiller wrote an open-source plugin for PhpStorm to provide code completion and navigation for PHP annotations.

Gilles Crettenand covers functional programming in PHP. He explains what functional programming is, what advantages it has, and shows some examples in PHP. By showing us these examples, he shows that in functional programming all output depends solely on the input and makes code more readable and easier to understand.

What do we do when traveling to a country where the power outlets are different from the ones at home? Right! We use a travel adapter to make the socket compatible with a different interface. Guess what? That is exactly what the adapter pattern does for us when writing code.

Haven’t started with Vagrant? Aldo Ziflaj blogged about several ways to get started with PHP on Vagrant. He covers my favorite PuPHPet, which creates a Vagrant virtual machine configuration with just a few clicks. Protobox, Phansible and Rove are covered too. Not really in-depth, but a good starting point!

I find myself guilty of this when submitting talks, too. Anna Filina describes the main thing any talk proposal for a conference should contain: a purpose! Matthew Turland followed up on that with a collection of resources for conference speakers.

Have news to share? Found an interesting read? Have some comments on this post? We’d love to see hear from you in the comments below. Also feel free to reach out to @maartenballiauw on Twitter.

Till next time!

Develop with pleasure!
– JetBrains PhpStorm Team

image description