PHP Annotated Monthly – December 2014

PHP Annotated MonthlyWelcome to this fourth edition of the PHP Annotated Monthly, where our developer advocates Maarten and Anderson highlight this month’s most interesting content from around the web, posted by developers like us.

It have been interesting times. There’s a Firefox Developer Edition, and the web will become more secure starting next summer. But what can we do in the meanwhile? Sit back with a cup of coffee or tea and read the latest PHP news out there in this edition of the PHP Annotated Monthly!


New releases! PHP 5.4.35, PHP 5.5.19 and PHP 5.6.3 are now available. The changelog contains a battery of bugfixes and security fixes.

With a PHP 7.0 timeline in place and milestones defined, we start seeing some of the new features and enhancements that will be made. One I like is a new PHP filter for validating domain names and URLs: no need to write (or copy) complex regular expressions anymore?

Other things will not be needed anymore either… Nikita Popov proposed an RFC to remove all deprecated functionality from PHP 7.0. Although Zeev Suraski would love to keep the PHP upgrade path as smooth as possible. More discussions on the PHP internals mailing list are summarized by Pascal Martin.

Psy’s Gangnam Style has broken YouTube. Apparently the view counter was only 32 bits, and YouTube never imagined this would be exceeded. What does this have to do with PHP? Well, if you all click that video link, YouTube may soon need Big Integer support, as proposed in a new RFC. Or they could just store it as a UString.


Fabien Potencier blogged about the Symfony 3.0 roadmap. While the project is as backward compatible as possible, you can start to make your code “more compatible” with 3.0 already. Expect a release in November 2015! And if you built a cool product or service around Symfony, be sure to explore the marketplace and get listed. If you haven’t built anything yet, here are some tips and tricks for Symfony developers.

WordPress released a 4.0.1 security release which fixes a critical XSS vulnerability as well as some other security issues. Be sure to upgrade! A first beta for WordPress 4.1 has also been released which you can try out.

Drupal also released some security fixes, for versions 6.34 and 7.34. They recommend upgrading your Drupal installations.

Laravel 5 has been delayed until January. This is different from the expected release cycle, but a major release can be postponed a bit if it’s for the better, right? While you wait, here’s a first experience of upgrading to the new version. Oh, and why not dive into learning about behavior-driven development (BDD) with Laravel?

PHP CodeSniffer 2.0 has been released! Just like the automatic code inspections we have in PhpStorm, PHP CodeSniffer scans your code for common issues, code style violations and so on. This new version can now also fix some of these issues, automatically!


Writing JavaScript code? Do you use strict to enforce strict type hints? Joe Watkins explores introducing a similar concept to PHP. The best thing? His prototype works!

Anthony Ferrara explores a SQL injection vulnerability that was found (and fixed) in Drupal 7 a while back. One quote to take away: “You’re never safe. If you’re running a system, it’s either been compromised, or will be. The key is how you deal with it.” He’s been exploring timing attacks as well.

Never heard about Docker? Or heard about it but haven’t tried? No worries. Michael Rook wrote about Docker and PHP, explaining the basics and how you can use Docker with Vagrant, too.

An interesting pull request for Composer… It would add a new switch, --prefer-lowest-stable, to get all dependencies installed to their lowest supported version. This may be beneficial in a lot of cases where you want to be sure that the dependencies used when restoring dependencies are as close to the ones that were originally used to develop against.

More Composer: how would you test-drive a Composer package before pushing it out to Packagist? You could implement it in your project and then later extract it. Or push the unstable version to Packagist. Or use the other way.

A pull request that reduced Composer’s runtime with 50% to 90%? Guess it’s time for us to learn more about how PHP’s garbage collection works

Mathias Verraes blogged an example on higher order programming with PHP. He introduces lambdalicious, a GitHub repository that contains experiments in functional programming with PHP. Word of warning: don’t use this in production, as PHP does not like recursion to a level that functional programming may require. Nevertheless, good read.

Derick Rethans posted about how XDebug ties into PHP to be able to provide code coverage. He also covers (pun intended) how XDebug can find out which lines of code can be covered and which code is “dead code”. Interesting read!

But… why? That’s the same question Bruno Skvorc asks himself in a blog post describing 3 ways of writing cross-platform desktop apps with PHP. A typical consultancy answer: “It depends.” A good read, and some examples in there too.

Want to implement OAuth 2.0, server-side? In other words, not call Twitter or another API out there, but be your own API? Here’s a ready-made OAuth 2.0 server that you can use, so you can focus on writing the API instead. There’s a Laravel port, too.

Michelangelo van Dam likes Zend’s Apigility. In a recent blog post, he explains how to host it on Microsoft Azure. A great walkthrough, both on getting started with Apigility as well as deploying to Azure.

Using Phing? Rob Allen wrote a couple of Phing tips on his blog, like hiding targets. He also covers providing bash completion for Phing targets.

Blast from the past, but it popped up on Twitter earlier this week. MailChimp uses PHP. Many have said “Ewww!”, but they have good reasons.

Need something to cuddle? Or just want to complete your collection of elePHPants? Rafael Dohms launched a kickstarter for a black elePHPant. With a good month to go, now is a perfect time to get yours (PhpStorm team has already backed the campaign).

Our friends in Brazil will run the PHP Translation Fest: an event through various local communities that aims increasing Portuguese translation of PHP Documentation. Are you a Portuguese speaker? Check it out at Translation Fest website. If you run a non-English community and want to help doing something similar, do contact them.

Have news to share? Found an interesting read? Have some comments on this post? We’d love to see hear from you in the comments below. Feel free to reach out to our PhpStorm evangelists @maartenballiauw and @duodraco on Twitter.

We’ll be back in 2015, till next time year! And happy holidays!

Develop with pleasure!
– JetBrains PhpStorm Team

image description