PHP Annotated Monthly – December 2018

Roman Pronskiy

Hello everyone,

Please welcome the last PHP Annotated Monthly this year with all the news and notable materials from the past month.
Read about PHP 7.3.0, end of life for PHP 5 and PHP 7.0, PHP on AWS Lambda, a bunch of new and accepted RFCs from Internals, Symfony 4.2, WordPress 5.0, Laravel WebSockets, many useful tools, and a lot more!

⚡️ News & Releases

• PHP 7.3.0 released — Yay! Finally a new major release of PHP Interpreter.
  • Flexible Heredoc and Nowdoc syntax RFC
  • json_encode() and json_decode() function will be throwing exception in case of error and flag set RFC
  • Trailing comma in functions calls RFC
  • The new high-resolution monotonic timer function hrtime() PR
  • New functions, array_key_first() and array_key_last() RFC
  • Another new function is_countable() RFC
  • Reference assignment in list() RFC
  • Garbage collector improved PR
  • Regexp engine updated to PCRE2 RFC
  See the full list of changes in the UPGRADING doc and make sure to check the migration guide.
  There are also some benchmark tests showing a ~10% performance boost.
• The PHP Team also released PHP 5.6.39, PHP 7.0.33, PHP 7.1.25, and PHP 7.2.13. Note that these are the last releases for the 5.6 and 7.0 branches. Also, PHP 7.1 is now security only.
• PHP on AWS Lambda — Support for custom runtimes on AWS Lambda was announced at the AWS re:Invent 2018 conference. Out of the box, PHP support is available via stackery/php-lambda-layer, but you may build your own layer. This means that instead of doing workarounds and running through Nodejs or Go, we can now write real lambdas on PHP. And remember, PHP was serverless before it was cool:
  

  3rd question about severless PHP in as many days. There is no such thing as serverless from the PHP perspective. It’s just a different deploy strategy and provider billing model. There are still servers running your PHP code.

  — Rasmus Lerdorf (@rasmus) October 26, 2018

• PHP Versions Stats 2018.2 Edition — Traditional half-year stats based on the information that Composer sends to packagist.org. The total share of PHP 7 is 84%.
• HTTP/3 over QUIC — The next HTTP standard will be using the QUIC protocol, which works over UDP, not TCP. Cloudflare has a good overview of QUIC including problems with NAT and other details.
• Symfony leaves PHP-FIG — Symfony’s leader Fabien has removed himself and the framework from the list of members of the PHP-FIG. Fabien commented his decision on Twitter:
  

  PHP-FIG **was** a great way to create a common ground for PHP projects, **interoperability-first** #php

  — Fabien Potencier (@fabpot) November 20, 2018

  In this regard, Anthony Ferrara’s open letter to PHP-FIG from 2014 seems to still be relevant. Back then he said, “Please stop trying to solve generic problems. Solve the 50% problem, not the 99% problem.”
  Two years ago representatives of Laravel, Propel, Doctrine, Guzzle, Stash, and Aura already left the Group, mainly because they were not taking part in the discussions.
  🎥 Checkout the PHP Roundtable Podcast episode about PHP-FIG 3.0.

• NPM dependency hell: comparison with Symfony, Laravel, and API Platform — Kévin Dunglas shared an analysis of popular PHP frameworks’ dependencies after the JS lib event-stream was compromised.
• Composer 1.8.0

🐘 PHP Internals

• [RFC] Password Hashing Registry — The proposal is accepted for the next PHP version and allows registering your own hashing algorithms in extensions.
• [RFC] Preloading — The proposal is now accepted! It means that in 7.4, we’ll be able to preload any files into opcache. Any functions or classes declared in preloaded files will be available to all subsequent requests as if they were internal elements like strlen() or Exception.

  There is an ongoing discussion about supporting preloading in Composer. Dmitry Stogov also proposed an ability to disable opcache caching per script, using declare(cache=0) at the start of PHP files.
• [RFC] Spread Operator in Array — The document proposes supporting the ... operator in arrays. For example,
  $parts = ['apple', 'pear'];
$fruits = ['banana', 'orange', ...$parts, 'watermelon'];
// ['banana', 'orange', 'apple', 'pear', 'watermelon'];
• [RFC] FFI – Foreign Function Interface — Dmitry Stogov’s experiment is now official RFC. It allows calling C functions and using C data types from pure PHP. See for example using TensorFlow with FFI.
• [RFC] Covariant Returns and Contravariant Parameters

🛠 Tools

• spiral/roadrunner — High-performance application server, load balancer, and process manager for PHP on Go. See the PHP Was Never Meant to Die post on how it works.
• infection/infection — Mutation testing framework for PHP.
• 3v4l.org/live — Interactive online PHP shell (REPL).
• Insolita/unused-scanner — Find unused Composer dependencies.
• cebe/php-openapi — Reads OpenAPI spec files into usable PHP objects.
• spatie/period — Allows comparing multiple dates with each other and find overlaps, diffs, gaps, boundaries, and more.
• DivineOmega/password_exposed — Checks with haveibeenpwned.com API if a password has been exposed in a data breach.
• skollro/alexa-php-sdk — Expressive SDK for developing Amazon Alexa skills in PHP.
• php-ai/php-ml — Machine Learning library for PHP. Examples of usage: code review estimator, stock forecast.
• RubixML/RubixML — This high-level machine learning library for PHP could be an alternative to php-ai/php-ml.
• j6s/phparch — Work-in-progress architectural testing library for PHP projects. Inspired by archlint (C#) and archunit (java).
• Hywan/php-ext-wasm — Experimental extension, that allows running WebAssembly binaries from PHP. Potentially, it can make it possible to dynamically loading modules implemented in other languages.

Symfony

• Symfony 4.2.0 released — See a curated list of the most relevant changes.
• Using Symfony Messenger with AWS SQS
• Improvements to handling .env files for all Symfony versions — Instead of .env.dist use .env, and commit it to Git. You can also create .env.local.

Laravel

• beyondcode/laravel-websockets — A WebSocket server for Laravel on top of Ratchet that allows writing real-time apps. Read the introductory post, documentation and see a quick video overview.
• New team member in Laravel — Dries Vints joined Taylor and Mohamed.
• qcod/laravel-gamify — Add some gamification to Laravel apps with scores & badges. There is also a nice standalone gamification engine based on Symfony sveneisenschmidt/yay.
• nuwber/rabbitevents — A package for subscribing to and notifying of events between applications (services) with RabbitMQ.
• Dynamic relationships in Laravel using subqueries
• 🎥 Laracon AU 2018 videos
• 🎥 Laracon EU 2018 videos
• 🎥 Quick Laravel Performance Tips

Async PHP

• friends-of-reactphp/mysql — Async MySQL database client for ReactPHP. Read about the recent update in Introducing lazy connections.
• voryx/PgAsync — Async PostgreSQL client on PHP (does not need an extension). Allows listening for NOTIFY events.
• clue/reactphp-soap — Async SOAP client for ReactPHP. Blog post.
• clue/reactphp-socks — SOCKS proxy client and server for ReactPHP. Blog post.
• walkor/shadowsocks-php — Another socks5 proxy but based on Workerman engine.
• jakubkulhan/bunny — Async lib to work with AMQP (RabbitMQ).
• 🎥 Fast Web Scraping With ReactPHP #1: Extracting Data From HTML

CMS

• WordPress 5.0 “Bebo” — With a brand new editing experience called Guttenberg and a new default theme named Twenty Nineteen. The old editor is available via the Сlassic Editor plugin and will be supported through 2021.
• WooCommerce 3.5
• WordPress Configuration Cheat Sheet
• 🎥 Matt Mullenweg QA at WordCamp Portland 2018
• Magento 2.3.0 — Multi-Source Inventory support (MSI), PHP 7.2 Support, Declarative DB Schema, GraphQL, PWA Studio, Pagebuilder Beta (beta), Support for RabbitMQ, and Elasticsearch in Magento Open Source. See the full release notes.
• Joomla 3.9

Security

• Fuzzing PHP for fun and profit
• RCE vulnerability in WooCommerce
• PHP Security Advent Calendar 2018 — Information about security issues in WordPress plugins, delivered daily throughout December.
• Slice Of PIE #01 — Security-related questions and answers. Got more questions? Ask the folks from Paragon IE and get them answers in the next blog post.

Misc

• Some nice posts on why it’s better to use classes instead of arrays: Avoid Dynamic Data Structures In Php, Better Array Parameter Handling In Php, and Structuring Unstructured Data.
• PHP code static analysis based on the example of PHPStan, Phan, and Psalm
• Running PHP on Android with PeachPie and Xamarin
• Tomas Votruba: How to Manage Configuration in Symfony without Bundle, Extension, and Configuration?
• Tomas Votruba: 14 Tips to Write PHP Code that is Hard to Maintain and Upgrade
• Tomas Votruba: When you should use monorepo and when local packages
• Matthew Weier O’Phinney: Creating Exception types on-the-fly in modern PHP
• Rob Allen: Migrating to password_verify
• Sebastian De Deyne: Readability is relative

• friendsofphp.org — The map of all PHP meetups around the world. Blog post.

Thanks for reading!

Your JetBrains PhpStorm Team
The Drive to Develop

Subscribe to PHP Annotated

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. ("JetBrains") may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we've got you!