PHP Annotated Monthly – March 2019

Roman Pronskiy

Greetings everyone,

Welcome to the March edition of PHP Annotated Monthly, with all the latest news and notable materials from the world of PHP. In today’s issue read all about the PHP updates, and 5 new and 3 accepted RFCs from PHP Internals. There is also news from Laravel, Symfony, some async PHP stuff, useful tools, and a whole lot more!

⚡️ News & Releases

• PHP 7.3.3
• PHP 7.2.16
• PHP 7.1.27
• Xdebug 2.7.0 — With long-awaited PHP 7.3 support.
• ircmaxell/php-compiler — This compiler for PHP from Anthony Ferrara gets a breath of fresh air with FFI in the upcoming PHP 7.4. The compiler can generate native machine code, and output it to an executable that runs without a VM. So far, it’s a PoC that supports a very limited subset of PHP, but it looks promising.

🐘 PHP Internals

• The proposal to abolish 50% threshold on voting is accepted and from now on all RFCs require at least 2/3 of the votes to pass.
• A great overview of the unaccepted RFCs — Read why generics, method overloading, and annotations, etc. are still not implemented and what the forecast is for them.
• [RFC] Consistent type errors for internal functions — The RFC is accepted, which means that in PHP 8 all the built-in functions will be throwing a TypeError if a wrong type argument is atorspassed.
• [RFC] Weak References — The proposal is accepted. In PHP 7.4 there will be a new WeakReference class, which will allow you to keep a reference to an object without preventing the object from being destroyed with a garbage collector.
• [RFC] Saner string to number comparisons — In this RFC Nikita Popov proposes changing the behavior of comparison operators to make them less error-prone. Particularly, comparing numbers is to be used only when the string to compare is indeed a number. Otherwise, the number is converted into a string and a string comparison is performed.

  

  This proposal entails changing the behavior of the operators <=>, ==, !=, >, >=, <, and <=, the switch construction, functions like in_array() and sort(), and others.

  In response, there were ideas of varying degrees of radicalism: from adding a special flag declare('strict_comparison=1'), which would convert all == to ===, up to deprecate == at all.

  Meanwhile, in PHP 7.4, you'll get a Warning if the result of a comparison differs from the one expected in PHP 8.

• [RFC] Permit trailing whitespace in numeric strings — One more proposal to improve consistency, but at the cost of losing rules. Basically, it is proposed that "123 " == " 123" and all other operations would behave the same as for strings with leading whitespaces.
• [RFC] Locked Classes — This one is about adding a new keyword locked for classes. Such classes will be closed for dynamic usage of properties, i.e. you could only use properties that were declared explicitly:

      locked class TestClass {
          public $definedProp;
      }
  
      $t = new testClass();
      $t->definedProp = "OK";
      echo $t->definedProp;
      unset($t->definedProp);
  
      echo $t->nonExistentProp; // Error
      $t->nonExistentProp = "Not OK"; // Error
      unset($t->definedProp); // Error

• Allow throwing from __toString() — PR from Nikita to fix one of the oldest PHP sadnesses.
• [RFC] Arrow Functions 2.0 — The third attempt to bring short closures to PHP. This time Nikita, Bob, and Levi propose the following syntax:

      fn($x, $y) => $x * $y.

  Variables from the outer scope will be implicitly bound by-value and there is no need to add use():

      $y = 1;
      $fn1 = fn($x) => $x + $y;

  In the future the same syntax might be used for methods as well:

      class Test {
          private $foo;
  
          fn getFoo() => $this->foo;
      }

  We hope this time it will be accepted!

• [RFC] Generator comprehensions — This is a draft RFC with the PoC implementation on adding list comprehension for PHP. It looks really nice:

      $a = [1, 2, 3];
      $mul = 3;
      $c = [ for $a as $v yield $mul * $v ];

• 🔈 PHP Internals News: Episode 1 — The new podcast from Xdebug author Derick Rethans. The first episode is a talk with Nikita Popov.

🛠 Tools

• krakjoe/parallel — A new extension from pthreads author Joe Watkins with a simplified interface for parallel code execution. Read more on the motivation behind it in Joe's blog post.
• kriswallsmith/Buzz v1.0 — Lightweight HTTP client.
• spatie/image-optimizer — The package optimizes images by running them through a chain of tools.
• swagger-mock/swagger-mock — Mock server for OpenAPI 3 with support for generating fake data.
• johnkary/phpunit-speedtrap — The tool will tell you which of your PHPUnit tests run too long.
• blastcloud/guzzler — Useful and simple to use mocks and assert for Guzzle requests.
• ptlis/php-serialized-data-editor — Manipulate PHP-serialized data without deserialization.
• bakame-php/csv-doctrine-collections-bridge — Converts CSV to Doctrine Collections objects and allows using Doctrine Collection's Expression API. Read more on the blog post.
• VKCOM/noverify — Pretty fast linter (code static analysis utility) for PHP. Built in Golang on top of z7zmey/php-parser.
• ankitpokhrel/alt — Facebook-like automatic alternative (alt) text for images using object detection with a pre-trained model.

Symfony

• Symfony Gets Real-time Push Capabilities! — The new real-time features rely on Mercure protocol. The protocol works on top of SSE, and unlike WebSocket, it can benefit from HTTP/2 and HTTP/3.
• symfony/http-client — The new components in the Symfony ecosystem. Implements its interface and does not use PSR-18, but has an adapter for it. Find more info on Fabien's slides.
• New in Twig: Namespaced classes.
• New in Symfony Flex 1.2
• A week of Symfony #636 (4-10 March 2019)
• King2500/symfony-meta — The package improves autocompletion for Symfony in PhpStorm 2019.1 with the help of the new .phpstorm.meta.php features.

Laravel

• Laravel 5.8 released — It improves Eloquent “HasOneThrough” relationships, deprecates array and string helpers, adds automatic policy discovery, PSR-16 cache compliance, and more. See the full recap in 🎥 Taylor's talk at Laracon Online.
• avto-dev/roadrunner-laravel — This package integrates RoadRunner application server with Laravel apps. It provides configs and an extendable worker.
• aldemeery/sieve — A simple, clean, and elegant way to filter Eloquent models.
• spatie/laravel-personal-data-export — Helps users export all their personal data as a zip archive.
• spatie/laravel-flash — A lightweight package to flash messages.
• spatie/laravel-queueable-action — Queueable actions in Laravel. Introductory blog post.
• How to turn Laravel from static to dependency injection in one day
• 🎥 PHP Package Development video course.
• 🎥 Laravel Core Adventures: The chamber of facades
• 🔈 Taylor Otwell's podcast Laravel Snippet #6, #7, #8

🌀 Async PHP

• RESTful API with ReactPHP and MySQL
• WyriHaximus/reactphp-cron — Cronlike scheduler running inside a ReactPHP Event Loop.
• phpinnacle/ensign — Async signal dispatcher on top of Amphp.
• clue/reactphp-redis v2.3.0 — Async Redis client implementation, built on top of ReactPHP. The update features improved PubSub messaging, and lazy database connections. Read more in the blog post.
• xtrime-ru/TelegramRSS — This tool converts Telegram posts to RSS or JSON with a Swoole server. Read more on implementing microservices with PHP and Swoole.

🚨 Security

• WordPress 5.1 CSRF to Remote Code Execution — Technical Analysis of the vulnerability in WordPress that was fixed with the WordPress 5.1.1 update.
• Critical vulnerability in Drupal — The bug allows leads to RCE and got the highest level of risk. Exploitation example.
• Twig: Sandbox Information Disclosure
• Remote code execution gaining domain admin privileges due to a typo

💡 Misc

• Moving away from magic or why I don't want to use Laravel anymore.
• PhpRedis vs Predis: comparison on real production data.
• What is a command bus and why should you use it
• Design Patterns in PHP — Updated according to PHP 7.3 + real-world examples added.
• Predict air pollution with k-Nearest neighbors and PHP — using php-ai/php-ml.
• Write your own simple chess AI in PHP
• Binary heap implementation in PHP
• Matthias Noback: Handwritten service containers

Thanks for reading!

If you have any interesting or useful links to share via PHP Annotated Monthly, leave a comment or drop me a message on Twitter.

Subscribe to PHP Annotated

Your JetBrains PhpStorm Team
The Drive to Develop

Subscribe to PHP Annotated

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. ("JetBrains") may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we've got you!