It’s time for our November edition of PHP Annotated! Get the latest on PHP 7.4.0 RC 5, Xdebug 2.8.0, a critical vulnerability in PHP-FPM, and news from PHP Internals. There are also links for Laravel and Symfony, useful tools, videos, podcasts, and a whole lot more!
⚡️ News & Releases
- PHP 7.4.0 RC5 – There is one more RC left and we’ll see the final release in late November. Meanwhile, check out What’s new in PHP 7.4.
- PHP 7.3.11, 7.2.24, 7.1.33 – The updates include a fix for a critical vulnerability (CVE-2019-11043). The reason for it was a bug in PHP-FPM. Specific malformed requests could lead to remote code execution. If you are using PHP-FPM, update to 7.1.33, 7.2.24, or 7.3.11 immediately, as the exploit is publicly available. For more information check out this good analysis of the vulnerability. By the way, PHP 5.* versions have not been supported for a long time and did not receive this fix.
- Xdebug 2.8.0 – This stable release of the debugger with full PHP 7.4 support fixes many bugs and adds ability to confirm breakpoints in the IDE.
🐘 PHP Internals
- [RFC] Union Types 2.0 – Voting on union types is going smoothly and almost unanimously. Listen to 🔈 PHP Internals News #33 with Nikita Popov to learn more. Also, using GitHub for discussing and working on RFC was successful overall, and Nikita proposed to allow using this kind of flow in optional/test mode.
- [RFC] Deprecate Backtick Operator (V2) – It is possible to use backticks
` `as an alias to
shell_exec()in PHP. This means that a string inside backticks will be treated as a command and executed in a shell. The proposal to deprecate this functionality is now under the vote. Learn more about the RFC in the 🔈 PHP Internals News #34 podcast with the author of the proposal, Mark Randall.
- [RFC] Implement new DOM Living Standard APIs in ext/dom – Benjamin Eberlei proposed to add support for a new standard to the PHP core extension. Learn more in 🔈 PHP Internals News #31.
- mougrim/php-xdebug-proxy – An expandable dbgp Xdebug proxy based on Amphp.
- webmozarts/console-parallelization – Allows parallelizing symfony/console commands.
- php-defer/php-defer – A PHP equivalent to defer() from Go. A callback that you pass to this function will be executed when the execution flow exits the scope of the current (outer) function. Under the hood it uses a destructor. The idea is not new and has already been implemented before in phplang/scope-exit.
- spatie/phpunit-snapshot-assertions – This tool for snapshot-testing with PHPUnit compares the results of running tests with a previous execution.
- matteosister/GitElephant – An abstraction layer for git written in PHP.
- danog/MadelineProto – Async PHP client/server API for Telegram MTProto protocol. Allows interacting with Telegram without using the bot API.
- Symfony 5: The Fast Track – Fabien Potencier has launched a crowdfunding campaign for a new book. The book will describe the creation of a Symfony 5 based application from scratch to production.
- You may have memory leaking from PHP 7 and Symfony tests.
- A Week of Symfony #670 (28 October – 3 November 2019).
- Laravel beyond CRUD – A blog series for a book on how to write big applications with Laravel. The first chapter talks about Domain-oriented Laravel and there is also a demo on how to use PhpStorm to refactor your code.
- Why you should stick to the default Laravel architecture.
- Crafting maintainable Laravel applications.
- Deploying Laravel Projects to Kubernetes.
- 🔈 Laravel Lunch Break – A brand-new podcast from Marcel Pociot and Dries Vints.
- 🎥 Astrocasts: Event Sourcing with Laravel and EventSauce.
- 🎥 A series of videos on How to use TDD to build a REST API in Laravel.
- 🎥 Screencasts on creating laravel-shift/blueprint.
- Earlier this year, it was announced that Zend Framework will be renamed to Laminas. Now the project repository includes a new package for migrating projects laminas/laminas-migration (so far for testing only) and a guide on how to test migration.
🌀 Async PHP
- seregazhuk/php-watcher – Helps develop long-running PHP applications by automatically restarting them when file changes in the directory are detected. Read the introductory blog post.
- Building RESTful API With ReactPHP – A new book based on 🎥 video tutorial series.
- apisearch-io/symfony-react-server – Symfony Async Server built on top of ReactPHP.
- What is garbage collection in PHP and how do you make the most of it? There is also The Undercover ElePHPant podcast episode with Derick Rethans discussing the topic.
- An example of creating a custom inspection in PhpStorm to check for reserved MySQL words Laravel migrations.
- On using the @mixin tag in DоcBlock to improve autocompletion in PhpStorm.
- The value of the void typehint in PHP.
- Embracing simplicity in your code.
- Solving the N+1 problem in ORMs.
- PHP: Past and Future – A short reminder of how PHP has changed since 2008. Benchmarking PHP 4 (6.069 sec) vs. PHP 8 (0.108 sec with JIT and 0.383 no-JIT).
- Examples of using FFI from PHP 7.4:
• Benchmarks of compressing with zstd using PHP extension and via FFI.
• vdechenaux/PhpWebcam – A POC for capturing webcam frames.
- PHP Yorkshire 2019 videos
- PHP Serbia 2019 videos
- Beachcasts: Store sensitive data in environment variables using phpdotenv
- In his twitter, Taylor said that in the last 5 years he had sold $10,000,000 worth of software while based in a small Arkansas town. In these Laravel Snippet podcasts, he talks about how to build successful products:
• #15: Choosing Product Ideas
• #16: Building An Audience
• #17: Motivation and Discipline
- The Undercover ElePHPant – A podcast about scaling and optimizing your PHP applications, hosted by Matthew Setter and Benjamin Eberlei.
- PHP Internals News #32 – With James Titcumb on the commercial development of PHP extensions.
- Interviews from php[world]: Cal Evans, Taylor Otwell, Samantha Quiñones, and Gary Hockin.
- Voices of the ElePHPant: Interview with Adam Culp.
- Voices of the ElePHPant: Interview with Ashley Hutson.
Thanks for reading!
If you have any interesting or useful links to share via PHP Annotated, leave a comment on this post or tweet me.
Your JetBrains PhpStorm Team
The Drive to Develop