Greetings everyone!
PHP 8.1 has reached the first release candidate and the list of changes has been finalized. We’ll see at least 5 more release candidates before the final release, which is planned for the end of November.

Meanwhile, discussions are already taking place in PHP internals regarding three more proposals for PHP 8.2: operator overloading, the $this type hint, and deprecating dynamic properties.

Beware of malware Composer packages! Two of them were recently discovered on Packagist.

PHP-FIG discusses adding a new type of standard to PSRs.

You can read more about this news in the September edition of PHP Annotated. As usual, we’ve carefully selected a variety of excellent articles, tools, videos, and streams for you.

News

• PHP 8.1.0 RC 1

  The final release is still two and a half months away with at least 5 release candidates coming.

  The final release of version 8.1 is still two and a half months off, with at least 5 release candidates on the way. Here’s a micro tutorial on how to install PHP 8.1 on macOS via Homebrew. Additionally, PHP 8.1 has ready-made Docker images.

  You can find a comprehensive description of what’s coming in PHP 8.1 at php.watch/versions/8.1 and on Brent Rooses’s blog, stitcher.io/blog/new-in-php-81.

• PHP 8.0.10, PHP 7.4.23, PHP 7.3.30

  Security and bugfix updates for current branches.

• The end of Swiftmailer

  The popular mail package Swiftmailer will only be supported until November. It will be replaced by symfony/mailer.

  Symfony/mailer’s features and concepts replicate Swiftmailer, so migrating should be fairly easy. Rector has a migration script, and it simply needs to rename classes.

• PHP Evolving Recommendations (PERs)

  PHP-FIG currently releases only PSP standards. The problem is that some standards require constant refinement. For example, in the case of code styles, PSR-12 replaced PSR-2, and now it does not include new features from PHP 7.4-8.0.

  There is now a proposal to adopt a special type of recommendation called PER, which can be changed over time.

  PERs are (will be/are intended for) situations where having a standard “build up” over time makes sense. Coding standards, type libraries, docblock tags, etc.

  PSRs are a good fit for “we want to design a single agreed upon target we can rely on not changing.”

  — Larry Garfield (@Crell) September 9, 2021

• Malware Composer packages

  On Packagist, there was a package called symfont/process which did exactly the same thing as symfony/process, but it also gathered information about the machine, sent it to a third party, and opened a web shell.

  The attacker expected that users would potentially misspell the package name during installation and type symfont instead of symfony.

  The malware package has already been removed from both Packagist and GitHub, and an analysis of how it worked is available.

  Another backdoor was found in the laraveli/qr-code package. As you can see from the code, the malware was copying this type of web shell onto the machine.

  To protect yourself from attacks like these, you can add a local-php-security-checker to your CI pipeline or use the the-php-security-checker GitHub Action.

  For more complex cases, you can run the marcocesarato/PHP-Antimalware-Scanner.

• The hautelook/alice-bundle repository was removed from GitHub

  The package has more than 8 million downloads, and the main contributor doesn’t know why he was removed from the maintainers list and the repository was apparently made private.

  I have no idea: the repository seem to have been made private and I have been removed from the maintainers (although I can still see the repo)

  — Théo Fidry (@tfidry) September 9, 2021

  A working fork is available on Théo’s GitHub profile: theofidry/AliceBundle.

PHP Internals

• [RFC] Deprecate dynamic properties

  In current versions of PHP, if you try to write to a property that doesn’t exist, it will be automatically created.

  In modern code, writing to a nonexistent property is rarely done intentionally – it is usually a mistake.

  This RFC proposes to deprecate and subsequently remove the ability to create dynamic (undeclared) properties.
  

  class User {
      public $name;
  }
  
  $user = new User;
  
  // Assigns declared property User::$name.
  $user->name = "foo";
  
  // Oops, a typo:
  $user->nane = "foo";
  
  // PHP 8.2: Throws a warning but still creates a dynamic property.
  // PHP 9.0: Throws Error exception.
  

  
  This change would not apply to stdClass and its inheritors. The behavior of magical methods __get/__set would also be unaffected by this change.
  

  $obj = (object) []; // = new stdClass;
  
  // No deprecation warning
  $obj->foo = 1;
  
  class myStdClass extends stdClass {}
  $obj2 = new myStdClass;
  
  // No deprecation warning
  $obj2->bar = 1;
  

  
  With this change in PHP 9.0, it would be possible to reduce the size of objects by 8 bytes. For a single object, of course, this is nothing. But cumulatively for large applications it could result in a noticeable difference.

  There is also a discussion on whether it makes sense to alias stdClass to DynamicObject.

• [RFC] User Defined Operator Overloads

  In this RFC, Jordan LeDoux essentially proposes to define a different magic method for each operator, e.g. __add() for `+` or __equals() for `==`.
  Using these methods would make it possible to describe the desired behavior of operators applied to objects.
  

  $a = new Number(8);
  $b = new Number(6);
  $c = new Number(4);
  
  // Instead of this
  $posRoot = $b->mul(-1)->add($b->pow(2)->sub($a->mul($c)->mul(4))->sqrt())->div($a->mul(2));
  
  // It would be possible do it like this
  $posRoot = ((-1 * $b) + ($b ** 2 - 4 * $a * $c)->sqrt()) / (2 * $a);
  

  
  If the proposal is accepted, it would become possible to implement the behavior of scalar objects in userland code.

• [RFC] $this return type

  Nikita brought up the idea of using $this as the return value type. This would cause the interpreter to check that an object is the same as the one that is returned.

  Here is how it compares with self and static by Ben Ramsey:

  • self – The return value must be an instance of the same class that sets this type declaration.
  • static – The return value must be an instance of the same class that calls the method with this type declaration.
  • $this – The return value must be the same instance as the instance that calls the method with this type declaration.

  class Test {
      public function method(): $this {
          return $this;
      }
  
      public function not_this(): $this {
          return new self(); // Fatal Error
      }
  }
  

• [RFC] Deprecate partially supported callables

  The following callables are currently accepted by the callable, the is_callable() function, and call_user_func(), but are not supported byn $callable().
  

  "self::method"
  "parent::method"
  "static::method"
  ["self", "method"]
  ["parent", "method"]
  ["static", "method"]
  ["Foo", "Bar::method"]
  [new Foo, "Bar::method"]
  

  
  This RFC proposes to deprecate in PHP 8.2 and remove in PHP 9.0 support for these callables.

  Normal callables like "function", "Foo::method", ["Foo", "method"], or [new Foo, "method"] would not be affected by this proposal because for them, calling with braces will work as expected:
  

  class Foo {
      function method() {
          echo 'method';
      }
  }
  [new Foo, "method"]();
  // > method
  

• All PHP RFCs on GitHub

  As an experiment, Ben Ramsey, the PHP 8.1 release manager, exported all 838 RFCs ever discussed to Git, along with the change history for each.

Tools

• whsv26/functional – The author ran into problems with existing PHP implementations of collections and wrote his own package.
• phabelio/phabel – This transpiler for PHP makes it possible to use features from the latest PHP versions in older environments, or when backward compatibility must be maintained. You can also start adding support for features that don’t yet exist, such as the async/await keywords.
   
  Similar tools already exist, like marcioAlmada/yay or preprocess.io. And Rector can also do backports. But the special thing about Phabel is the transparent integration with Composer.
• phparkitect/arkitect – A tool for defining and checking architectural rules for your project.
• niklongstone/regex-reverse – Generates a random string that satisfies a given regular expression.
• azjezz/psl – What a standard PHP library might look like.
• github-php/sponsors – A package for working with the GitHub Sponsors API. You can organize access control by checking whether the user is a sponsor.
• koriym/Koriym.Attributes – A simple tool that allows you to read PHPDoc annotations and PHP 8 attributes through a single interface. The more advanced spiral/attributes is also available for the same tasks.
• grep.app – A handy tool for quick code searches on GitHub.
• mrsuh/php-generics — PHP generics written in PHP. This is an interesting and functional attempt to implement syntax-level generics in PHP.

Symfony

• kafkiansky/symfony-middleware – PSR-15-compatible middlewares for Symfony.
• lexik/LexikTranslationBundle – This allows you to import translations into the database and provides an interface for easy editing.
• Helpers for testing your applications based on Symfony components: zenstruck/mailer-test, zenstruck/console-test, zenstruck/messenger-test, zenstruck/browser.
• Symfony Messenger in microservices: message contracts and resilience – Interesting read about microservices and asynchronous communication.
• Ultimate Guide to Symfony Components – Which ones you should use in your projects, and when you should use them.
• How to dynamically validate some data with Symfony Validator.
• Symfony plugin for PhpStorm has just got support for PHP8 Doctrine metadata attributes.

Laravel

• State of Laravel 2021 survey results and a video review of the results from Laravel Daily.
• lepikhinb/laravel-fluent – This package provides an expressive way to define model attributes. It automatically builds casts at runtime and adds native autocompletion to the models’ properties.
• Creating a RoadRunner plugin for Laravel Octane.
• Testing Laravel – Spatie’s paid testing course, with free episodes available: Testing Middleware,
  Cool Laravel Testing Techniques, and Testing a Form.
• The Queue Component in Laravel – A continuation of the series of videos about the framework for those who are just starting out.
• Planning & Kickstarting the Laravel Application – An interesting stream from Mohamed Said, a member of the Laravel core team. In the stream, he writes an app and comments on the steps he takes to do so.
   
  Christoph Rumpel built a cool website, larastreamers.com, where you can get notifications about all the upcoming streams.
• PHP Roundtable: 10 Years Laravel with Taylor Otwell, Matt Stauffer, and Eric Barnes.

Yii

• Yii news 2021, issue 3

Misc

• A couple of posts from Larry Garfield with helpful test-writing techniques: Fun with PHPUnit Data Providers and Advanced PHPUnit shenanigans.
• Test tip from Matthias Noback: Write self-contained tests.
• On using PSR abstractions – Matthias Noback discusses whether it’s better to tie your code to PSRs, make wrappers, or write your own interfaces. Brent Roose has a response to this.
• Creating a public/private multi-monorepo for PHP projects.
• All about match expressions from PHP 8.0.
• A couple of videos about Xdebug 3 from Derick Rethans: Profiling: Analysing Data, Activation and Triggers.

Podcasts

• devmode #89 – Should Craft CMS use Yii3 or Laravel? – CraftCMS is a commercial CMS based on Yii2. In this podcast, its developers discuss the Craft CMS ecosystem and its potential transition to Laravel.
• PHP Internals News #94 – Nikita Popov discusses RFC Unwrap Reference After Foreach.
• PHP Internals News #93 – Jordan LeDoux discusses the already revoked RFC Never For Parameter Types.

Thanks for reading. We hope you have a great day!

If you have any interesting or useful links to share via PHP Annotated, please leave a comment on this post or send me a tweet.

Subscribe to PHP Annotated

Your JetBrains PhpStorm team
The Drive to Develop

Greetings everyone!
Here are some highlights from the world of PHP over the last month.

• PHP 8.1 RC3 is out, and the first package that uses enumerations is already available!
• A community fork of Magento has been announced.
• In addition to PSRs, there will be a new type of recommendation called PERs.
• Symfony 6 will be fully typed — how to update?
• New optimized data structures and a standalone null type have been proposed for PHP 8.2.
• A PHP vulnerability with disable_functions has been published, though it is not actually a real vulnerability.

You can read more about this news in the October edition of PHP Annotated. As usual, we’ve carefully selected a variety of excellent articles, tools, videos, and streams for you.

News

• PHP 8.1 RC 3

  The third release candidate was delivered on schedule. For an overview of the new features in PHP 8.1, take a look at the What’s new in PHP 8.1 and PHP 8.1: before and after posts. A comprehensive list of changes is available on PHP.Watch.

  The migration guide for PHP 8.1 is now also available.

  You can try PHP 8.1 from docker, for example with the php:8.1-rc-cli image, on Mac via homebrew, or you can just poke around at 3v4l.org.

  The first package that uses enumerations from PHP 8.1 is already available!
  alexanderpas/php-http-enum – Enums with the status codes and text of HTTP-response messages.

• PHP 8.0.11, 7.4.24 and 7.3.31

  Updates to supported branches with the security fix CVE-2021-21706.

  This fix addresses a bug that was causing ZipArchive::extractTo to extract the zip archive outside the target directory with certain file path names on Windows.

• The Future of Magento

  This letter from members of the Magento community announced that there would be a Magento fork run by a community organization. The goal is to ensure the long-term open-source life of Magento.

  Previously, Adobe had announced that they are planning to decompose Magento into microservices. How exactly this will happen is unclear. That’s why a fork will be created. It will be compatible with Adobe’s Magento, as long as the latter is open.

• PhpStorm 2021.3 Early Access Program Is Open

  The PhpStorm 2021.3 Early Access Program is in full swing. Every week we publish new builds that allow you to try the new features before the official release.

  The upcoming major release will include full support for PHP 8.1, many improvements for generics, new options for deployment, an updated debugger interface, and much more.

• PER Workflow – PHP-FIG

  PHP-FIG has approved the idea of PHP Evolving Recommendations. In addition to PSR standards, there will now be PERs, which are recommendations that can be perpetually changed and supplemented. For example, in the case of code styles, it will be possible to add new rules to reflect new language features.

• “Vulnerability” (not) in PHP to bypass disable_functions

  A researcher recently published a method to bypass the constraints set by the disable_functions directive in php.ini.

  You can use disable_functions to forbid the use of certain functions in PHP scripts. For instance, you can forbid system, exec, proc_open and shell_exec to block calls to external programs.
  You cannot forbid eval(), by the way, because it’s not a function, but rather a language construct.

  The bypass problem cannot be called a vulnerability, because disable_functions is not a security feature and relying on it for security is a bad idea.

  
  Learn more about what counts as a security problem in PHP and what doesn’t: wiki.php.net/security.

  And if you’re interested in understanding the problem in more detail, there is a cool breakdown of how disable_functions works and how such exploits are built. And another one even explains how you can automatically search for such problems.

  Also, check out this analysis of a real RCE vulnerability found in fiveai/Cachet, a popular Laravel project: Code Execution via Laravel Configuration Injection.

• composer/composer 2.1.9

  This update fixes a vulnerability on Windows (CVE-2021-41116). Windows users should definitely update.

• PHPOpenDocs.com

  Here’s an experiment in making a community site for PHP related content.

  It already has a useful sponsoring page with a list of contributors grouped by PHP version, as well as an Internals section with lots of links to resources about the structure of PHP code and how to start contributing to PHP core.

PHP Internals

• New data structures in PHP

  PHP has a universal array data structure that can be used as a list, an associative array, a queue, a stack, etc.

  Versatility is achieved by using a hash table under the hood. But this versatility comes at the cost of additional memory usage and subtle performance overhead.

  SPL has more-specialized data structures, but they have baggage of their own.

  Tyson Andre suggests adding new optimized data structures to PHP.

  One option to achieve that would be to add structures from the popular php-ds/ext-ds extension, but its author does not support this idea. This thread on GitHub sheds some light on the details of the debate.

  So for now there are two RFCs:

  • [RFC] final class Vector Vector structure – is a set of elements with consecutive indexes 0, 1, 2, etc. It requires half as much memory as current arrays and works faster than similar SPL structures.In terms of its API, it’s just a usual class with implementations of the
    ArrayAccess, IteratorAggregate, and Countable interfaces.
    

    $values = new Vector();
    for ($i = 0; $i

  • [RFC] final class Deque Deque is a doubly-linked queue, that is, elements can be added and removed both at the beginning and at the end.You could use it in the place of SplQueueue or SplDoublyLinkedList and see immediate improvements to performance and memory consumption.

    Deque is also relevant for long-running applications that use large arrays, because of their known issues with memory management.

  The implementations of these and other structures are available in the TysonAndre/pecl-teds extension.

• [RFC] Allow null as standalone type

  George Peter Banyard proposes to add the ability to use null in type declarations.

  First, this is the missing piece for the completeness of the type system of PHP. There is a mixed type, never type was added, there are also unions and intersections, but a unit type is missing.

  Second, this type will cover some edge cases for type hinting and improve static analysis.

  For example, at the moment, you can use the pseudotype false in unions, but you cannot specify that the function returns false|null, only bool|null.

• How opcache works

  Nikita Popov doesn’t always write blog posts, but when he does he describes the concepts clearly and in details.

Tools

• Xdebug 3.1.0 – The popular PHP debugger has received an update. It comes with support for PHP 8.1, many fixes, and some rather minor features. Don’t miss this series of videos about Xdebug 3 by extension author Derick Rethans.
• spiral/roadrunner 2.4 – This is a big update for the PHP application server in Golang. The release includes support for queues, key-value stores, and integration with Temporal. See details.
• brick/date-time – A set of immutable classes for working with date and time.
• php-runtime/runtime – The Runtime component separates the application bootstrap logic from the global state, and so allows you to run the application without changes in any environment, such as PHP-FPM, ReactPHP, Swoole, etc.
  This was originally a component for Symfony, but it turned out to be so good that it’s now a separate organization on GitHub.
• rindow/rindow-neuralnetworks – A neural network training framework based on Python Keras. According to its documentation, GPU support is only available in experimental mode and only on Windows.
• piko-framework/router – Yet another PHP router, this one is based on radix tree and, according to the benchmarks, is faster than the Symfony router.
• nunomaduro/termwind – A PHP 8+ package for formatting the output of console programs with Tailwind CSS style syntax.
• icanhazstring/random-issue-picker – If you want to participate in Hacktoberfest but don’t know where to start, here’s a tool that will pick a random issue on GitHub or GitLab for you.

Symfony

• Preparing your applications and bundles for Symfony 6 Symfony 5.4 and 6.0 will be released in November. The difference between them is that Symfony 5.4 will still contain all deprecated features, while in Symfony 6.0 they will all be removed.Additionally, both Symfony 5.4 and 6.0 will have PHP type declarations added to all method properties, arguments, and return values, where possible.

  Check out this detailed post by a member of the Symfony Core team to learn how to update apps that use Symfony components: Symfony 6: PHP 8 Native Types & Why We Need YOU.

• For Symfony Flex, you will no longer need flex.symfony.com. All recipes are now at github.com/symfony/recipes.
• A week of Symfony #771 (4-10 October 2021)

Laravel

• Working with fixture data in your tests.
• Strategies for decreasing the number of queries in a Laravel app.
• Laravel Worldwide Meetup #10: A Little Bit of AWS Lambda, and Pest to Perfection.
• Converting a PHPUnit testsuite to Pest
• Let’s Build an Online Store – A nice series of streams.

Misc

• The Road to PHP: Static Analysis – A 10-day newsletter from Brent Roose about static analysis.
• Testing tips from Matthias Noback: One Class, One Test?, Testing Anything; Better Than Testing Nothing?, Write Unit Tests Like Scenarios.
• What happens when we clone objects?
• Interesting post about `Either` data structure.
• About creating an `Option` type in PHP.
• The €13.000 Video Course Launch That Made Me Believe In Myself Again – Christoph Rumpel shares some details about how he launched the masteringphpstorm.com course.
• Generative art with PHP – Ben Gillbanks explains how you can use code to create images, from simple avatars to pixel-art cities:
  
• A game on FFI: quasilyte/kphp-game
  KPHP is a PHP compiler. It compiles a limited subset of PHP to a native binary that runs faster than PHP.

  Folks from the KPHP team implemented experimental support for FFI, and made a little game with it as a demo.

  Remarkably, KPHP-FFI is compatible with FFI from traditional PHP, which means the game can also be run on regular PHP 7.4+.

  Read more about other FFI applications in this Complete guide to FFI in PHP.

Thanks for reading!

If you have any interesting or useful links to share via PHP Annotated, please leave a comment on this post or send me a tweet.

Subscribe to PHP Annotated

Your JetBrains PhpStorm team
The Drive to Develop

Greetings everyone,
Catch up on the latest from the PHP world with our specially curated news, articles, tools, and videos.

News

• The PHP Foundation Update, January 2022
  The PHP Foundation started its work at the end of November as a non-profit organization whose mission is to ensure the long life and prosperity of the PHP language.

  We already have the first results. Applications for sponsorship from core developers have been received and are being processed.

  The foundation team will be publishing monthly updates so you can subscribe to our Twitter @thephpf to stay up to date with the news.

  To learn more about The PHP Foundation check out the Voices of the ElePHPant Ep 366 podcast with Joe Watkins, Sara Golemon, and Sebastian Bergmann.

• PHP 8.0.15, PHP 8.1.2, PHP 7.4.27
  Bug fixes for current PHP branches have been released. In the case of PHP 7.4 this is the last regular release, and from now on only security updates will be issued for the PHP 7.4 branch.
• PHP version stats: January, 2022
  Here are some fresh stats for PHP versions according to packagist.org. Version 8.1 only came out two months ago, but it’s already gained a 9.1% share. However, there’s still a lot of PHP 7.4 (44%).
  
• [RFC] User Defined Operator Overloads
  A proposal to add operator overloading to PHP failed to pass the vote. You can, however, listen to the PHP Internals News podcast with the author Jordan LeDoux to learn the details.
  Jordan also published very thorough instructions on How to make an RFC for PHP.

  In the meantime, operator overloading can already be used in PHP thanks to lisachenko/z-engine and FFI. For an example of the implementation of operators for matrices, see: lisachenko/native-php-matrix.

Releases

• thephpleague/flysystem 3.0.0 – A major update of the popular library for working with file systems. Check out the blog post with all the details.
• Cycle 2.0 – The second major release of Cycle – a DataMapper and ORM for PHP that can be used in both traditional and daemonized PHP applications.
• ankitpokhrel/tus-php 1.0 – Server and client implementation of the tus.io, an open protocol for renewable file uploads. The protocol is used, for example, in Vimeo and Cloudflare.
• Infection PHP 0.26.0 – An update to the PHP mutation testing framework. The new version adds HTML reports, mutation of only changed strings, and more.
• Doctrine ORM 2.11 – The update brings support for enumerations, virtual columns, read-only properties, nested attributes, and more.
• Roave/BetterReflection 5.0 – Improved Reflection API: you can get information without loading classes, from closures, and much more. The new version adds support for PHP 8.1 and has better performance.

Tools

• viewi/viewi – A powerful tool for creating reactive applications using only PHP and HTML. In essence, it’s a server-side template engine + frontend framework. But the zest is that you describe all components and logic in PHP and then the tool transpiles them into native JS.

  The project website viewi.net details the mechanism of operation and has code examples. You can also follow a step-by-step tutorial and check out the Symfony integration.

• Roach PHP – A tool for web scraping inspired by the popular Python library, Scrapy.
• symfony/html-sanitizer – A new component to clean up untrusted HTML and protect against XSS. It could be a good alternative to HTML Purifier.
• EventSaucePHP/ObjectHydrator – A library for hydrating raw data (like JSON) into objects.
• ajthinking/archetype – A simple interface for modifying PHP files/classes.
• framjet/php-enum-bitmask – Using enumerations from PHP 8.1 as bitmasks.
• beyondcode/httpdump – Laravel application for debugging incoming HTTP requests (debugging web hooks, etc.). Creates random URLs and dumps all the requests to them in a nice way. You can see it in action at httpdump.app.
• spatie/ignition – This library for displaying debugging error pages, familiar to many from Laravel, but now framework-independent, has been updated and can be used in any application. See the overview blog post.
• chevere/xr – A debug server on ReactPHP, inspired by the spatie/ray, but instead of a desktop application it’s just a CLI command to run. Video demo.
• JustSteveKing/php-sdk, Sammyjo20/Saloon – Two similar libraries with the same idea: simplify SDK creation for services or organize access to different APIs in the common style.
• AliSaleem27/wordle-cl – A CLI version of the popular five-letter word guessing game Wordle.
• staabm/phpstan-dba – An extension for PHPStan that checks the validity of SQL queries in PDO, MySQLi, and Doctrine/DBAL. Demo.
• flow-php/etl – An implementation of the Extract Transform Load pattern to use in your PHP application. Check out the thread from the author to learn more.

Symfony

• The symfony-cli tool has been open-sourced
  In addition to Symfony-specific tasks, the tool includes a local server, which can be used as a modern alternative to MAMP/WAMP. It supports multiple versions of PHP (each project can specify its own), has integration with Docker, local domains, and automatic HTTPS. The tool is implemented in Go, and is available for Linux, macOS, and Windows.
• A better way to quickly start Symfony projects
• Introducing the Symfony 6 Certification – 90 minutes for 75 questions from 15 topics.
• Organizing your Symfony project tests
• The key concepts of Symfony’s Security package in 5 minutes
• Symfony Messenger <3 systemd
• Use PHP Enums as Doctrine type in Symfony
• Build Symfony and Doctrine ORM Applications with ease using Ecotone
• norberttech/static-content-generator-bundle – The tool generates static HTML pages from your Symfony application.
• Using custom PHP attributes for registering and configuring Symfony Messenger handlers
• JSON Columns and Doctrine DBAL 3 Upgrade

Laravel

• Laracon Online is on Feb 9, and it’s free
  The conference is usually paid, but this Laracon Online Winter will be broadcast free on YouTube.
• Building a multi-room chat application with Laravel and Centrifugo
• Managing Laravel services
• Laravel Pseudo-Daemons
• Primitive Types in Controllers and Closure Routes
• How to scale Laravel project on AWS without breaking the bank.
• LaravelDaily/Laravel-Roadmap-Learning-Path – A systematic collection of materials for learning Laravel from simple to complex.
• Building an API using TDD in Laravel
• Efficient Pagination Using Deferred Joins
• 45 New Laravel Tips 2022

Yii

• Yii 1.1.25 – The first version of the Yii framework is not actively developed, but compatibility fixes are still coming out. This update fixes a few for PHP 8.0.
• The first stable releases for some Yii 3 components have also been released: yiisoft/user, yiisoft/translator-extractor, yiisoft/config, yiisoft/yii-swagger, yiisoft/widget, yiisoft/router.
• Yii news 2021, issue 4

Misc

• Trying out PHP after 7 years of working with Java.
• PHP in 2022 – Brent Roose’s traditional ecosystem overview.
• Heaps explained in PHP
• Implementation of Chain of Responsibility Design Pattern in PHP
• async & await at the edge with ReactPHP – PHP 8.1 with fibers support is out! One of the ReactPHP maintainers writes about how they’re used. In particular, the new React\Async\async and React\Async\await functions have been added.
• PHP Benchmark: include() vs file_get_contents() – include() can be faster than file_get_contents() if you tweak the Opcache settings.
• Where does my validation live?
• How to build maintainable PHP applications and decouple business logic from the frameworks.
• Making sense of the 8 log levels in PHP – You’ll most likely only need four.
• Overriding vendor classes – If you don’t want to create a fork, you could properly configure autoloading in composer.json. Or as an option, you can also use patches with cweagans/composer-patches.
• Accessing private properties in PHP – Instead of reflection and access through Closure::bind you can cast object to array (but should you?).
• Sometimes it can be useful to look at the generated opcodes to understand what is going on in the code. The command phpdbg -p* file.php will help.
  

  To better understand how a snippet of #PHP code works internally, you can use `phpdbg -p* file.php` to dump the opcodes.

  This is how you debunk #myths like single quotes being faster than double quotes. pic.twitter.com/2YoG9NAc6F

  — Patrick Allaert PHP 8.1 RM (@AllaertPatrick) January 4, 2022

Community

Thanks for reading!

If you have any interesting or useful links to share via PHP Annotated, please leave a comment on this post or send me a tweet.

Subscribe to PHP Annotated

Your JetBrains PhpStorm team
The Drive to Develop

Greetings everyone,

It’s been a while since the PHP Annotated Monthly was online, so hopefully we are back on track. With Brent joining the PhpStorm team we want to experiment with some new things, so stay tuned!

In this edition, we’ll catch up on the most interesting things that have happened in the PHP world over the last couple of months. As always, it includes curated news, articles, tools, and videos.

News

• PHP 7.4.29, PHP 8.1.5, and PHP 8.0.18
  These are security releases for Windows users, due to updates of built-in dependencies. For non-Windows users, they are just regular bug-fix updates.For PHP 7.3, updates are no longer released, even for security problems. If you are still using PHP 7.3 or PHP 5.x versions, consider updating as soon as possible.

  The Symfony team has raised its minimum required PHP version to 8.1 in the upcoming Symfony 6.1 release. The same shift was made for Drupal 10 and Laravel 10.

  Also, the recently released Ubuntu 22.04 LTS comes with PHP 8.1 preinstalled.

• Updates from the PHP Foundation
  • Six sponsored developers are actively working on maintaining the core.
  • The thephp.foundation website is up and running.
  • A separate newsletter with insights about core developments will be published regularly. Here’s the first edition: PHP Roundup #1.
  • Interview with Core Developers by Sebastian Bergmann.
• Developer Ecosystem Survey 2022
  The annual survey from JetBrains is now open and, of course, there is a section about PHP. This is what the results from last year look like. Take the survey for a chance to win one of the prizes!
• News from PHP-FIG
  • Coding Style PER (PHP Evolving Recommendation) has been officially approved by PHP-FIG and will replace PSR-12. This is the first PER document showing the “live” standard. Thanks to PERs, there will be no need to release another PSR standard every time new syntax is added to PHP. Instead, PERs will be updated according to SemVer.
  • A new PSR draft has been approved: PSR-22 – Application Tracing.
• PhpStorm 2022.1 released
  It comes with improvements for Blade, WordPress, ArrayShape annotations, and many more. Check out a short What’s New video or read the blog post for the full story.
• Composer 2.3 Release
  This release brings small improvements for users and a modernized internal codebase.

  There was also a vulnerability discovered recently – CVE-2022-24828: Composer Command Injection. An attacker controlling a Git or Mercurial repository explicitly listed by URL in composer.json could use specially crafted branch names to execute commands on the machine running the composer update.

  Make sure your Composer is up-to-date by running composer self-update.

• Craft CMS 4
  A major update of the popular open-source CMS was released.

PHP Core

Most of the Core news is covered in detail in the PHP Roundup series from the PHP Foundation, so we’ll only mention them briefly.

• Last call for PHP 8.2 release managers!
  You need to be able to commit to a 3½-year term, and have good knowledge of PHP, Git, and preferably C. There are already one veteran and six rookie candidates.
• ✅ [RFC] Redacting parameters in back traces #PHP8.2
• ✅ [RFC] Allow null and false as stand-alone types #PHP8.2
• ✅ [RFC] Deprecate ${} string interpolation #PHP8.2
• ✅ [RFC] Deprecate and Remove utf8_encode and utf8_decode
• ✅ [RFC] Undefined Variable Error Promotion
• 🗳 [RFC] Readonly classes
• ❌ [RFC] Sealed Classes
• 🆕 [RFC] Add true type
• 🆕 [RFC] Disjunctive Normal Form Types
• [RFC] final class Collections\Deque
  As part of an initiative to add optimized data structures to PHP, the first proposal is ready.
  Deque – This is a two-way queue, i.e. items can be added and removed both at the beginning and at the end. It can be used instead of SplQueue or SplDoublyLinkedList to get a performance gain and reduce memory consumption.
• RFC Introduce a class-string type
  It’s not an official RFC, but an interesting idea to make class-string a real type, as it’s already widely used in static analyzers’ annotations.

Tools

• CanIPHP.com – It’s like caniuse.com, but for PHP features.
• clue/stream-filter – A simple and modern approach to stream filtering in PHP. You can do some crazy stuff with stream filters in PHP, but also practical things, too.
• sfx101/deck – A GUI tool for quick spin-up and configuration of local web development environments, which could be useful for PHP newcomers.
• marijnvanwezel/try – A simple CLI tool to try Composer packages with a single command. Just install it and run: try %vendor%/%package%.
• frodeborli/moebius – Golang-like coroutines for PHP versions 8.1 or above. The author used his own event-loop implementation, and even a custom testing framework.
• Crell/AttributeUtils — Utilities to help ease the parsing and managing of attributes. You might be also interested in koriym/Koriym.Attributes, which can read both doctrine/annotations and PHP 8 attributes with a doctrine annotation interface.
• spatie/visit – A CLI HTTP client that shows responses of any URL in a beautiful way.
• laravel/valet – A lightweight local dev environment for Mac. No Docker or VirtualBox, just native Nginx and PHP. It can be used for any projects, not only Laravel, and since v3 you can use different PHP versions for each folder (project).
• roach-php/core – The complete web scraping toolkit for PHP.
• PHPStan 1.6.0 – Released with support for conditional return types and integer masks.
• flow-php/etl – An ETL (Extract Transform Load) data processing library for PHP with support for async processing via ReactPHP or Amphp.
• igorhrcek/wp-cli-secure-command – One CLI command to secure your WordPress installation.
• williarin/wordpress-interop – A package based on Doctrine/DBAL for easier access to the WordPress database from other PHP applications.
• sj-i/php-profiler – A sampling profiler for PHP implemented in pure PHP (FFI). You can generate flame diagrams, run trace output in top-like mode, and more.
• mrsuh/php-var-sizeof – A function to get the memory size for any variable that promises to be more accurate compared to memory_get_usage(). Requires PHP 7.4 or higher with FFI.
• davidcole1340/ext-php-rs – Bindings for the Zend API to build PHP extensions natively in Rust.
• easysoft/phpmicro – A statically compiled micro PHP interpreter that can be bundled with your CLI tools to distribute them as PHP-agnostic binaries. Looking forward to Marcel Pociot automating the process!

Symfony

• See what’s coming in Symfony 6.1.
• 📺 Harmonious Development with Symfony 6 – The 2+ hour tutorial for getting started with Symfony is now fully available for free at SymfonyCasts.
• Using Symfony Form in WordPress.
• “Symfony: The Fast Track” Symfony is now available for Symfony 6.
• Symfony Station Communiqué – April 29, 2022.

Laravel

• 📺 Laravel Origins: The Documentary – This video tells the story of why Laravel came to be, how it’s grown over the last 10 years, and what the future may hold for Taylor and the wider Laravel community.
• Laravel Idea 5.3 – An update to the popular paid PhpStorm plugin comes with the Extract Blade Component refactoring, translation values, and advanced event listeners search.
• LaravelProTips.com – A collection of useful articles and tweets.
• alexeymezenin/laravel-best-practices – More Laravel best practices.
• 📺 Build a Laravel app and deploy it to production in 5 hours – A speedrun by Brent.
• 📺 Xdebug 3: Laravel Sail with PhpStorm.

Yii

• Yii news 2022, issue 1.
• Interview Questions For Yii 2 – Many of them are about PHP in general and can be useful for all job-seekers.

Misc

• Comprehensive posts about Docker for PHP developers by Pascal Landau: Docker from scratch for PHP 8.1 Applications in 2022, PhpStorm, Docker and Xdebug 3 on PHP 8.1, and more on his website.
• Posts on naming constructors by Andreas Möller and by Stefan Priebsch.
• How the Middleware Pattern works and can easily be applied in PHP.
• How To Mock Functions That Have External HTTP Requests.
• Writing Readable PHP – A paid course by Freek Van der Herten and Christoph Rumpel with bite size tips that make your code a joy to read for you, your coworkers, and your future self.
• PHP Tricks: Multi-value match() — Did you know you can compare multiple values in a single match expression? Like this:
  

  function mayFriend(User $u1, User $u2, Group $group): FriendPermission
  {
      return match ([$u1->inGroup($group), $u2->inGroup($group)]) {
          [true, true] => FriendPermission::Allow,
          [true, false] => FriendPermission::WithApproval,
          [false, true] => FriendPermission::WithApproval,
          [false, false] => FriendPermission::Deny,
      };
  }
  

• Interfaces are not class templates.
• Speeding up array_merge().
• All the Dynamic Syntaxes in PHP – Good source for interview questions?
• Solving Open Source Supply Chain Security for the PHP Ecosystem – An interesting post about the initiatives of the folks at Paragon IE. They are now working on a tool called Gossamer to securely update apps and dependencies. Previously, they introduced libsodium to the PHP core, created Paseto, a safer alternative to JWT, and developed other tools.
• Service locator: an anti-pattern.
• 📺 Xdebug 3: Debugging Unit Tests with PhpStorm.
• 📺 Learn PHP The Right Way – Full PHP course in 88 videos for free.

Generics

PHP has seen a lot of generics-related activity lately, so we gave them their own section in this post.

• 📺 First, check out this series of videos on Generics in PHP from Brent.
• If you’d like to dive deeper, you might be interested in the post about Generics implementation approaches.
• Try an interesting project that implements them in PHP: mrsuh/php-generics. Interestingly, there was a discussion on Reddit about dropping the runtime type checks in PHP for performance. The tool above implements type erasure, so it could theoretically be used for such performance use cases: composer dump-generics --type=type-erasure.
• One of the main applications of generics is collections. Check out Comparing PHP Collections.
• And last but not least, fun art by @SerafimArts:

Community

• 📺 PHP isn’t dead, featuring the Laravel Origins cast.

• PHP is definitely the best array-oriented programming language

  — Jose Diaz (@savant) April 28, 2022

• “PHP doeSNt sCaLE”

  ☁️ Reached 99.999% (five nines) REAL uptime for ALL my sites on a SINGLE 🤖 VPS w/ 204M reqs/mo https://t.co/s1FQtjucz2

  “five nines is high availability of services, when the downtime is less than 5 minutes per year”

  🥳 pic.twitter.com/VEM1Kcc5Gw

  — @levelsio (@levelsio) April 30, 2022

That’s all for today – thanks for reading!

If you have any interesting or useful links to share via PHP Annotated, please leave a comment on this post or send me a tweet.

Subscribe to PHP Annotated

Your JetBrains PhpStorm team
The Drive to Develop