Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Latest PECL Releases (03.19.2019)
Mar 19, 2019 @ 08:05:02

Latest PECL Releases:

  • ahocorasick 0.0.6
    Version fixes

  • ahocorasick 0.0.5
    Memory handling fixes in the match result fixes. Minor test and code fixes. PHP 7.3, 7.4 support added.
  • ahocorasick 0.0.4
    Initial release
  • ahocorasick 0.0.3
    Initial release
  • redis 4.3.0
    phpredis 4.3.0

    This is probably the latest release with PHP 5 suport!!!

    • Proper persistent connections pooling implementation [a3703820, c76e00fb, 0433dc03, c75b3b93] (Pavlo Yatsukhnenko)
    • RedisArray auth [b5549cff, 339cfa2b, 6b411aa8] (Pavlo Yatsukhnenko)
    • Use zend_string for storing key hashing algorithm [8cd165df, 64e6a57f] (Pavlo Yatsukhnenko)
    • Add ZPOPMAX and ZPOPMIN support [46f03561, f89e941a, 2ec7d91a] (@mbezhanov, Michael Grunder)
    • Implement GEORADIUS_RO and GEORADIUSBYMEMBER_RO [22d81a94] (Michael Grunder)
    • Add callback parameter to subscribe/psubscribe arginfo [0653ff31] (Pavlo Yatsukhnenko)
    • Don't check the number affected keys in PS_UPDATE_TIMESTAMP_FUNC [b00060ce] (Pavlo Yatsukhnenko)
    • Xgroup updates [15995c06] (Michael Grunder)
    • RedisCluster auth [c5994f2a] (Pavlo Yatsukhnenko)
    • Cancel pipeline mode without executing commands [789256d7] (Pavlo Yatsukhnenko)
    • Use zend_string for pipeline_cmd [e98f5116] (Pavlo Yatsukhnenko)
    • Different key hashing algorithms from hash extension [850027ff] (Pavlo Yatsukhnenko)
    • Breaking the lock acquire loop in case of network problems [61889cd7] (@SkydiveMarius)
    • Implement consistent hashing algorithm for RedisArray [bb32e6f3, 71922bf1] (Pavlo Yatsukhnenko)
    • Use zend_string for storing RedisArray hosts [602740d3, 3e7e1c83] (Pavlo Yatsukhnenko)
    • Update lzf_compress to be compatible with PECL lzf extension [b27fd430] (@jrchamp)
    • Fix RedisCluster keys memory leak [3b56b7db] (Michael Grunder)
    • Directly use return_value in RedisCluster::keys method [ad10a49e] (Pavlo Yatsukhnenko)
    • Fix segfault in Redis Cluster with inconsistent configuration [72749916, 6e455e2e] (Pavlo Yatsukhnenko)
    • Masters info leakfix [91bd7426] (Michael Grunder)
    • Refactor redis_sock_read_bulk_reply [bc4dbc4b] (Pavlo Yatsukhnenko)
    • Remove unused parameter lazy_connect from redis_sock_create [c0793e8b] (Pavlo Yatsukhnenko)
    • Remove useless ZEND_ACC_[C|D]TOR. [bc9b5597] (@twosee)
    • Documentation improvements (@fanjiapeng, @alexander-schranz, @hmc, Pavlo Yatsukhnenko, Michael Grunder)
  • swoole 4.3.1
    Enhancement --- * After `Server` enabled `ssl_verify_peer`, the client without the certificate will be forcibly disconnected (31a038f) (@shiguangqi) * `MySQLStatement::execute` can accept null arguments (0207ebc) (@twose) * Now part of the fatal error message caused by illegal code will show the call stack trace, the warning will be more friendly (such as calling the coroutine method outside the coroutine) (@twose)

    Fixed

    • FixedswSignalfd_set unexpected result (#2397) (@junwei-qu)
    • Fixed Socks5proxy memory error (9dd0b7c) (@twose)
    • FixedRedis backward compatibility (connect timeou configuration does not work) (21f34cc) (@twose)
    • Fixed Server reload BUG (31a038f) (@shiguangqi)
    • Fixed CoHttpClient with defer mode and call recv with the timeout agrument but timeout does not work (2c1cd83) (@twose)
    • Fixed call the coroutine method out side the coroutine core dump (2bf6b09) (@twose)
    • Fixed Swoole + PHP73 with pcre.jit on MacOS core dump (17ccaf3) (@twose)
    • Fixed build failed on 32-bit env (#2411) (@twose)
    • Fixed CoSocket construct failed (@twose)
    • FixedProcessPool system msg queue not work (#2424) (@matyhtf)
    • Fixed user and group configurations not work in Server with BASE mode (#2402) (@matyhtf)
    • Fixed CoMySQL connect timeout coredump on low version of Linux (d6736e4) (@twose)
tagged:

Link:



Community News:
Latest PECL Releases (03.12.2019)
Mar 12, 2019 @ 08:05:01

Latest PECL Releases:

  • zookeeper 0.6.4
    Bugs:

    • Fix segmentation fault after destroying Zookeeper instance (Issue #32)
  • datadog_trace 0.15.1
    ### Added - Symfony 2.3 web tests for resource name #349 - Update images and enable leak detection, split tests in CI to Unit, Integration and Web #299

    Fixed

    • Resource name on Symfony 2.x requests served through controllers #341
    • Sanitize url in web spans #344
    • Laravel 5.8 compatibility #351
  • zookeeper 0.7.1
    Bugs: - Fix segmentation fault after destroying Zookeeper instance (Issue #32)
  • xdebug 2.7.0
    Wed, Mar 6, 2019 - xdebug 2.7.0

    = Fixed bugs:

    • Fixed issue #1520: Xdebug does not handle variables and properties with "-" in their name
    • Fixed issue #1577: Code coverage path analysis with chained catch fails in PHP 7.3
    • Fixed issue #1639: Compile warning/error on GCC 8 or Clang due to "break intentionally missing"
    • Fixed issue #1642: Debugger gives: "Warning: Header may not contain NUL bytes"
  • redis 4.3.0RC2
    phpredis 4.3.0RC2

    This is probably the latest release with PHP 5 suport!!!

    • Proper persistent connections pooling implementation [a3703820, c76e00fb, 0433dc03, c75b3b93] (Pavlo Yatsukhnenko)
    • RedisArray auth [b5549cff, 339cfa2b, 6b411aa8] (Pavlo Yatsukhnenko)
    • Use zend_string for storing key hashing algorithm [8cd165df, 64e6a57f] (Pavlo Yatsukhnenko)
    • Add ZPOPMAX and ZPOPMIN support [46f03561, f89e941a, 2ec7d91a] (@mbezhanov, Michael Grunder)
    • Implement GEORADIUS_RO and GEORADIUSBYMEMBER_RO [22d81a94] (Michael Grunder)
    • Add callback parameter to subscribe/psubscribe arginfo [0653ff31] (Pavlo Yatsukhnenko)
    • Don't check the number affected keys in PS_UPDATE_TIMESTAMP_FUNC [b00060ce] (Pavlo Yatsukhnenko)
    • Xgroup updates [15995c06] (Michael Grunder)
    • RedisCluster auth [c5994f2a] (Pavlo Yatsukhnenko)
    • Cancel pipeline mode without executing commands [789256d7] (Pavlo Yatsukhnenko)
    • Use zend_string for pipeline_cmd [e98f5116] (Pavlo Yatsukhnenko)
    • Different key hashing algorithms from hash extension [850027ff] (Pavlo Yatsukhnenko)
    • Breaking the lock acquire loop in case of network problems [61889cd7] (@SkydiveMarius)
    • Implement consistent hashing algorithm for RedisArray [bb32e6f3, 71922bf1] (Pavlo Yatsukhnenko)
    • Use zend_string for storing RedisArray hosts [602740d3, 3e7e1c83] (Pavlo Yatsukhnenko)
    • Update lzf_compress to be compatible with PECL lzf extension [b27fd430] (@jrchamp)
    • Fix RedisCluster keys memory leak [3b56b7db] (Michael Grunder)
    • Directly use return_value in RedisCluster::keys method [ad10a49e] (Pavlo Yatsukhnenko)
    • Fix segfault in Redis Cluster with inconsistent configuration [72749916, 6e455e2e] (Pavlo Yatsukhnenko)
    • Masters info leakfix [91bd7426] (Michael Grunder)
    • Refactor redis_sock_read_bulk_reply [bc4dbc4b] (Pavlo Yatsukhnenko)
    • Remove unused parameter lazy_connect from redis_sock_create [c0793e8b] (Pavlo Yatsukhnenko)
    • Remove useless ZEND_ACC_[C|D]TOR. [bc9b5597] (@twosee)
    • Documentation improvements (@fanjiapeng, @alexander-schranz, @hmc, Pavlo Yatsukhnenko, Michael Grunder)
  • swoole 4.3.0
    New Features --- + `Co::getContext` to get the coroutine context object ([RFC-1018](https://github.com/swoole/rfc-chinese/issues/45)) (@twose) + `Co::getPcid` to get the parent coroutine ID ([RFC-1017](https://github.com/swoole/rfc-chinese/issues/41)) (@twose) + `Co::exists` to know if a coroutine exists (@twose) + Runtime Coroutine Hook supports `stream_select` (#2358) (@matyhtf) + `max_wait_time` configuration support in BASE mode (#2282) (@shiguangqi) + Support for one-way delivery tasks in the `Master/Manager/User` process ([RFC-1015](https://github.com/swoole/rfc-chinese/issues/38)) (@matyhtf) + `CoSocket` has two new APIs `recvAll` and `sendAll` to ensure complete receive/send data until completion or error (3700cbb) (@twose) + `Process` supports the coroutine mode, please refer to ([Use Coroutine in Process](https://wiki.swoole.com/wiki/page/p-process_coro.html)) + `Process->exportSocket` to export `CoSocket` object (91d3621) (@matyhtf) + Added `Server->getCallback` method to get the callback function of the specified name of the Server (@matyhtf)

    Enhancement

    • The default max number of connections is 100K (instead of 10K) now. If the system configuration is less than this number, use the system configuration first (3d2e387) (@twose)
    • Optimize the code for the Timer module, which now runs faster and accepts any number of arguments (#2347) (@twose)
    • Co::stats will show more information such as the number of events, the number of registered signals, the number of AIO tasks, etc. (@matyhtf)
    • Co::getBackTrace with no params is equivalent to debug_backtrace (@twose)
    • Co::listCoroutines is renamed to Co::list, but the original name is still reserved as an alias (Backward compatibility) (@twose)
    • Table::exist, Server::exist are renamed to exists, but the original name is still reserved as aliases (Backward compatibility) (@twose)
    • Redis will automatically authenticate and select the corresponding database when it is automatically reconnected. Add API: getOptions, getAuth, getDBNum (#2303) (fdac8a3) (@windrunner414 & @twose)
    • The default Socket buffer size on FreeBSD should be 2M (750a29c) (@twose)
    • Server->stats will show worker_dispatch_count which can get the number of requests submitted by the master to the current process. The number of requests in the queue can be got by worker_dispatch_count - worker_request_count (a353808) (@matyhtf)
    • Remove Nghttp2 dependencies, no longer need to install it, configuring compilation parameters to open
    • Coroutines now have no max nesting level limitation (there are no real nesting relations between coroutines) (5458cbc) (@twose)
    • When the coroutine reaches the max limitation, the HTTP server will return a 503 error indicating that the service is temporarily unavailable (ebd377f) (@twose)
    • defer will now accept a parameter whose value is the return value at the end of the coroutine (example) (@twose)

    Fixed

    • Fixed error when the task method passed a null argument (#2366) (@twose)
    • Fixed Http client send big data incomplete (#2360) (@twose)
    • Fixed the bug that unprocessed data in the buffer was lost when the TCP client used the eof protocol (a59ae39) (@twose)
    • Fixed async security of Server Reload (022f859) (@matyhtf)
    • Fixed the index value of the connection iterator (b066146) (@twose)
    • Fixed the bug that Set-Cookie special characters are too long to be outputed (#2368) (@mabu233 & @twose)
    • Fixed the bug that Http client did not decode the cookie (duplicated encode when sent) (069ca5d) (@twose)
    • Fixed Http client download with timeout lead to coredump (#2377) (@matyhtf & @twose)
    • Fixed __call and call_user_func* lead to coredump when calling MySQL client method (#2387) (@matyhtf)
    • Fixed coredump when Http2 client header name passed in a number (#2375) (@mabu233)
    • Fixed SwooleEvent::dispatch behavior not as expected (#2390) (@matyhtf)
    • Fixed Socks5 proxy handshake failed (94ef96c) (@twose)
    • Fixed a memory read error caused by a connection failure in a low-version Linux kernel (5adf625) (@matyhtf & @twose)
    • Fixed the bug that the server used the timer in the BASE single-process mode not work (82eca13) (@twose)
    • Fixed compilation failure due to unstable ZendAPI in low-version (768b8a7) (@shiguangqi)
    • Fixed EINVAL when calling sendto (#2395) (@junwei)

    Unsupported

    • Create server or customs process after using async file IO are not allowed
    • Create server or customs process in coroutine are not allowed

    Removed

    • WebsocketServer->exists only shows if the connection exists. Please use the isEstablished method to get if it is a Websocket client.
    • Remove the swoole.fast_serialize configuration item
    • Removed the PHP Warning when the CoClient method return failed
    • Remove the Server->gzip method
    • Remove PicoHttpParser support

    Remove async modules

    Remove all async modules, separate asynchronous extensions to async-ext:

    • Async functions
    • MySQL
    • Redis
    • HttpClient
    • MemoryPool
    • MsgQueue
    • RingQueue
tagged:

Link:


Community News:
Latest PECL Releases (03.05.2019)
Mar 05, 2019 @ 08:05:02

Latest PECL Releases:

  • protobuf 3.7.0
    GA release.

  • parallel 0.8.2
    - fix bugs in copying literals
  • datadog_trace 0.14.1
    ### Fixed - Large number of mysqli spans not containing relevant information #330
  • gRPC 1.19.0
    - gRPC C Core 1.19 uptake
  • zookeeper 0.7.0
    Improvements: - Make parameter 'acls' of method 'create' optional - Add static method 'dispatch' - Drop PHP-5 support (Issue #14) Bugs: - Fix segmentation fault found in PHP 7.3
  • datadog_trace 0.14.0
    ### Added - Loading of integrations before knowing if the library will be actually used #319 - Ability to define tracing for not yet defined methods and classes #325
tagged:

Link:



Snyk.io:
The State of Open Source Security Report 2019
Feb 27, 2019 @ 16:09:28

On the Snyk.io site they've announced the release of their State of Open Source Security Report for 2019. In this report they talk about packages and managers outside of the PHP ecosystem, but there's also plenty in there about general Open Source security, regardless of the technology used.

We’ve seen big technology players doubling-down on open source in 2018. In every registry we reviewed, we saw an increasing rate of open source libraries being indexed in every language ecosystem. This is to be expected, but the rate of growth may come as a surprise to many.

[...] In 2017 the CVE list reported more than 14,000 vulnerabilities, breaking the record for the most CVEs reported in a single year. 2018 continued the record-breaking streak with over 16,000 vulnerabilities reported.

We can see how open source package growth translates into user adoption when looking at the download numbers for various packages in different ecosystems.

They specifically cover packages in the Node.js, Python and Java worlds but the same principles apply to PHP and Composer packages too. There's a few other related posts that go into more detail on the vulnerability increases, the desire for Open Source developers to be security-minded and other topics. You can get all of the information in one place, though: the PDF version of the report.

tagged: opensource security stateofsecurity report 2019 snyk

Link: https://snyk.io/opensourcesecurity-2019/

Christian Scheb:
PHPStorm Inspections for your Continuous Integration Process
Feb 27, 2019 @ 15:24:33

In a new post to his site Christian Scheb has written up a guide to help you set up inspections in PHPStorm to help make your continuous integration process simpler.

Did you know that PHPStorm (or any other Jetbrains IDE) can run inspections from command line and generate XML files for the results? This is a great “hidden” feature of those IDEs and machine-readable output means it can be somehow integrated with a continuous integration (CI) process. So let’s do this!

He walks you through the full process to get the integration set up to easily report the results of various code inspections:

  • Setting Up PHPStorm on a Server
  • Plugin installation (such as the PHP annotations checker)
  • Running the inspections (including configuration)
  • Publishing the result

All commands and configuration examples are included.

tagged: phpstorm continuousintegration inspection tutorial setup configure

Link: https://www.christianscheb.de/archives/808