Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zsolt Szend:
Dynamic dependency injection
May 18, 2016 @ 13:32:25

In this new tutorial Zsolt Szende talks about dependency injection and how to handle objects and related needs at runtime rather than the pre-configured method that some injection containers/systems have defined.

In this short article I would like to demonstrate a way to inject dependencies that are not known until runtime. There are many use cases for this and in essence it is about choosing between concrete implementations of some common interface. In object oriented design this is known at the Strategy pattern. The choice itself can be made in various ways, for example via a configuration option or a command line parameter in case of a console command, and I think the dynamic nature of the choice is the most interesting part of the pattern.

The article provides a practical example of an XML/JSON reader pulling information from an external source. A simple interface is defined and two implementation classes put it to use. Then the "command" pattern is used to apply it to an executable script and how injecting a reader type directly overrides the one from the provided option. This is taken a step further and refactored into a "resolver" to determine the best logic to apply based on the input argument.

tagged: dynamic dependency injection xml json reader tutorial resolver

Link: http://pwm.github.io/dynamic-dependency-injection/

Paragon Initiative:
Securely Implementing (De)Serialization in PHP
Apr 18, 2016 @ 11:58:22

The Paragon Initiative site has a new tutorial posted aiming to help you more securely use the serialize and unserialize handling in PHP to prevent security issues. In this tutorial they offer some advice - mainly don't unserialize unless you're on PHP7 - and some other solutions you could use.

A frequent problem that developers encounter when building web applications in PHP is, "How should I represent this data structure as a string?" Two common examples include:
  • Caching a complex data structure (to reduce database load)
  • Communicating API requests and responses between HTTP-aware applications
This seems like the sort of problem that you could expect would have pre-existing, straightforward solutions built into every major programming language that aren't accompanied by significant security risk. Sadly, this isn't the case.

He starts with a look at the serialization handling and how it could allow remote code execution if an attacker were to modify the serialized data. He includes an example of using the new "allowed classes" parameter in PHP 7 too, though, preventing the issue. He also walks through two other ways you could replace serialized data: JSON structure and XML handling. Each of these have their own issues too but they're very different than the code execution with serialization.

tagged: serialize unserialize security json xml tutorial example vulnerability

Link: https://paragonie.com/blog/2016/04/securely-implementing-de-serialization-in-php

Rob Allen:
Improved error handling in Slim 3 RC1
Sep 08, 2015 @ 12:23:52

Rob Allen has a quick post to his site talking about some of the improved error handling that's been updated in the latest version of the Slim microframework to help make reporting issues easier in multiple contexts.

From RC1 of Slim 3, we have improved our error handling. We've always had error handling for HTML so that when an exception occurs, you get a nice error page [...] However, if you're writing an API that sends and expects JSON, then it still sends back HTML. [...] At least we set the right Content-Type and status code! However, this isn't really good enough. We should send back JSON if the client has asked for JSON. Until RC1, the only way to do this was to register your own error handler.

With Slim 3 the framework handles things more correctly based on the value of the "Accept" header sent along with the request. This value is checked and, if it references JSON or XML, the error message is translated either giving the default output or reporting back for the "notFound" and "notAllowed" error types.

tagged: slimframework slim3 error handling context html json xml accept header

Link: http://akrabat.com/improved-error-handling-in-slim-3/

NetTuts.com:
Understand Overriding in Magento: Controllers
Jul 24, 2015 @ 11:19:45

The NetTuts.com site has posted a tutorial (the third and last in their series) showing how to override controller handling in Magento. In the previous posts they showed how to override functionality related to the models and blocks (frontend layout elements).

In Magento, the controller is responsible for handling incoming requests, and it's a backbone of the Magento routing implementation. [...] As I said in the previous tutorial, it's never recommended to change core files directly, as it makes upgrading Magento really difficult. To avoid this, we should follow the standard way of making desired changes to core files: we should either use event observers or override core files with our custom module files. We'll discuss the overriding feature today.

You'll need to be familiar with custom module creation to be able to follow along (see here if not) but other than that they provide everything you'll need. They start by creating the files and folders needed for the custom module including:

  • Module XML definition (Envato_All.xml)
  • Module XML configuration
  • the Envato_Catalog_ProductController controller file (PHP)

The controller extends the pre-existing Product controller but the configuration definitions tell it ti use the "Envato" version instead.

tagged: magento overriding controller tutorial custom xml module

Link: http://code.tutsplus.com/tutorials/understand-overriding-in-magento-controllers--cms-23386

Mattias Noback:
Refactoring the Cat API client (3 Part Series)
Jul 16, 2015 @ 11:25:54

Mattias Noback has posted a three part series of tutorial articles around the refactoring of a "CatApi" class. These articles take the class from a jumbled mess of functionality with both direct file access and remote requests mixed in into something much more maintainable and flexible.

t turned out, creating a video tutorial isn't working well for me. I really like writing, and speaking in public, but I'm not very happy about recording videos. I almost never watch videos myself as well, so... the video tutorial I was talking about won't be there. Sorry! To make it up with you, what follows is a series of blog posts, covering the same material as I intended to cover in the first episodes of the tutorial.

In part one he introduces the current state of the "CapApi" class and some of the problems with it, both in testing and in structure. He does some basic refactoring to split out some of the logic here and moves on to part two. In the second part of the series he focuses on refactoring the HTTP request and the local file system functionality into abstract, injectable objects. Finally in part three he adds in some verification around the data being passed back and forth between objects including both simple checking and the use of value objects.

tagged: refactor api class series part1 part2 part3 filesystem http request xml validation

Link: http://php-and-symfony.matthiasnoback.nl/2015/07/refactoring-the-cat-api-client-part-1/

ServerGrove Blog:
Linters for PHP projects
Jun 03, 2015 @ 12:34:53

In a new post to the ServerGrove blog they look at linting tools for various circumstances including standard PHP, Twig templates and Composer configuration.

Today’s projects are built up from dozens of different components, configuration files, third-party libraries, tests, build scripts, etc. And even if you have the greatest test suite, bad things can happen sometimes. It’s important to catch bugs as early as possible, and syntax validators can be a great (and easy) addition to your continuous integration system. You would be surprised at how many problems are caused by syntax errors. At ServerGrove, we see these kind of problems with our clients almost every day.

Their list shows you how to lint (syntax check) several different types of content:

  • standard PHP code
  • Twig templates
  • Composer configuration
  • XML files
  • Bash scripts
  • JSON files
  • YAML files

Some of them use tools that already come built-in (like PHP's "-l" or Twig's "twig:lint") but others require the use of external software such as xmllint or melody. Command examples are also included for each.

tagged: lint project types twig bash composer xml json yaml tools

Link: http://blog.servergrove.com/2015/06/02/linters-php-projects/

This Programming Thing:
Creating Your Own Standard in PHPCS
May 12, 2015 @ 08:55:30

On the This Programming Thing blog there's a recent post showing you how to define your own "sniff" settings for the popular PHP_CodeSniffer tool. The codesniffer lets you define standards that need to be in place for all code in your application and notifies you of violations.

At Zimco, we’ve started working on standardizing our coding but we ran into a little problem while we tried to automate the process of making sure our code adhered to that standard. [...] I think we get into our own way of doing things and everything else is wrong. This code makes me feel irrationally angry (so angry I’m having a hard time not fixing it…). Ultimately, the best way to fix these kinds of formatting problems is to sit down and discuss what’s best and have everyone stick to the same set of standards.

They talk some about the place for PSR in coding standards (specifically PSR-2) and the fact that there's already "sniffs" provided to check against those rules. However, they point out that running this against a non-PSR-2 codebase can be a mess and show you how to customize your own standard to more match your current state. They use an XML configuration file to update the tab width setting to four spaces and then apply the PSR-2 standards. They also show how to exclude certain rules and mention a handy plugin you can use in Sublime Text to keep your code within standards.

tagged: standard phpcs phpcodesniffer sniff configuration xml psr2 update exclude

Link: http://www.thisprogrammingthing.com/2015/creating-your-own-standard-in-phpcs/

Evert Pot:
An XML library for PHP you may not hate.
Apr 02, 2015 @ 11:13:55

Evert Pot has posted about an XML library you may not hate, the sabre/xml library.

If you are writing or consuming API's in PHP, chances are that you need to work with XML. In some cases you may even prefer it. You may have started with SimpleXML and after a while switched to using the DOM after realizing SimpleXML is really not that simple if you strictly use xml namespaces everywhere.

For writing XML, you may have found that using the DOM requires far too much code, or you may simply generate your XML by echoing strings, knowing that it may not be the best idea. sabre/xml hopes to solve your issues, by wrapping XMLReader and XMLWriter, and providing standard design patterns.

He includes some example code showing how it works, extending the XMLReader/Writer functionality with a simplified interface. He includes examples of both writing a new XML file or reading in and working with the contents of a given one. He does point out one issue, though - the library cannot really read in XML contents, modify it and send it back out (it's a "single pass" system). He wraps up the post talking about the various interfaces and elements in the library and some of the overall benefits it provides.

tagged: xml library xmlreader xmlwriter interface simple

Link: http://evertpot.com/an-xml-library-you-may-not-hate/

Web Mozarts:
Defining PHP Annotations in XML
Oct 24, 2014 @ 11:10:53

The Web Mozarts blog has an interesting new post today that talks about using annotations in your PHP code to define the attributes in resulting XML that could be generated dynamically from your objects.

Annotations have become a popular mechanism in PHP to add metadata to your source code in a simple fashion. Their benefits are clear: They are easy to write and simple to understand. Editors offer increasing support for auto-completing and auto-importing annotations. But there are also various counter-arguments: Annotations are written in documentation blocks, which may be removed from packaged code. Also, they are coupled to the source code. Whenever an annotation is changed, the project needs to be rebuilt. This is desirable in some, but not in other cases.

They focus in on Symfony-based applications as a good base to work from (as they've pushed to have annotations work in the code for things like routing and data type definition). He starts with an example Doctrine class - a "best buddy" for Symfony as far as annotations go - and how the annotations define the different properties. He also includes an example of the XML output of the same definition generated through an "AnnotationReader" instance. He talks about having multiple XML documents representing one object with different annotations put in each, including the XML output. The post finishes with some advantages including the ease of validation by XML-friendly tools looking to interface with the application.

tagged: annotations xml tutorial symfony doctrine example

Link: http://webmozarts.com/2014/10/24/defining-php-annotations-in-xml/

Thomas Weinert:
FluentDOM 5 + XML Namespaces
Aug 07, 2014 @ 10:50:22

In this new post to his site Thomas Weinert shows how to use the FluentDOM library (a PHP implementation of a Javascript library by the same name) when XML namespaces are involved.

FluentDOM 5 allows to register namespaces on the DOM document class. These are not the namespaces of a loaded document, but a definition of namespaces for your programming logic.

He compares it to both a PHP example, using the DOMXpath handling and a Javascript sample using its own xmlDocument functionality. Finally he compares these examples to the few lines of FluentDOM code to handle the same kind of evaluation. He wraps up the post with a brief mention of the "appendElement" function that wraps serveral operations in one for easy element additions.

tagged: fluentdom xml namespace tutorial javascript domxpath element

Link: http://www.a-basketful-of-papayas.net/2014/08/fluentdom-5-xml-namespaces.html