Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

RIPSTech.com:
WARNING: WordPress File Delete to Code Execution
Jun 27, 2018 @ 10:29:26

On the RIPSTech.com site they've posted a warning to the WordPress users out there about a vulnerability that would allow a malicious user to delete any file in the WordPress installation, not just file uploads.

At the time of writing no patch preventing this vulnerability is available. Any WordPress version, including the current 4.9.6 version, is susceptible to the vulnerability described in this blogpost.

For exploiting the vulnerability discussed in the following an attacker would need to gain the privileges to edit and delete media files beforehand. Thus, the vulnerability can be used to escalate privileges attained through the takeover of an account with a role as low as Author, or through the exploitation of another vulnerability/misconfiguration.

The post includes more details around the impact of the issue and where in the code the problem lies. It also offers a temporary "hotfix" as a way around the issue by adding a new filter that uses the basename function to reset the thumbnail data.

tagged: security wordpress delete file vulnerability code execution

Link: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

Matt Stauffer:
How to count the number of lines of code in a PHP project
Jun 25, 2018 @ 10:50:37

In this post to his site Matt Stauffer shares several methods you can use to count the total number of lines of code in a PHP project.

I'm giving a talk soon about Laravel and "the enterprise", and the concept of LOC (lines of code) keeps coming up. It turns out that's actually a much harder number to discover than you might think, so I figured I would write up a few options here.

For what it's worth, I'm not a big fan of LOC as a measure of any importance, but it can at least give us some broad foundations to use to talk about broad differences in project size. If you were to ask me, I would say we shouldn't even think about it. But we don't always have that luxury.

He starts with a tl;dr for those that want the quick win (use PHPLOC) but shares other options with different tools too:

He shares answers to a few FAQs about finding lines of code and the output of each tool/command on the same project to show the differences.

tagged: linesofcode code lines count tutorial phploc cloc phpstorm sublimetext silversearcher

Link: https://mattstauffer.com/blog/how-to-count-the-number-of-lines-of-code-in-a-php-project/

Tomas Vortuba:
Is Your Code Readable By Humans? Cognitive Complexity Tells You
May 21, 2018 @ 10:55:07

In his latest post Tomas Votruba shares some of his thoughts around the importance of code readability and the idea of "cognitive complexity".

Cyclomatic complexity is a static analysis measure of how difficult is code to test. Cognitive complexity tells us, how difficult code is to understand by a reader.

Today, we'll see why is the later better and how to check it in your code with a Sniff.

He references this post and this PDF as sources for more information about cognitive complexity but opts for code examples to explain some of the basic concepts. He then gets into the automation of these kinds of checks, using a custom code sniff to check the complexity of the code. He walks through the installation process of the CognitiveComplexitySniff and shares some example results from its evaluation.

tagged: code readability human cognitive complexity example codesniffer tutorial

Link: https://www.tomasvotruba.cz/blog/2018/05/21/is-your-code-readable-by-humans-cognitive-complexity-tells-you/

Web Technologies Blog:
Code quality tools in PHP to check and improve your code
Apr 12, 2018 @ 10:52:55

On the Web Technologies blog they've posted a guide to some of the top PHP code quality assurance tools to ensure your codebase is kept neat, clear and clean from any unnecessary complexity.

You’ve got the good approach dear reader: code quality tools are essential to write solid and error-free PHP code. It can help your colleagues detect defects in the codebase and teach them some key concepts.

Don’t forget however that the advises and data they can provide won’t be appropriate everywhere. Your experience and your analysis skills are the one you should trust first.

The tutorial starts of with some of the tooling you'll need to get the system up and running: Composer for package management, terminal access for command execution and editor/IDE integrations (optional, obviously). It then lists out each of the tools and includes installation steps and links to more information:

  • PHP-CS-Fixer (PHP Coding Standards Fixer)
  • PHPCS (PHP CodeSniffer)
  • PHPMD (PHP Mess Detector)
  • PHPStan (PHP Static Analysis Tool)
  • PHPUnit and the CRAP metric

It also includes a few "bonus" tools that might be useful to track other quality aspects of your code including PhpLoc (lines of code), PHPMND for detecting "magic" numbers and churn-php for evaluating complexity of code based on number of commits. there's several more listed in the full post so be sure to check it out and see how you can integrate them into your development process.

tagged: quality assurance tool list improve code tutorial

Link: http://web-techno.net/code-quality-check-tools-php/

Junior Grossi:
Open-source is about sharing and giving back. Think about that.
Mar 26, 2018 @ 09:25:48

In a new post to his site Junior Grossi shares some of his thoughts about Open Source and how it's less about "free software" and more about sharing and giving back.

Maintaining an open source project – even a small one – is not an easy task. The open source ecosystem is about sharing and contributing, about giving and receiving. You scratch my back and I will scratch yours.

He suggests that working in Open Source is less about the actual software that's being written as it is a lifestyle. For him, the goal is to make someone else's life better by working on something you're sharing (instead of working on something commercial). He includes a quote from Fabien Potencier (of Symfony) about Open Source developers being exploited for their free software and how, despite the gift of time and work spent on the code, some people don't appreciate the work and just complain.

Instead of complaining about features or bugfixes, do it yourself, and show your gratitude for people that spent their free time working on something to help your life. They could be with their family but no, they were doing open-source. And you should thank them for that.

He finishes with a few thoughts about giving back to the projects you use and enjoy. It doesn't always have to be about code too - you can submit bugs, contribute to documentation or even just write up a tutorial to share your own knowledge of using the package.

tagged: opensource sharing project free software code opinion

Link: https://blog.jgrossi.com/2018/open-source-is-about-sharing-and-giving-back-think-about-that/

Script-Tutorials.com:
Design Patterns in PHP
Mar 06, 2018 @ 11:18:33

On the Script-Tutorials.com site they've posted a lengthy tutorial that covers many common design patterns - 23 of them - and how they could be implemented in PHP.

Today we are going to talk about design patterns in web development, more precisely – in PHP. Experienced developers are probably familiar with this, but this article will be extremely useful for all novice developers. So, what is it – design patterns? Design Patterns aren’t analysis patterns, they are not descriptions of common structures like linked lists, nor are they particular application or framework designs. In fact, design patterns are “descriptions of communicating objects and classes that are customized to solve a general design problem in a particular context.” In other words, Design patterns provide a generic reusable solution to the programming problems that we encounter every day.

[...] Design patterns not only make software development faster, but also encapsulate big ideas in a simpler way. Also, be careful not to use them in wrong places in order to avoid unpleasant situations. In addition to the theory, we also give you the most abstract and simple examples of design patterns.

The tutorial starts with a table listing out the category (purpose) of the pattern, the design pattern name and some of the aspects of it that could vary depending on interpretation. The article then goes through each of the 23 patterns and includes the code to implement them. There's not much in the way of description about each but there are one or two sentences about its primary use.

tagged: designpattern implementation example code tutorial

Link: https://www.script-tutorials.com/design-patterns-in-php/

Pineco.de:
Little Snippets to Keep Your Code Cleaner
Mar 01, 2018 @ 09:45:25

The Pineco.de blog has a post sharing some little snippets of code that can help to keep things cleaner and perform some common operations.

Sometimes it’s harder to keep your code clean and readable than to implement some architecture in your application. We collected some snippets that may help you to refactor your code.

Their list includes code to help with:

  • array casting
  • type checking
  • removing unnecessary "if" statements

They also have several others for different languages on the snippets page of their site for Javascript, Laravel, WordPress and even an .htaccess configuration.

tagged: cleaner code snippet function array typecheck refactor tutorial

Link: https://pineco.de/little-snippets-keep-code-cleaner/

Laravel News:
5 Laravel Helpers to Make Your Life Easier
Feb 22, 2018 @ 09:45:32

On the Laravel News site they've posted a new article with a listing of five useful helpers that come standard as a part of the Laravel framework.

There are a ton of helper methods in Laravel that make development more efficient. If you work with the framework, I encourage you to see what helpers you can introduce in your day-to-day work. In this blog post, I’d like to point out a few of my favorites.

The list in the post includes helpers for locating information in an array, pluralizing strings, throwing exceptions based on conditions and accessing object property values. For each item on the list there's a brief explanation and some sample code showing it in action (and what the result ends up being). The post finishes up by linking you over to the helpers page of the Laravel manual for more information and other handy functions to help reduce your own development time.

tagged: laravel helper simple top5 list example code

Link: https://laravel-news.com/5-laravel-helpers-make-life-easier

Laravel News:
Botman Playground: Start Your Next Chatbot Idea In Your Browser
Feb 13, 2018 @ 09:35:58

On the Laravel News site there's a new post covering a new feature in Marcel Pociot's "Building a Chatbot" series (that makes use of the Botman package). This latest addition, a playground for testing and debugging bots allows you to get up and running without having to set up a complete environment.

Marcel Pociot recently launched a course called “Build A Chatbot,” a step-by-step video course on developing, extending, and testing Chatbots and Voicebots. Marcel is the author of Botman, a PHP chatbot framework for building chatbots.

Along with his Build a Chatbot course, Marcel launched Botman Playground, which provides a quick way to get started building and debugging chatbots without setting up a local development environment.

The playground allows you to set up a new bot, add commands and test the result with an included widget, all in-browser. The playground also allows you to set up connections to external services like Facebook, Telegram and Cisco Spark. The only catch is that you must be signed up for Marcel's Build a Chatbot course to gain access.

tagged: chatbot playground botman browser code test widget

Link: https://laravel-news.com/botman-playground

Matthias Noback:
Setting the stage: Code complexity
Jan 18, 2018 @ 12:29:07

In a post to his site, Matthias Noback talks about code complexity and how this relates to the overall "churn" (the rate of change) in a project.

Code complexity often gets measured by calculating the Cyclomatic Complexity per unit of code. The number can be calculated by taking all the branches of the code into consideration. [...] In general, we always strive for low code complexity. Unfortunately, many projects that you'll inherit ("legacy projects"), will contain code that has high code complexity, and no tests.

[...] Code complexity doesn't always have to be a big problem. If a class has high code complexity, but you never have to touch it, there's no problem at all. [...] What's really dangerous for a project is when a class with a high code complexity often needs to be modified. Every change will be dangerous. [...] Michael Feathers introduced the word "churn" for change rate of files in a project. Churn gets its own number, just like code complexity.

He then talks about combining these two numbers to provide an even more in-depth look at your code. It can give more insight into the relationship between "difficult to change", "number of changes" and the times a file has changed in the past. He mentions "it's okay" thinking (the current state is alright but not great) and shares some of his own hypotheses, observations and advice.

tagged: code complexity churn statistic evaluation combination

Link: https://matthiasnoback.nl/2018/01/churn-legacy-code/