Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matthew Weier O'Phinney:
Building a usable ext-tidy for Alpine-based PHP Docker images
Nov 02, 2018 @ 10:22:29

On his site Matthew Weier O'Phinney has a new post sharing a method he's worked up for creating a Docker image for PHP from an Alpine image that included the "tidy" PHP extension.

I've been working on building PHP Docker images for the purposes of testing, as well as to potentially provide images containing the Swoole extension. [...] This week, I decided to see if I could build Alpine-based images, as they can greatly reduce the final image size. And I ran into a problem.

One of the test-beds I use builds RSS and Atom feeds using zend-feed. When I tried one of these images, I started getting failures. [...] During an initial search, this appeared to be a problem due to libxml2 versions. [...] I realized [after debugging] that the problem was the content — which was being massaged via the tidy extension before being passed to DOMDocument::loadXML(). For some reason, the content generated was not valid XML!

In order to solve this issue (after spending a good deal of time debugging it) he went on a hunt to figure out the previous version. Once he found that it was just a few simple lines in his Dockerfile to include the right version and install it using the apk package manager (example of this is included).

tagged: docker tidy xml issue debugging tutorial

Link: https://mwop.net/blog/2018-11-01-alpine-php-ext-tidy.html

php[architect]:
November 2018 Issue Release - Generics and Project Success
Nov 01, 2018 @ 09:25:56

php[architect] magazine has released their latest issue for November 2018: Generics and Project Success. In this issue they feature articles like:

  • "The Case for Generics in PHP" by Chris Holland
  • "Maintaining Laravel Applications" by Jason McCreary
  • "Getting Started With Php? Let’s Start the Right Way!" by Junior Grossi
  • "How to Knock Down Any Project in Ten Steps" by Pawe? Lewtak

The usual columns are all returning including Joe Ferguson continuing his series on creating packages, Eric Mann covering five security risks to look for in a code review, and James Titcumb with some resources you can use to continue "leveling up" in your development career.

If you want to "try before you buy", they're also offering a free article, "The Case for Generics in PHP" by Chris Holland. You can pick up a copy of your own directly from the php[architect] site or subscribe to their print or PDF versions!

tagged: phparchitect magazine nov2018 issue release generics project success

Link: https://www.phparch.com/2018/10/generics-project-success/

php[architect]:
September 2018 Issue Release - Magniphpicent 7.3
Sep 06, 2018 @ 12:19:14

On the php[architect] site today they've posted the announcement of the release of the magazine's latest issue: September 2018 - Magniphpicent 7.3

Articles in this edition include:

  • "PHP 7.3 is On Track!" by Damien Seguy
  • "Upgrading Old Legacy Apps to PHP 7 and Beyond" by Sammy Kaye Powers
  • "Using the Symfony Workflow Component as a State Machine for Ecommerce" by Michelle Sanver

All of the usual columns are back too with helpful hints and information about time estimates, thinking like an attacker, describing tests and many more. You can find out more about this issue and pick up a copy of your own on the php[architect] site.

tagged: phparchitect magazine sept2018 issue release magniphpicent php73

Link: https://www.phparch.com/2018/09/masterful-code-management-2/

php[architect]:
June 2018 Issue Release - Command and Control
Jun 13, 2018 @ 13:08:27

php[architect] magazine has announced the release of their June 2018 issue - Command and Control. This issue includes articles like:

  • "Domain-Driven Architecture With Commands and Events" by Barney Hanlon
  • "Pro Parsing Techniques With PHP, Part One: Simplifying Your Parsing Strategy" by Michael Schrenk
  • "Design Is for Designers" by Steve Bennett
  • "Self-Host Your Team’s Git With Gitolite" by Gabriel Zerbib

The usual columns are also back sharing tips for development leads, security, going "beyond PHP" and building APIs. You can check out the articles in this month's issue and pick up a copy on the php[architect] site. If you're interested to "try before you buy", check out this month's free article about Git and Gitolite.

tagged: issue release phparchitect commandandcontrol june2018

Link: https://www.phparch.com/magazine/2018-2/june/

SitePoint PHP Blog:
How to Fix Magento Login Issues with Cookies and Sessions
May 21, 2018 @ 11:30:01

On the SitePoint PHP blog there's a new tutorial posted showing how to fix Magento login issue with cookies and sessions. This issue can cause a redirect loop but can be fixed.

In this article are looking at how Magento cookies can create issues with the login functionality of both the customer-facing front-end and admin back-end, the reason it occurs and how it should be resolved.

This is also known as the looping issue, as the screen redirects itself to the same screen, even though the username and password is correct.

The post starts with some basic definitions of "cookie" and "session" and gets into more detail on how Magento stores sessions and the places it can store them. The tutorial then covers each of the cookies used and three reasons the login issues might be happening:

  • Cookie domain does not match server domain
  • Multiple subdomains used and Magento’s cookie configuration is incorrect
  • Double front-end cookies causing intermittent login issues

For each several solutions are included with any code or SQL changes that need to happen to correct it.

tagged: magento tutorial fix login issue cookie session

Link: https://www.sitepoint.com/fix-magento-login-issues-cookies-sessions/

Sebastian De Deyne:
A good issue
May 04, 2018 @ 10:10:25

As a maintainer of an open source project there are things that can help to make your role easier. One of them is encouraging useful issues being filed on the project with good information about the problem or suggestion. In this post to his site Sebastian De Deyne shares a few helpful hints on what can make for a good issue.

Maintaining a number of open source projects comes with a number of issues. Reporting a good issue will result in a more engaged approach from project maintainers. Don't forget: there's a human behind every project.

His suggestions include:

  • as much detail as possible ("X is broken" isn't useful)
  • having a single point or suggestion per issue
  • being polite (remember, open source maintainers aren't often paid for this work)

His last point might be the most important: making a human connection. Sometimes it's easy to forget that there's a real person on the other end of the line. If you work with the person reporting the issue rather than just focusing on the technical parts it can make it an easier and more pleasurable process for all involved.

tagged: good issue opensource project report personal recommendation

Link: https://sebastiandedeyne.com/posts/2018/a-good-issue

php[architect]:
May 2018 Issue Release - Treasure, Old & New
May 02, 2018 @ 12:21:05

php[architect] magazine has posted the announcement of the release of their latest issue - the April 2018 edition: Treasures, Old & New. Articles in this issue include:

  • Up to My Eyeballs in Technical Debt! by Steve Grunwell
  • The Life-Changing Magic of Tidying Your Code by Bryce Embry
  • Moving a Monolith to AWS by Keanan Koppenhaver
  • Easier Mocking with Mockery, Part 2 by Robert Basic

In addition to these articles, the usual columns are returning covering Laravel artisan, healthy working environments, technical debt and building APIs. You can find out more about this issue on the php[architect] site and, if you'd like a sample of the content, check out this month's free article.

tagged: phparchitect may2018 issue release treasure

Link: https://www.phparch.com/magazine/2018-2/may/

Freek van Der Herten:
Automatically close stale issues and pull requests
May 02, 2018 @ 09:31:17

In a post to his site Freek van Der Herten shares some functionality that Spatie uses to help keep the stale pull requests under control across their 180+ repositories: a Botman-based bot that assesses the last updated date and closes after a given amount of time.

At Spatie we have over 180 public repositories. Some of our packages have become quite popular. We're very grateful that many of our users open up issues and PRs to ask questions, notify us of problems and try to solve those problems, ...

Most of these issues and PRs are handled by our team. But sometimes those issues and PRs become stale. [...] That's why we created a bot that can automatically close stale issues and PRs. Here's [an example] of the bot in action.

He then shares the code they currently use for the bot, making use of the BotMan package as a base and the knp-labs/github-api package for the GitHub interaction. The code includes the GitHub service provider, a client class, an Issue object and the command that's run to find and close out the stale pull requests and issues.

tagged: stale pullrequest issue github automatically close bot botman tutorial

Link: https://murze.be/automatically-close-stale-issues-and-pull-requests

Tomas Votruba:
How to Slowly Turn your Symfony Project to Legacy with Action Injection
Apr 24, 2018 @ 09:55:49

Tomas Votruba has a new post to his site showing how to "turn your Symfony project to legacy" through the use of action injection for mapping controllers and methods to request handling.

The other day I saw the question on Reddit about Symfony's controller action dependency injection. More people around me are hyped about this new feature in Symfony 3.3 that allows to autowire services via action argument typehints. It's new, it's cool and no one has a bad experience with it. The ideal candidate for any code you write today.

Since Nette and Laravel introduced a similar feature in 2014, there are empirical data that we learn from.

Today I'll share the experience I have from consulting few Nette applications with dangerous overuse of this pattern and how this one thing turned the code to complete mess.

He starts off with some example code, asking where the issue is showing a call to a service handler to process the an argument. This would be used when a controller is registered as a service to help reduce the amount of work to define routes and add more "magic" for request handling. While the idea sounds good, he points out some of the issues with the approach including dependency injection problems and how, if it expands outside of controllers, it can lead to a poorly written application.

tagged: symfony injection action legacy nette dependency issue

Link: https://www.tomasvotruba.cz/blog/2018/04/23/how-to-slowly-turn-your-symfony-project-to-legacy-with-action-injection/

Checkpoint Research Blog:
Uncovering Drupalgeddon 2
Apr 13, 2018 @ 10:22:46

On the Checkpoint Research blog there's a recent post covering the recent critical Drupal bug, a.k.a. Drupalgeddon 2, and providing a deeper look into the bug and how the exploit worked.

Two weeks ago, a highly critical (21/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security team. This vulnerability allowed an unauthenticated attacker to perform remote code execution on default or common Drupal installations.

[...] Until now details of the vulnerability were not available to the public, however, Check Point Research can now expand upon this vulnerability and reveal exactly how it works.

The post covers the basic issue, a lack of input sanitization on Form API requests, and what versions it existed in. It then dives into the technical details, showing a proof of concept for the exploit and how an attacker might locate a place in the application to use it. It also looks behind the scenes at the code that handles the request and shows where the issue lies. The post ends with a look at "weaponizing" the exploit and executing whatever code you'd like on the server.

tagged: drupal security issue drupalgeddon2 indepth technical detail

Link: https://research.checkpoint.com/uncovering-drupalgeddon-2/