Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Derick Rethans:
Good Bye PHP 5
Jan 11, 2017 @ 10:13:53

On his site Derick Rethans has posted an announcement about a major change in the Xdebug project (a widely used PHP debugger) he leads, saying goodby to PHP 5.

A few days ago I merged a patch into on GitHub. Maintaining PHP 5 and PHP 7 support in one code base is not particularly easy, and even more complicated for something like Xdebug, with its deep interactions with PHP's internals.

As PHP 5.6's active support has ended on December 31st, I also felt it no longer needed to support PHP 5 with Xdebug any more. It saves more than 5000 lines of code.

He shares some of the responses to the change (via Tweets) from the community ranging from full support to outcry over the change. He points out that the current version of Xdebug (2.5) will continue to operate on PHP 5 systems but when Xdebug 2.6 rolls around, the 2.5 branch will only receive bugfixes and no new features. You can find out about those upcoming features here.

tagged: xdebug debugging tool php7 php5 upgrade support

Link: https://derickrethans.nl/xdebug-php5.html

PHP 5: Active Support Ends. Now what?
Jan 02, 2017 @ 12:54:03

The final day of 2016 has come and gone and with it came the end of active support for the PHP 5.6 series of releases. This also marks the end of active support for anything in the PHP 5.x major release and pushing on with PHP 7. In this post to thePHP.cc blog Sebastian Bergmann talks about what this means for you and the tools you use.

The active support by the PHP project for PHP 5.6, the final release series of PHP 5, ends today. What is "active support"? And what does it mean for you? To answer this, you need to understand PHP's release process.

He starts with the release schedule and when it shifted from the "consensus based model" over to an official process, introducing more formality to the whole process (in 2012). He mentions two key terms to the process: "active support" and "security support". PHP 5.6 has moved past active support and is now in the the security support phase with only security fixes to be released from here on out. Sebastian then talks about what this means for your current code and, if you're still running on PHP 5.6, what you should do to come up to speed with PHP 7.x. He lists some of the projects that are moving into the world of PHP 7 only including PhpSpec 4.0, Laravel 5.5 and Symfony 4.

tagged: php5 active support end security php7 migration upgrade

Link: https://thephp.cc/news/2016/12/php-5-active-support-ends-now-what

Upgrading Your Linux Server to PHP 7.0
Dec 07, 2016 @ 11:47:25

The TutsPlus.com site has a new tutorial posted showing you how to upgrade your Linux server to run PHP 7.0, the latest major release of the PHP language.

PHP 7 was released last December. Once you've tested your code locally to run on it, it's time to upgrade your production server. Generally, I found that most of my sites run well on it.

However, I suspect that not many sites have upgraded yet. It's often safer and easier to stay on older releases. [...] But PHP 7 has now been out for nearly a year.

In today's episode, I'll walk you through my recommended approach to upgrading to PHP 7 on Ubuntu 14.x and resolving problems with PHPMyAdmin, which a lot of early upgraders ran into.

He starts by helping you identify any customizations that you might have related to PHP 5, specifically related to configuration options. He then provides the commands to remove PHP 5 packages from the system and add in the "ondrej/php" PPA for apt-get as the source for the PHP 7 packages. After a quick apt-get cleanup, he includes the commands to install the "php7" packages, enable a few extra modules and getting phpMyAdmin back up and in working order.

tagged: upgrade server php7 php5 ppa aptget phpmyadmin tutorial

Link: https://code.tutsplus.com/tutorials/upgrading-your-linux-server-to-php-7--cms-27583

Laravel News:
Laravel Homestead 4.0 is released featuring support for PHP 7.1
Dec 06, 2016 @ 09:43:35

The Laravel News site has a new post announcing the release of the latest version of Laravel Homestead, the Vagrant-driven environment that makes it easy to set up a Laravel environment. In this latest version, 4.0, there's a few changes including a major one: support for PHP 7.1.

Laravel Homestead the Vagrant box for easily running Laravel on any platform has just released v4.0 that includes support for the just released PHP 7.1.

The upgrade is easy but the instructions do vary depending on how you have it installed.

They walk you through the steps for the upgrade:

  • Backup all your Homestead databases
  • update the Homestead Global installation (or per-project installation)
  • Destroy the current Vagrant box
  • Use "vagrant up" to download the latest version and bring the box back up

It's a pretty easy process that should be pretty painless. Everyone's setup is slightly different so there might be a few issues in your own upgrade and minor version releases will be made if there are issues because of the upgrade.

tagged: laravel homestead vagrant upgrade v4 release php71 support

Link: https://laravel-news.com/laravel-homestead-4-0-is-released-featuring-support-for-php-7-1

Joe Ferguson:
Use Laravel Shift for your next upgrade
Nov 24, 2016 @ 09:13:23

In this new post to his site Joe Ferguson takes a look at Laravel Shift, an automated service that makes it easier to upgrade your Laravel-based application quickly.

I’ve had an eye on LaravelShift.com since it first made it’s way across my twitter feed some time ago. I’ve also had the pleasure of meeting and talking with it’s creator Jason McCreary at a few conferences over the past year. I think it’s really awesome when community members are able to take a product to market that not only scratches their own itch, but can provide value to the rest of the community as well.

[...] I built NerdsAreDrinking on Laravel 5.1 because that was the current version at the time. We have seen two more release since: 5.2 and 5.3. The upgrade process isn’t terrible however there is a lot you may need to take into account. Rather than upgrade from 5.1 to 5.2 and then 5.2 to 5.3 I decided to use Laravel Shift to do the 5.1 to 5.2 upgrade for me.

Joe then talks some about his experience using the service and was impressed at the speed of the service to create the required Pull Request for the update. He includes a link to the PR so you can see what the upgrade looks like too. He feels like the money spent (around $11 USD) was well invested and would definitely use the service again.

tagged: laravel laravelshift upgrade opinion service version

Link: https://www.joeferguson.me/use-laravel-shift-for-your-next-upgrade/

Jason McCreary:
Laravel Shift - 1,000 applications upgraded
Sep 14, 2016 @ 10:27:41

Jason McCreary, the developer behind the Laravel Shift upgrade service, has posted a retrospective of his work on the project and some of the things he's learned along the way. The service just recently topped 1000 applications upgraded.

Less than a year ago I created Laravel Shift. While not my first product, it is my first software as a service (SaaS). If you’re not familiar with Laravel Shift or interested in the backstory check out the Q&A on Laravel News or listen to the interview on Full Stack Radio.

In this post, I want to focus more on reaching the milestone of 1,000 Laravel applications upgraded. This may not sound like many, however for my first SaaS product it marks the achievement of my stretch goal. So allow me to share the most important decision, biggest challenge, and what the future holds for Laravel Shift.

He starts with a section talking about the difference between a "project" and a "product" targeted at developers who, usually, have more than one project going at a time. He talks about his decision to move Shift to a "product" and some of the hurdles he hit because of being "a developer, not a marketer". He finishes the post looking ahead to things coming with the service and the announcement of "human services" being offered to get a live person involved in the upgrade of your Laravel application.

tagged: laravel shift service retrospective future plans 1k upgrade milestone

Link: http://jason.pureconcepts.net/2016/09/laravel-shift-1000-applications-upgraded/

Laravel News:
Laravel Spark v2 is now released
Sep 12, 2016 @ 10:52:22

On the Laravel News site there's an announcement posted about the latest release of Laravel Spark (v2). Spark is a commercial package from the creator(s) of Laravel that provides simpler billing for subscription-based services.

Laravel Spark, the commercial Laravel package that provides instant scaffolding for subscription billing, has just released v2.

The 2.0 release is a free upgrade for all license holders and it adds compatibility with Laravel 5.3 as well as deprecating the Spark installer in favor of using Composer directly.

This also adds dependency updates so it is compatible with both Echo and Passport that are new packages in Laravel 5.3.

There's an upgrade guide for those that are needing to bring their install up to the latest release. If you're more interested in what Spark has to offer, check out the main page for the product. A single-site license costs $99 USD and includes a wide range of features and technologies to make managing your subscription-based service simpler.

tagged: laravel spark release version feature upgrade

Link: https://laravel-news.com/2016/09/spark-v2/

Master Zend Framework:
Preparing Legacy Applications for PHP 7 with Phan
Sep 08, 2016 @ 12:07:42

The Master Zend Framework site has posted a new tutorial for those making the move in their legacy applications up to the world of PHP 7. In it Matthew Setter shows how to use phan, a static analysis tool, to locate issues that could cause breakage in the upgrade.

Unless you’ve been living under a rock these last 12 - 18 months, you will have heard about PHP 7; the latest version of PHP. Not only is it fast, by some reports it’s up to twice as fast as PHP 5.6, and far less memory hungry.

[...] Unfortunately, your application’s source code may not be 100% compatible with version 7. Upgrading may well leave you with a broken application and a set of unhappy customers. So before you go breaking your site in the interests of speed and being one of the cool kids, find out if your code’s compatible. How? By using a static code analyser, one which gives you all the changes you need to make on your code, so that you can upgrade with confidence.

He then shows how to install the Phan tool via Composer and execute it against your codebase. The result of his commands are a file that contains the issues found during the scan. If there are some "false positives" you'd like to ignore he also shows you how to create a config.php file with these and other values set to make it all more reusable.

tagged: php7 upgrade phan detect static analysis code tutorial

Link: http://www.masterzendframework.com/preparing-for-php7-with-phan/

Liip Blog:
A quick look on the current state of Drupal 8 (ecosystem)
Jul 08, 2016 @ 10:26:31

In a new post to the Liip blog Lennart Jegge shares a "quick look" at the current state of the Drupal 8 project and some of the issues some people are having making the transition.

Eight months ago Drupal 8.0.0 was released. Exciting news for drupalists. Since then comparing D8’s features to its predecessor is a topic in daily business. "Can drupal 8 do what we can do now with 7 today?". After playing around with D8 i get the feeling some crucial features are missing.

He shares some of the features he sees as still missing (a Top 10 wishlist) and how it seems difficult to get a good overview of the Drupal 8 ecosystem. Some modules have yet to be updated and rewrites can be difficult given the major "under the covers" changes to Drupal itself.

In the end the importance of a variety of mature modules that play together nicely is crucial when it comes to efficiency, maintainability and stability of a project
tagged: drupal8 ecosystem overview opinion features upgrade issues

Link: https://blog.liip.ch/archive/2016/07/07/quick-look-current-state-drupal-8-ecosystem.html

Security Update:
Imagemagick - Multiple Vulnerabilities
May 05, 2016 @ 11:07:35

Imagemagick, a well-used alternative by PHP developers for graphics manipulation (an alternative to GD) has had several new vulnerabilities announced. These vulnerabilities allow for everything from remote code execution to initiating network requests. The Imagetragick site has more information:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick. If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities.

There's two mitigations listed to help with a more immediate fix: using a policy.xml file and verifying that image data starts with the right "magic bytes". The site also shares more information about the different vulnerabilities and what kind of attacks they could allow. It is highly recommended that you add the mitigations they show and update your installation to use the latest release (7.0.1-1) with fixes for these issues.

tagged: imagemagick vulnerabilities multiple upgrade mitigation

Link: https://imagetragick.com