Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jason McCreary:
Laravel Shift - 1,000 applications upgraded
Sep 14, 2016 @ 10:27:41

Jason McCreary, the developer behind the Laravel Shift upgrade service, has posted a retrospective of his work on the project and some of the things he's learned along the way. The service just recently topped 1000 applications upgraded.

Less than a year ago I created Laravel Shift. While not my first product, it is my first software as a service (SaaS). If you’re not familiar with Laravel Shift or interested in the backstory check out the Q&A on Laravel News or listen to the interview on Full Stack Radio.

In this post, I want to focus more on reaching the milestone of 1,000 Laravel applications upgraded. This may not sound like many, however for my first SaaS product it marks the achievement of my stretch goal. So allow me to share the most important decision, biggest challenge, and what the future holds for Laravel Shift.

He starts with a section talking about the difference between a "project" and a "product" targeted at developers who, usually, have more than one project going at a time. He talks about his decision to move Shift to a "product" and some of the hurdles he hit because of being "a developer, not a marketer". He finishes the post looking ahead to things coming with the service and the announcement of "human services" being offered to get a live person involved in the upgrade of your Laravel application.

tagged: laravel shift service retrospective future plans 1k upgrade milestone

Link: http://jason.pureconcepts.net/2016/09/laravel-shift-1000-applications-upgraded/

Laravel News:
Laravel Spark v2 is now released
Sep 12, 2016 @ 10:52:22

On the Laravel News site there's an announcement posted about the latest release of Laravel Spark (v2). Spark is a commercial package from the creator(s) of Laravel that provides simpler billing for subscription-based services.

Laravel Spark, the commercial Laravel package that provides instant scaffolding for subscription billing, has just released v2.

The 2.0 release is a free upgrade for all license holders and it adds compatibility with Laravel 5.3 as well as deprecating the Spark installer in favor of using Composer directly.

This also adds dependency updates so it is compatible with both Echo and Passport that are new packages in Laravel 5.3.

There's an upgrade guide for those that are needing to bring their install up to the latest release. If you're more interested in what Spark has to offer, check out the main page for the product. A single-site license costs $99 USD and includes a wide range of features and technologies to make managing your subscription-based service simpler.

tagged: laravel spark release version feature upgrade

Link: https://laravel-news.com/2016/09/spark-v2/

Master Zend Framework:
Preparing Legacy Applications for PHP 7 with Phan
Sep 08, 2016 @ 12:07:42

The Master Zend Framework site has posted a new tutorial for those making the move in their legacy applications up to the world of PHP 7. In it Matthew Setter shows how to use phan, a static analysis tool, to locate issues that could cause breakage in the upgrade.

Unless you’ve been living under a rock these last 12 - 18 months, you will have heard about PHP 7; the latest version of PHP. Not only is it fast, by some reports it’s up to twice as fast as PHP 5.6, and far less memory hungry.

[...] Unfortunately, your application’s source code may not be 100% compatible with version 7. Upgrading may well leave you with a broken application and a set of unhappy customers. So before you go breaking your site in the interests of speed and being one of the cool kids, find out if your code’s compatible. How? By using a static code analyser, one which gives you all the changes you need to make on your code, so that you can upgrade with confidence.

He then shows how to install the Phan tool via Composer and execute it against your codebase. The result of his commands are a file that contains the issues found during the scan. If there are some "false positives" you'd like to ignore he also shows you how to create a config.php file with these and other values set to make it all more reusable.

tagged: php7 upgrade phan detect static analysis code tutorial

Link: http://www.masterzendframework.com/preparing-for-php7-with-phan/

Liip Blog:
A quick look on the current state of Drupal 8 (ecosystem)
Jul 08, 2016 @ 10:26:31

In a new post to the Liip blog Lennart Jegge shares a "quick look" at the current state of the Drupal 8 project and some of the issues some people are having making the transition.

Eight months ago Drupal 8.0.0 was released. Exciting news for drupalists. Since then comparing D8’s features to its predecessor is a topic in daily business. "Can drupal 8 do what we can do now with 7 today?". After playing around with D8 i get the feeling some crucial features are missing.

He shares some of the features he sees as still missing (a Top 10 wishlist) and how it seems difficult to get a good overview of the Drupal 8 ecosystem. Some modules have yet to be updated and rewrites can be difficult given the major "under the covers" changes to Drupal itself.

In the end the importance of a variety of mature modules that play together nicely is crucial when it comes to efficiency, maintainability and stability of a project
tagged: drupal8 ecosystem overview opinion features upgrade issues

Link: https://blog.liip.ch/archive/2016/07/07/quick-look-current-state-drupal-8-ecosystem.html

Security Update:
Imagemagick - Multiple Vulnerabilities
May 05, 2016 @ 11:07:35

Imagemagick, a well-used alternative by PHP developers for graphics manipulation (an alternative to GD) has had several new vulnerabilities announced. These vulnerabilities allow for everything from remote code execution to initiating network requests. The Imagetragick site has more information:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick. If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities.

There's two mitigations listed to help with a more immediate fix: using a policy.xml file and verifying that image data starts with the right "magic bytes". The site also shares more information about the different vulnerabilities and what kind of attacks they could allow. It is highly recommended that you add the mitigations they show and update your installation to use the latest release (7.0.1-1) with fixes for these issues.

tagged: imagemagick vulnerabilities multiple upgrade mitigation

Link: https://imagetragick.com

Phillip Shipley:
Docker makes upgrading to PHP7 easy
Apr 25, 2016 @ 11:13:07

In this post to his site Phillip Shipley talks about Docker and how using it for your PHP deployments can make it much easier to upgrade to PHP 7.

Last year at php[tek] 2015 during the hack time I messed around and created a Docker image to run and test PHP7. It was surprisingly easy and I quickly learned that the app I was working on at the time ran fine in PHP7, good deal. So since then I’ve been awaiting the general availability release of PHP7 to move forward with upgrading my apps.

The main thing holding me back was I just didn’t want to maintain an image based on compiling from source. Not that it’s a problem, it just didn’t feel as clean and simple as using supported packages.

He points out that Ubuntu 16.04 was released and that does now have PHP 7 as a standard package so he's happily upgrading. He gets into a bit of detail about how upgrade process and some of the smaller issue he faced along the way. He also includes the update to his Dockerfile he made to change to PHP 7 (only a few characters) to rebuild with PHP 7.0.4.

tagged: upgrade php7 docker ubuntu package official release

Link: http://www.phillipshipley.com/2016/04/docker-makes-upgrading-to-php7-easy/

Laravel News:
Has your company upgraded to PHP7 yet?
Mar 31, 2016 @ 10:28:34

On the Laravel News site they share the results of a Twitter poll asking developers and companies of they'd switched to PHP 7 yet.

Yesterday I ran a Twitter poll to see how many have moved to PHP7. With 650 votes here are the results. [...] tagged: upgrade php7 company twitter poll results

Link: https://laravel-news.com/2016/03/company-upgraded-php7-yet/

Full Stack Radio:
36: Jason McCreary - Building Laravel Shift
Feb 26, 2016 @ 09:34:43

The Full Stack Radio podcast has posted their latest episode interviewing Jason McCreary about the Laravel Shift service - a tool that helps you upgrade your Laravel applications more automatically and keep them up to date. It's a commercial service, though, and not an open source tool but there is a demo pull request you can see to get an idea of how it all works.

In this episode, Adam talks to Jason McCreary about building Shift, a tool that automates upgrading your application between framework versions.

Other topics mentioned in the episode also include PocketBracket, Laravel Cashier and the abstract syntax tree functionality (added to PHP in PHP 7.0). You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly. Be sure to subscribe to their feed if you enjoy the show and want to catch future episodes as they're released.

tagged: fullstackradio jasonmccreary laravel shift upgrade framework automated

Link: http://www.fullstackradio.com/36

PHP.net:
PHP 5.6.18 & 5.5.32 Released
Feb 05, 2016 @ 09:49:31

On the main PHP.net site they've officially announced the release of the latest versions in the 5.6.x and 5.5.x series: PHP 5.6.18 and PHP 5.5.32.

The PHP development team announces the immediate availability of PHP [5.5.32 and 5.6.18]. This is a security release. Several security bugs were fixed in this release. All PHP [5.5 and 5.6] users are encouraged to upgrade to this version.

As always you can download this latest release from either the main downloads page or from windows.php.net for the Windows binaries. If you'd like to see exactly what was fixed in these releases, check out the full Changelog.

tagged: language version security bugfix upgrade

Link: http://php.net/archive/2016.php#id2016-02-04-3

Rasmus Lerdorf:
Upgrading PHP on the EdgeRouter Lite
Jan 26, 2016 @ 10:30:33

Rasmus Lerdorf has shared a post to his site detailing how he upgraded his EdgeRouter Lite router (hardware) to use PHP 7 for the uI handling and processing, upgrading it from the PHP 5.4 it came installed with.

After nearly 7 years of service I retired my Asus RT-16 router, which wasn't really a router, but a re-purposed wifi access point running AdvancedTomato. In its place I got a Ubiquiti EdgeRouter Lite. It is Debian-based and has a dual-core 500MHz 64-Bit MIPS CPU (Cavium Octeon+), 512M of ram and a 4G removable onboard USB stick for < $100. The router is completely open and, in fact, any advanced configuration has to be done from the command line. The Web UI has been improving, but there are still many things you can't do in it. In other words, exactly the type of device I prefer.

He made use of the open platform the router has to upgrade both the PHP installation and a bit of the web UI code to make things work happily with PHP 7. There's just three steps in his process:

  • Getting a Big-Endian MIPS64 build of PHP 7
  • Configuration (php.ini)
  • Fixing broken stuff

The "broken stuff" in this last item was only a few small changes that needed to be made to the web UI code for raw POST data fetching and session writes. He ends the post with a little summary of the performance post-changes and some about the opcode handling and memory use per request.

tagged: router edgerouter ui version language install upgrade configuration bigendian mips64 php7

Link: https://toys.lerdorf.com/archives/59-Upgrading-PHP-on-the-EdgeRouter-Lite.html