Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Rob Allen:
Rendering ApiProblem with PSR-7
Feb 02, 2017 @ 09:46:22

In a new post to his site Rob Allen shows you how he adapted a package of his own to work with a Slim framework based API to render "ApiProblem" types correctly (according to this specification).

In the API I'm currently building, I'm rendering errors using RFC 7807: Problem Details for HTTP APIs. As this is a Slim Framework project, it uses PSR-7, so I updated rka-content-type-renderer to support problem.

RFC 7807 defines a standard for sending details of an error in an HTTP response message. It supports both XML and JSON formats.

He starts with an example of the "Problem" response format that includes data for the type of error, details and links to other related objects. He points out this package from Larry Garfield that handles the actual output of the respose format but Rob needed a way to shift between JSON and XML formats too. This is where his updates to his package came in, changing it to include a ApiProblemRenderer that reads the "Accept" header of the incoming request and correctly formats the results accordingly.

tagged: rendering apiproblem problem api response accept json xml package

Link: https://akrabat.com/rendering-apiproblem-with-psr-7/

Laravel News:
Building a Search Engine Friendly Sitemap XML with Laravel
Sep 06, 2016 @ 10:51:05

On the Laravel News site today there's a post showing you how to create a basic sitemap for your Laravel-based application. This method uses straight up Laravel functionality (not the method previously mentioned in another post).

A few years ago search engines recommended submitted sitemaps to help with indexing your website and now the importance of this is debatable.

I’m of the mindset creating and submitting can’t hurt, so I spent a little time putting one together and wanted to share how easy this is in Laravel. [...] A sitemap is a file where you can list the web pages of your site to tell Google and other search engines about the organization of your site content. Search engine web crawlers like Googlebot read this file to more intelligently crawl your site. [...] On the official Sitemaps website it outlines all the information you will need for building your own sitemap.

He outlines some reasons why your site might need a sitemap before getting into examples and the code to create them. He starts with the controller and moves into making the index (with matching XML view) and the endpoints for the URLs referenced in the main sitemap. Finally a few routes are added for each endpoint and links to extending the contents and structure are included.

tagged: laravelnews laravel tutorial sitemap example xml

Link: https://laravel-news.com/2016/09/laravel-sitemap/

Zsolt Szend:
Dynamic dependency injection
May 18, 2016 @ 13:32:25

In this new tutorial Zsolt Szende talks about dependency injection and how to handle objects and related needs at runtime rather than the pre-configured method that some injection containers/systems have defined.

In this short article I would like to demonstrate a way to inject dependencies that are not known until runtime. There are many use cases for this and in essence it is about choosing between concrete implementations of some common interface. In object oriented design this is known at the Strategy pattern. The choice itself can be made in various ways, for example via a configuration option or a command line parameter in case of a console command, and I think the dynamic nature of the choice is the most interesting part of the pattern.

The article provides a practical example of an XML/JSON reader pulling information from an external source. A simple interface is defined and two implementation classes put it to use. Then the "command" pattern is used to apply it to an executable script and how injecting a reader type directly overrides the one from the provided option. This is taken a step further and refactored into a "resolver" to determine the best logic to apply based on the input argument.

tagged: dynamic dependency injection xml json reader tutorial resolver

Link: http://pwm.github.io/dynamic-dependency-injection/

Paragon Initiative:
Securely Implementing (De)Serialization in PHP
Apr 18, 2016 @ 11:58:22

The Paragon Initiative site has a new tutorial posted aiming to help you more securely use the serialize and unserialize handling in PHP to prevent security issues. In this tutorial they offer some advice - mainly don't unserialize unless you're on PHP7 - and some other solutions you could use.

A frequent problem that developers encounter when building web applications in PHP is, "How should I represent this data structure as a string?" Two common examples include:
  • Caching a complex data structure (to reduce database load)
  • Communicating API requests and responses between HTTP-aware applications
This seems like the sort of problem that you could expect would have pre-existing, straightforward solutions built into every major programming language that aren't accompanied by significant security risk. Sadly, this isn't the case.

He starts with a look at the serialization handling and how it could allow remote code execution if an attacker were to modify the serialized data. He includes an example of using the new "allowed classes" parameter in PHP 7 too, though, preventing the issue. He also walks through two other ways you could replace serialized data: JSON structure and XML handling. Each of these have their own issues too but they're very different than the code execution with serialization.

tagged: serialize unserialize security json xml tutorial example vulnerability

Link: https://paragonie.com/blog/2016/04/securely-implementing-de-serialization-in-php

Rob Allen:
Improved error handling in Slim 3 RC1
Sep 08, 2015 @ 12:23:52

Rob Allen has a quick post to his site talking about some of the improved error handling that's been updated in the latest version of the Slim microframework to help make reporting issues easier in multiple contexts.

From RC1 of Slim 3, we have improved our error handling. We've always had error handling for HTML so that when an exception occurs, you get a nice error page [...] However, if you're writing an API that sends and expects JSON, then it still sends back HTML. [...] At least we set the right Content-Type and status code! However, this isn't really good enough. We should send back JSON if the client has asked for JSON. Until RC1, the only way to do this was to register your own error handler.

With Slim 3 the framework handles things more correctly based on the value of the "Accept" header sent along with the request. This value is checked and, if it references JSON or XML, the error message is translated either giving the default output or reporting back for the "notFound" and "notAllowed" error types.

tagged: slimframework slim3 error handling context html json xml accept header

Link: http://akrabat.com/improved-error-handling-in-slim-3/

Understand Overriding in Magento: Controllers
Jul 24, 2015 @ 11:19:45

The NetTuts.com site has posted a tutorial (the third and last in their series) showing how to override controller handling in Magento. In the previous posts they showed how to override functionality related to the models and blocks (frontend layout elements).

In Magento, the controller is responsible for handling incoming requests, and it's a backbone of the Magento routing implementation. [...] As I said in the previous tutorial, it's never recommended to change core files directly, as it makes upgrading Magento really difficult. To avoid this, we should follow the standard way of making desired changes to core files: we should either use event observers or override core files with our custom module files. We'll discuss the overriding feature today.

You'll need to be familiar with custom module creation to be able to follow along (see here if not) but other than that they provide everything you'll need. They start by creating the files and folders needed for the custom module including:

  • Module XML definition (Envato_All.xml)
  • Module XML configuration
  • the Envato_Catalog_ProductController controller file (PHP)

The controller extends the pre-existing Product controller but the configuration definitions tell it ti use the "Envato" version instead.

tagged: magento overriding controller tutorial custom xml module

Link: http://code.tutsplus.com/tutorials/understand-overriding-in-magento-controllers--cms-23386

Mattias Noback:
Refactoring the Cat API client (3 Part Series)
Jul 16, 2015 @ 11:25:54

Mattias Noback has posted a three part series of tutorial articles around the refactoring of a "CatApi" class. These articles take the class from a jumbled mess of functionality with both direct file access and remote requests mixed in into something much more maintainable and flexible.

t turned out, creating a video tutorial isn't working well for me. I really like writing, and speaking in public, but I'm not very happy about recording videos. I almost never watch videos myself as well, so... the video tutorial I was talking about won't be there. Sorry! To make it up with you, what follows is a series of blog posts, covering the same material as I intended to cover in the first episodes of the tutorial.

In part one he introduces the current state of the "CapApi" class and some of the problems with it, both in testing and in structure. He does some basic refactoring to split out some of the logic here and moves on to part two. In the second part of the series he focuses on refactoring the HTTP request and the local file system functionality into abstract, injectable objects. Finally in part three he adds in some verification around the data being passed back and forth between objects including both simple checking and the use of value objects.

tagged: refactor api class series part1 part2 part3 filesystem http request xml validation

Link: http://php-and-symfony.matthiasnoback.nl/2015/07/refactoring-the-cat-api-client-part-1/

ServerGrove Blog:
Linters for PHP projects
Jun 03, 2015 @ 12:34:53

In a new post to the ServerGrove blog they look at linting tools for various circumstances including standard PHP, Twig templates and Composer configuration.

Today’s projects are built up from dozens of different components, configuration files, third-party libraries, tests, build scripts, etc. And even if you have the greatest test suite, bad things can happen sometimes. It’s important to catch bugs as early as possible, and syntax validators can be a great (and easy) addition to your continuous integration system. You would be surprised at how many problems are caused by syntax errors. At ServerGrove, we see these kind of problems with our clients almost every day.

Their list shows you how to lint (syntax check) several different types of content:

  • standard PHP code
  • Twig templates
  • Composer configuration
  • XML files
  • Bash scripts
  • JSON files
  • YAML files

Some of them use tools that already come built-in (like PHP's "-l" or Twig's "twig:lint") but others require the use of external software such as xmllint or melody. Command examples are also included for each.

tagged: lint project types twig bash composer xml json yaml tools

Link: http://blog.servergrove.com/2015/06/02/linters-php-projects/

This Programming Thing:
Creating Your Own Standard in PHPCS
May 12, 2015 @ 08:55:30

On the This Programming Thing blog there's a recent post showing you how to define your own "sniff" settings for the popular PHP_CodeSniffer tool. The codesniffer lets you define standards that need to be in place for all code in your application and notifies you of violations.

At Zimco, we’ve started working on standardizing our coding but we ran into a little problem while we tried to automate the process of making sure our code adhered to that standard. [...] I think we get into our own way of doing things and everything else is wrong. This code makes me feel irrationally angry (so angry I’m having a hard time not fixing it…). Ultimately, the best way to fix these kinds of formatting problems is to sit down and discuss what’s best and have everyone stick to the same set of standards.

They talk some about the place for PSR in coding standards (specifically PSR-2) and the fact that there's already "sniffs" provided to check against those rules. However, they point out that running this against a non-PSR-2 codebase can be a mess and show you how to customize your own standard to more match your current state. They use an XML configuration file to update the tab width setting to four spaces and then apply the PSR-2 standards. They also show how to exclude certain rules and mention a handy plugin you can use in Sublime Text to keep your code within standards.

tagged: standard phpcs phpcodesniffer sniff configuration xml psr2 update exclude

Link: http://www.thisprogrammingthing.com/2015/creating-your-own-standard-in-phpcs/

Evert Pot:
An XML library for PHP you may not hate.
Apr 02, 2015 @ 11:13:55

Evert Pot has posted about an XML library you may not hate, the sabre/xml library.

If you are writing or consuming API's in PHP, chances are that you need to work with XML. In some cases you may even prefer it. You may have started with SimpleXML and after a while switched to using the DOM after realizing SimpleXML is really not that simple if you strictly use xml namespaces everywhere.

For writing XML, you may have found that using the DOM requires far too much code, or you may simply generate your XML by echoing strings, knowing that it may not be the best idea. sabre/xml hopes to solve your issues, by wrapping XMLReader and XMLWriter, and providing standard design patterns.

He includes some example code showing how it works, extending the XMLReader/Writer functionality with a simplified interface. He includes examples of both writing a new XML file or reading in and working with the contents of a given one. He does point out one issue, though - the library cannot really read in XML contents, modify it and send it back out (it's a "single pass" system). He wraps up the post talking about the various interfaces and elements in the library and some of the overall benefits it provides.

tagged: xml library xmlreader xmlwriter interface simple

Link: http://evertpot.com/an-xml-library-you-may-not-hate/