Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ServerGrove Blog:
Linters for PHP projects
Jun 03, 2015 @ 12:34:53

In a new post to the ServerGrove blog they look at linting tools for various circumstances including standard PHP, Twig templates and Composer configuration.

Today’s projects are built up from dozens of different components, configuration files, third-party libraries, tests, build scripts, etc. And even if you have the greatest test suite, bad things can happen sometimes. It’s important to catch bugs as early as possible, and syntax validators can be a great (and easy) addition to your continuous integration system. You would be surprised at how many problems are caused by syntax errors. At ServerGrove, we see these kind of problems with our clients almost every day.

Their list shows you how to lint (syntax check) several different types of content:

  • standard PHP code
  • Twig templates
  • Composer configuration
  • XML files
  • Bash scripts
  • JSON files
  • YAML files

Some of them use tools that already come built-in (like PHP's "-l" or Twig's "twig:lint") but others require the use of external software such as xmllint or melody. Command examples are also included for each.

tagged: lint project types twig bash composer xml json yaml tools

Link: http://blog.servergrove.com/2015/06/02/linters-php-projects/

SitePoint PHP Blog:
Getting Started with Symfony2 Route Annotations
Nov 06, 2014 @ 09:27:25

On the SitePoint PHP blog today there's a new tutorial posted that gets into the details on one of the powerful (and most used) components of the Symfony framework, the Router, and how to interact with it via annotations. Symfony's route annotations allow you to define functionality at the controller level or via a YAML configuration file.

When you download the Standard Symfony 2 Distribution, it includes an interesting bundle named SensioFrameworkExtraBundle which implements a lot of great stuff, especially the opportunity to use annotations directly within your controllers. The idea behind this article is not to convice developers to embrace this way of doing, but to point the finger at an alternative method to easily configure controllers. Keep in mind that there is no magic recipe, it depends on what you need in each specific scenario. Symfony 2 implements a strong built-in component to manage all the routes of an application: the Routing Component. Basically, a route maps a URL to a controller action.

His example sets up a simple blog and compares the two ways of configuring the routing: one side putting it all in the YAML configuration and the other in the controller docblocks (annotations) themselves. He adds a base page for showing the listing of posts and a single article route, complete with slugs. He also shows how to add in some additional configuration handling to do things like set default values, making things required and enforcing the HTTP method on the request (GET, POST, PUT, etc)

tagged: route annotations introduction docblock tutorial yaml configuration settings

Link: http://www.sitepoint.com/getting-started-symfony2-route-annotations/

Gonzalo Ayuso:
Building a Pimple/Container from a YAML file
Sep 29, 2014 @ 10:54:10

In a recent post to his site Gonzalo Ayuso shows how to create a Pimple container (a dependency injection container) from a YAML configuration definition using a simple handler already included in Pimple.

[In a conversation with Máximo Cuadros about Dependency Injection Containers] I said that I prefer Symfony´s DIC instead of Pimple, mainly because its configuration with YAML (or even xml) files. But In fact we can customise Pimple/Containers with YAML files in a similar way than we do it with Symfony’s DIC. In this example we’re going to see one way to do it.

While Pimple does come with the "Container" functionality to make this happen, Gonzalo points out that using it this way violates several of the SOLID design principles. Instead, he offers an alternate solution - using the Config component from Symfony to handle the creation of the container using an already established YAML format. He includes an example YAML configuration structure, the matching Pimple code for it and a code sample showing how the YAML is parsed into the same result. You can find the code on his GitHub account if you're interested in the full structure.

tagged: pimple symfony container solid config yaml dependencyinjection

Link: http://gonzalo123.com/2014/09/29/building-a-pimplecontainer-from-a-yaml-file/

ServerGrove Blog:
Symfony2 components overview: Config
Feb 21, 2014 @ 12:13:57

The ServerGrove blog has a new post today in their Symfony2 component spotlight series, this time focusing on the Config component.

After a few weeks, we continue with the Symfony2 components series. This time we are going to be talking about the Config component, which helps you to load and validate configuration values, regardless of their source.

They show how it can be used to parse YAML files and give a basic overview of its architecture. Sample code is included for a "blog generator" example that parses the given YAML structure and a loader to pull in the file. The component also includes caching functionality for larger configurations and allows you to define multiple loaders for different sources.

tagged: symfony2 component overview config yaml tutorial

Link: http://blog.servergrove.com/2014/02/21/symfony2-components-overview-config

Gonzalo Ayuso:
Scaling Silex applications (part II). Using RouteCollection
Mar 06, 2013 @ 09:21:31

Gonzalo Ayuso has posted a second part of his look at scaling Silex (here's part one). In this new article he shows how to use the RouteCollection functionality instead of defining the routes in the DI configuration.

In the post Scaling Silex applications I wanted to organize a one Silex application. In one comment Igor Wiedler recommended us to use RouteCollections instead of define the routes with a Symfony’s Dependency Injection Container. Because of that I started to hack a little bit about it and here I show you my outcomes:

He includes example code for creating the application, setting up the main "routes.yml" file with some defaults and two other files for routes in other parts of the site - "api" and "blog". Then he makes the controllers related to these three sections with basic actions catching each of the routes. The source for the entire thing is over on github.

tagged: silex scaling application tutorial routercollection yaml


Gonzalo Ayuso:
Scaling Silex applications
Feb 12, 2013 @ 09:54:54

Gonzalo Ayuso has posted yet another helpful Silex hint for those using this microframework and wanting to scale up their applications past the prototype stage - an extension to allow route definition in a YAML configuration.

My idea is to store this information within a Service Container (we will use Symfony’s DIC). For example here we can [define] our routes.yml. [...] We need to implement one Extension for the alias “routes”. We only will implement the needed functions for YAML files in this example.

He includes the code for the extension ("SilexRouteExtension") that can be used to parse the "routes.yml" file to inject the custom routing into your application. This includes the pattern to match, the controller to route it to and the target method. You can also set some requirements like the request method (in this case "GET").

tagged: scale silex extension yaml route configuration file


Pádraic Brady:
Getting Ahead In Security By Watching The Neighbours
Jan 18, 2013 @ 11:53:52

In his latest post Padraic Brady talks some about the recent security issues that happened with Ruby on Rails that allowed for remote code execution and how, if you use code blindly, you could be in for a similar fate.

Code execution vulnerabilities are, by definition, hideous monsters. The ability for external inputs to enter an execution context (i.e. injecting or manipulating code that is executed on the server) can be difficult to spot through the haze of convenience that such machinations are often designed to deliver. In Rail’s case, that convenience was to automatically cast data entries in XML or YAML inputs into Ruby types including, unfortunately, Symbols and Objects.

These types of “buried” code execution vulnerabilities are still easy to locate in PHP, at least, because you are still restricted to normal code execution pathways in the absence of Ruby’s dark magic, e.g. eval(), include(), require_once(), system() and, let’s not forget, unserialize().

He talks about how, if you're not careful with the code (third party libraries) that you use in your applications - or don't adhere to good security practices in your own - you could be vulnerable to a similar style of attack. After some investigation on his part, he discovered an issue related to this in the Symfony2 YAML parser (now fixed with a new release).

To summarise…

Pay attention to competing applications or frameworks – their problems may also be your problems. If you’re worried about arbitrary code execution vulnerabilities then audit your code. You can even, as a sanity check, use grep to find uses of functions like eval(), unserialize(), etc and analyse where their parameters’ might originate from.

tagged: rubyonrails security vulnerability code execution yaml symfony2


Using YAML in Your PHP Projects
Jul 24, 2012 @ 09:06:46

On PHPMaster.com today there's a new tutorial showing you how you can use YAML documents on your applications ("YAML Ain't Markup Language") for configuration files.

Test fixtures, configuration files, and log files all need to be both human and machine readable. YAML (YAML Ain’t Markup Language) is a less-verbose data serialization format than XML and has become a popular format among software developers mainly because it is human-readable. YAML files are simply text files that contain data written according to YAML syntax rules and usually have a .yml file extension. In this article, you will learn the basics of YAML and how you can integrate a PHP YAML parser into your projects.

They start with a brief introduction to the YAML syntax by comparing them to the structure of a typical PHP array. They include the YAML output from these examples and how, despite the ease of its use, it shouldn't be considered a replacement for something like XML (they both have their strengths). He points out some of the current YAML parsing libraries and how to integrate them into your app (he uses the Symfony option).

tagged: yaml tutorial introduction parse syntax


Konr Ness' Blog:
Zend_Config Benchmark - JSON, Array, INI, XML, YAML
Mar 08, 2012 @ 11:51:32

In this recent post to his blog, Konr Ness has benchmarked the components that the Zend Framework uses to read in different types of configuration files - JSON, native PHP arrays, INI, XML and YAML files.

If you application relies on parsing one or several config files each time it is bootstrapped it is important that you select a file format that is fast to parse. But you also want to select a config file format that is easy for a human to read and edit. In a recent application I am building I also had the need to write modifications to config files, so I also benchmarked the Zend_Config_Writer components.

He includes both the sample configuration INI file and the benchmarking script he used to measure the results (all configurations were read from external files, even the native PHP option). His results were pretty predictable (with the exception of YAML reading) with the standard INI file coming in second to the native PHP arrays, but having the advantage of being more readable.

tagged: zendconfig zendframework benchmark json array ini xml yaml


Marcelo Gornstein's Blog:
Dependency injection with Xml and Yaml in the Ding container
Feb 24, 2012 @ 11:37:04

In this new post to his blog today Marcelo Gornstein looks at doing some dependency injection in a simple application via XML and YAML configurations and the Ding dependency injection container.

In this past article I've discussed the dependency injection features when using annotations. This time, we'll see how to use the xml and yaml drivers to do the same (setter and constructor injection). If you don't know how to configure the xml and yaml drivers, please start by reading this.

He describes the different injection methods available with the container - setter injection, constructor injection and method injection. Example configuration content is included - both the XML and YAML versions.

tagged: dig dependencyinjection dic configuration xml yaml