Here’s a list of things that are upcoming in the PHP 7.3 release. According the release plan, the work on PHP 7.3 starts on June 7 2018 and it should be generally available November 29 2018.
Tag: PHP
PHP : Preparing for the Penetration Testing
Chris Cornutt wrote “PREPARING FOR PENTESTING (@ LONGHORN PHP 2018)” blog post for his upcoming talk at the conference. I’d gladly attend the talk, but the time and place didn’t work out for me this time. Here are a few useful links from his blog post that might come in handy for anyone evaluating the security of their PHP application and preparing for the penetration testing:
- OWASP Top 10 2017 – the ten most critical web application security risks
- PortSwigger Burp Suite (community edition)
- PHP Security Cheat Sheet
- Top 7 PHP Security Blunders
- The 2018 Guide to Building Secure PHP Software
The above are not a replacement for the talk, but if you are like me and can’t attend, these should at least get you started in the right direction.
CakePHP 3.6.0 release
My all time favorite PHP framework – CakePHP has recently announced the availability of the long awaited version 3.6.0. What’s so special about this particular version? – those of you not very familiar with CakePHP might ask. And I’ll tell you.
CakePHP is a well established framework, with long history – going strong for 13 years now (initial release was in April of 2005). In web development, 13 years is a very long time. Old tools fade away. New versions of the language and popular libraries come into play. And it’s the job of the framework to change and adjust smoothly, providing the developer with the best and greatest, without breaking applications. That’s not an easy task – ask anybody who had to maintain any codebase for longer than a couple of years.
I started using CakePHP back in 2007-2008 or so. It was version 1.x and it was great. At the time. Then, a few years later, version 2.x was released, and as a major releases often do, it broke backward compatibility. The most painful change at the time was still easy to fix – it was the change in the naming convention for folders, files, and classes. CakePHP 2.x switched from their own naming convention to the PSR-2 Coding Style.
About 4 years ago, CakePHP 3.x was released, and this time it was the major of the major releases. CakePHP framework got a lot better (and I do mean A LOT), but the price was an impossible migration. One of the big changes in that version was the complete rewrite of the model layer and the ORM, which meant moving the CakePHP application from version 2.x to 3.x meant an almost complete rewrite (as most applications have most of the code in the model layer anyway).
That was a huge pain and community reacted. Everybody wanted to use the cool new features of CakePHP 3, but nobody could afford to rewrite almost all of the application for this version of the framework. (By the way, this situation is not unique to CakePHP – pretty much all other frameworks, both in PHP and other languages, either faced it or will face it in the future – that’s just how things are done).
When the CakePHP 4 roadmap was announced, one of the first things that CakePHP core developers team addressed was the upgrade path. From the start they said that there must be a better way to handle major upgrades of the framework, and that they will find it. And they did!
This time around, there was some ground work laid out. Instead of just dropping another major release into developers’ laps and all the upgrade pain that comes with it, CakePHP developers absorbed a lot of it on their end, and softened the transition. How did they do it?
Well, that’s where we get to the exciting CakePHP 3.6.0 release! You see, the plan was do provide the gradual transition and give developers warnings and time to adjust their applications. From the early stages of the CakePHP 3.x, a lot of functionality was commented as deprecated. Any developer building with CakePHP framework could easily find what’s gonna go in the next major release. But developers are always busy and never have the time for looking up things. So what CakePHP 3.6.0 does is quite elegant. It introduces deprecated warnings for all the functionality that will be removed in CakePHP 4. This means that once you upgrade to CakePHP 3.6.0 your logs will get a lot noisier, telling you exactly what needs fixing. If you don’t have the time right now, or want to ignore these warnings for now, you can simply disable them by adjusting the error reporting configuration, and all works as before. But if you want to get ready for the next major version of CakePHP, then you have precise information of what needs to be fixed in your application. Fixing one issue at a time, when you have the time, is great!
In fact, at work, we loved this approach so much that we started using it for our own projects as well. Switching between different projects across several developers, and working on some old projects, etc., makes things difficult to remember. With deprecated warnings, things are a lot simpler.
So, ladies and gentlemen, if you were looking for a framework to try, give CakePHP 3.6.0 a go. You’ll easily upgrade to CakePHP 4 when it becomes available. And if you were already using CakePHP 3, upgrade to CakePHP 3.6.0 and check your logs for deprecated warnings.
And, of course, stay tuned for CakePHP 4!
Botman – framework agnostic PHP library to build chat bots
Botman is a framework agnostic library for building your own chat bots in PHP. With the same chat bot logic you can connect to a variety of chat services like HipChat, Slack, Telegram, Facebook Messenger, Google Hangouts and a variety of others (just search for “botman/driver” on Packagist). You can also build your own drivers for the services which are currently not supported (can’t think of one top of my head), or simply integrate it with your website.
I came across this library via this article.
Handling Amazon SNS messages with PHP, Lumen and CloudWatch
Gonzalo Ayuso throws a few snippets of code in the blog posts title “Handling Amazon SNS messages with PHP, Lumen and CloudWatch“, which shows how to work with Amazon SNS (Simple Notifications Service) and Amazon CloudWatch (cloud and network monitoring solution) from PHP. The examples are based on the Lumen micro-framework, which is basically a stripped down Laravel.