PHP News You May Have Missed – October / November 2014

In an already all too familiar format, here’s more PHP news you may have missed over the past month or so. Some of these will be presented in more depth in future posts, but it’s just as important to have a heads up about them.

HHVM

HHVM is on fire lately – we have four major updates from the HHVM world.

Overriding Constructors, New static and __ConsistentConstruct

As explained in this blog post, hack has been upgraded with some new features. Due to Hack already supporting static typing, implementing a type checker for method overrides was the natural step. Hack’s strict mode now checks if a child class’ method overrides a method of the parent but also changes the return type, and disallows such behavior. One exception to this strictness is in constructors – overridden constructors can have different signatures. They’ve also added the __ConsistentConstruct user attribute which makes sure you can use new static() in contexts where constructor overrides aren’t natural, i.e. where you don’t know which class exactly you’ll be getting in return.

H2TP

Facebook released an experimental release of H2TP, a transpiler that you can use to convert Hack code to PHP5 code. We’ve mentioned before that you can easily run PHP5 code on HHVM. However, if you write Hack code, that won’t run on the Zend Engine and isn’t compatible with good old PHP. Personally, I don’t see this as a problem at all, but some might. H2TP lets you reclaim compatibility and move back to PHP if, in the future, Hack ceases to be to your liking, PHP7 exceeds everyone’s expectations and surpasses HHVM in speed, quality and/or features, or who knows what else.

HHVM 3.4.0

A new version is out. While not an LTS version like 3.3.0, it still sports some powerful upgrades, including but not limited to support for abstract final classes in Hack, Hack reflection support for first-class enums, support for Closure::bind() and more. You can find out all the details in the official blog post.

WP Engine and Box go HHVM

Companies starting to provide HHVM hosting? Madness! :) While I don’t find WP Engine’s setup story very impressive – it’s a simple failover which, when HHVM fails spins up PHP and makes it take over until HHVM can take the reins again – I still applaud those companies for taking the plunge and diving head first into the world of modern PHP. We need more brave endeavors like these if we’re to break away from the old “PHP go home, you’re drunk” adage. Are you using WP Engine? Have you felt the effects? Let us know, we’d love to go in-depth! You can read the rest in the PR from Box and the PR from WP Engine.

Propel2 Major Changes

For those of you unfamiliar with the project, Propel 2 is a very popular Active Record ORM. It’s wholly independent and indeed appeared before Doctrine ever set foot on the stage, but stagnated in development somewhat while Doctrine flourished. From version 2 onwards, it’s been in active development, and now, we have some huge changes looming on the horizon. Among other things, the new Propel will be even more modular, supporting NoSQL and even PHPCR. You can see the above PR for details, it’s far more comprehensive than anything I could hope to abbreviate here.

Have you implemented Propel2 in any of your projects? We’d like to publish your writings on it. Get in touch!

Security Oriented PSR Proposed to PHP-FIG

Found via Pádraic Brady’s post, it appears a new proposal found its way into the chambers of PHP-FIG. You can read Pádraic’s post for details, but in a nutshell, the proposal as set forth by Lukas Kahwe Smith would make sure all discovered security vulnerabilities would be dealt with in the exact same manner. This doesn’t target PHP as a language, but in fact everything PHP related – packages, libraries, frameworks – any of those suffering from a newly discovered vulnerability (see SQL injection shenanigans of Drupal 7) and respecting the standard as defined and accepted by PHP-FIG would need to approach the problem swiftly and accurately. I think this is a good idea, and trivially easy to implement – let’s make it happen.

Oauth2 Server for Laravel

Based on the recently released version 3.0 of PhpLeague’s Oauth Server, the Laravel version of it got an upgrade, too. It is now easier than ever to get a working Oauth2 server up and running for you apps in Laravel. With the extensive wiki and a lot of available documentation (and some tutorials coming on our end), you’ll be up and authing in no time. Ever wanted to make single sign-on a possibility for your apps? Now you can.

Symfony

Symfony has been on fire for the past few months – what with their developer experience initiative aimed at making Symfony more approachable to newcomers and the flurry of updates the framework has been seeing week-in week-out, it’s safe to say the framework is heading in a good direction. Symfony brings us three important updates:

5.5 requirement and Roadmap for 3.0

In this blog post, Fabien puts the public at ease by explaining the 3.0 release won’t break everyone’s Symfony apps, lists some upcoming changes, and talks about the next minimum required PHP version for Symfony 3.0. In a recent poll, version 5.5. was the most requested one – which is incredibly promising of the PHP community and shows how far we’ve come. It is my hope that by the time Symfony 3.0 is released (currently aimed for November 2015) a new poll will decide we should go with 5.6 instead. Around that time, PHP 7 will be out and about at least in some capacity, and minimizing the differences between required PHP versions should be a top priority – 5.5 to 7 will be a much bigger rift than 5.6 to 7.

2.6 B2

2.6 beta 2 is out, and is the final beta for 2.6 before the final release. As per their blog post, this is mostly a bugfix release. You can try this version out before committing to the final one by switching to the appropriate 2.6 b2 branch.

Edit: Symfony 2.6 has been released in the few days since this post’s publication, yay!

Symfony Marketplace

The SensioLabs team introduced Symfony Marketplace – a hub of all Symfony projects, spinoffs and uses. In addition to the “built with Symfony” section, the marketplace will also feature the best tools to develop in Symfony with, and will mention the most proven Symfony-compatible hosting providers – though how much of this mentioning is actually paid remains to be seen.

If you’ve developed something impressive with or for Symfony, go check the marketplace out and see if you can’t get yourself listed. Exposure guaranteed!

PHP CS Fixer 1.0

If you care about standards (and you should) and keep your code clean and maintainable whether you’re a solo flyer or a team member, you most likely use some code inspection tool like CodeSniffer to get the IDE to automatically show you the mistakes you’ve made. CS Fixer is a tool that automates code cleanliness by taking it a step further – it runs through a given set of rules and automatically rewrites your code to make it compatible with them. Most IDEs already support standards-based rewriting to some degree, but CS fixer is a universal tool which shares many standards used across many projects, making you automatically compatible with the vast majority of the professional PHP development world.

CS Fixer has recently been rewritten on top of a parser based on PHP tokens, and is now better than ever with more standards, rules and features than before. This rewrite prompted Fabien Potencier to tag it as a 1.0 release. Have a look at that blog post to learn more, or install CS Fixer into your IDE today.

V3 of AWS SDK docs

Version 3 of the PHP SDK AWS docs are now available online at this location. If you’ve never used AWS with PHP, now’s the time – it’s better than ever and fully documented for API version 3, so you can bring your apps to the next level of scalability and performance.

If you’ve done any AWS PHP implementations you’d like to tell us about, let us know, we’d love to publish your stories. The more open source, the better!

Phalconf

With Phalcon’s ever rising popularity, there are now whispers of a Phalcon Conference. While the location and time are still up for debate, several Phalcon fans (Phans?) have banded together to inquire about the level of the public’s interest. If you can spare a minute or two, please fill out the interest level survey they’ve put together at https://bit.ly/phalconf. Even if you’re completely unfamiliar with Phalcon, please take the survey – it’s a pretty safe bet that the conference will host a lot of introductory talks to both Phalcon and Zephir, and will gently guide you into understanding both – just make sure to vote for a two-track conference then, so one track can focus on beginner topics, while the other will host advanced talks.

Laravel 5.0 delayed

In a cryptic but honest blog post Taylor Otwell has delayed the release of Laravel 5.0 for two months, until January. Those of you using 5.0 features today are probably okay, but my gut tells me some major changes are afoot and that there might be a paradigm shift in how some things are done in the Laravel-powered development world.

Are you using some new 5.0 features already? Want to write about it? Let us know!

Lock

A new ACL package for PHP has popped up as noted by Dries Vints in the comments below. ACL is a big part of any serious PHP application, and having a well built reusable component for it is priceless in times of superbloated frameworks and 10k+ file count packages. While it’s still in alpha stage, it already shows great promise and my personal hope is that the author will move towards transitioning it to PhpLeague membership rather than its own organization.

We’ll be taking a more in depth look at Lock soon.

Bldr

Bldr is a task runner for PHP without external dependencies. No need for Java, NPM and other unstable software on your machine – PHP and some accompanying packages will do the job quite nicely.

We’ll be taking a more in depth look at using Bldr very soon.

Wrapping up

That’s it for the past month or so. Did I miss anything important? Let me know in the comments below!