PHP 7: Immediately Invoked Function Expressions

PHP7 will continue to borrow some of the beloved JavaScript features and will support Immediately Invoked Function Expressions (IIFEs): <?php echo (function() { return 42; })(); Output for [email protected] – 20141101: 42 Currying (functions returning functions) is also possible in combination with the IIFE implementation: <?php $foo = (function() { return function($a) { return $a […]

AWS Resource APIs for PHP

<?php require 'vendor/autoload.php'; use Aws\Resource\Aws; $aws = new Aws([ 'region' => 'us-west-2', 'version' => 'latest', 'profile' => 'your-credential-profile', ]); $bucket = $aws->s3->bucket('your-bucket'); $object = $bucket->putObject([ 'Key' => 'images/image001.jpg', 'Body' => fopen('/path/to/image.jpg', 'r'), ]); The core AWS SDK for PHP is composed of service client objects that have methods corresponding 1-to-1 with operations in the service’s […]

Blackfire Profiler

Blackfire Profiler automatically instruments your code to gather data about consumed server resources like memory, CPU time, and I/O. But Blackfire Profiler is more than figures; its interactive Callgraphs make it straightforward to find bottlenecks and improve performance. Moreover, profile comparisons let you understand the impact of your changes. Blackfire Profiler — Fire up your […]

PHP Roave Security Advisories

$ composer require roave/security-advisories:dev-master $ # following commands will fail: $ composer require symfony/symfony:2.5.2 $ composer require zendframework/zendframework:2.3.1 This package ensures that your PHP application doesn’t have installed dependencies with known security vulnerabilities. This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and […]

On PHP Version Requirements

Anthony Ferrara (ircmaxell): I learned something rather disturbing yesterday. CodeIgniter 3.0 will support PHP 5.2. To put that in context, there hasn’t been a supported or secure version of PHP 5.2 since January, 2011. That’s nearly 4 years. To me, that’s beyond irresponsible… It’s negligent… That’s worrying indeed. WordPress for example still runs on PHP […]

Mixed Content Scan: Scan your HTTPS-enabled website for Mixed Content

With my recent move to HTTPS I wasn’t sure if there were any pages left on my site that had Mixed Content or not. If an HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted. […] When a webpage exhibits this behavior, it is called a mixed content […]

It’s All About Time: Timing attacks in PHP

$query = "SELECT * FROM users WHERE id = ?"; $stmt = $pdo->prepare($query); $stmt->execute([$_POST[‘id’]]); $user = $stmt->fetchObject(); if ($user && password_verify($_POST[‘password’], $user->password)) { return true; } return false; There is information leak here: If you try different user names, it will take a different amount of time depending on if the username is there or […]

phpspec

phpspec is a development tool, designed to help you achieve clean and working PHP code by using a technique derived from test-first development called (spec) behaviour driven development, or SpecBDD. Example spec file: <?php namespace spec; use PhpSpec\ObjectBehavior; class MarkdownSpec extends ObjectBehavior { function it_converts_plain_text_to_html_paragraphs() { $this->toHtml("Hi, there")->shouldReturn("<p>Hi, there</p>"); } } Running it is easy: […]