Post on 20-Mar-2017
Mentor with LaunchCode!Thursday, September 8
Where: Sprint Accelerator - 6:00 PM - 8:30 PM
What: Give feedback on some beginner projects from students who just finished CS50X.
Think: UX and Features, not Code Review
Email kathryn@launchcode.org if interested
Sign up as a mentor at: https://www.eventbrite.com/e/launchcode-project-review-feedback-tickets-27076050195
Saturday, September 10
Where: Sprint Accelerator - 10:00 AM - 5:00 PM
What: Technical mentoring while same students implement final steps to their projects.
Email kathryn@launchcode.org if interested
Sign up as a mentor at: https://www.eventbrite.com/e/launchcode-project-lock-in-tickets-27077080276
PHP Patch ReleasesPHP 7.0.10 - Upgrade!
● Security fixes● See:
php.net/ChangeLog-7.php#7.0.10
PHP 5.6.25 - Upgrade!
● Security fixes● See:
php.net/ChangeLog-5.php#5.6.25
PHP 5.5.38 - Upgrade!
● Security fixes● Last Ever● See:
php.net/ChangeLog-5.php#5.5.37
Security Bulletin...ImageMagick
● Remote Code Execution● Mitigation recommendation:
○ Sandbox ImageMagick■ If you find a good way to do this, it might make a good KCPUG talk!
○ Update your policy.xml file.■ See: imagetragick.com
Upcoming Features via PHP RFCAdd session_create_id() function
● Target: PHP 7.1● Tl;dr: session_create_id(optional-prefix) will create a 128-bit
session ID. The optional prefix does not count against the 128-bits in the session ID.
● See: wiki.php.net/rfc/session-create-id
Upcoming Features via PHP RFCSession ID without hashing
● Target: PHP 7.1● tl;dr: Instead of hash and RNG, php_random_bytes is used to generate
session ID; 2x speed increase.● What do I change: php.ini
○ Add: session.sid_length=26○ Change: session.hash_bits_per_character=5 →
session.sid_bits_per_character=5
● See: wiki.php.net/rfc/session-id-without-hashing
Upcoming Features via PHP RFCAdditional Context in pcntl_signal
● Target: PHP 7.1● tl;dr: Adds a second parameter to
pcntl_signal ’s callback that includes $siginfo
● See: wiki.php.net/rfc/additional-context-in-pcntl-signal-handler
Upcoming Features via PHP RFCAsynchronous Signal Handling (without TICKs)
● Target: PHP 7.1● tl;dr: Reduces overhead of async signals
by giving the option to not use ticks.● Note: Appears to be default behavior in
PHP 7.1● See: wiki.php.net/rfc/async_signals
Enable tickless via:
pctnl_async_signals(bool = true)
Upcoming Features via PHP RFCIterable
● Target: PHP 7.1● tl;dr: Introduces new iterable pseudo-type that can stand in for both arrays
and objects implementing Traversable● New function: is_iterable($thing) : bool● See: wiki.php.net/rfc/iterable
Upcoming Features via PHP RFCRNG fixes and changes
● Target: PHP 7.1● tl;dr: fixes mt_rand(), aliases rand() to mt_rand(), fixes large ranges
for rand_range(), replaces insecure uses of php_rand() with php_random_bytes(), improve array_rand()
● Note: bc breaks for srand() and mt_srand()● See: wiki.php.net/rfc/rng_fixes● See: 3v4l.org/hGHde
Upcoming Features via PHP RFCThrow Error in Extensions
● Target: PHP 7.1● tl;dr: Changes most conditions raising an E_*ERROR in extensions to throw
instance of Error instead.● See: wiki.php.net/rfc/throw_error_in_extensions
Upcoming Features via PHP RFCMore precise float value handling in serialization
● Target: PHP 7.1● tl;dr: increases serialization float precision from 14 decimal places to the
more-standard 17 decimal places● What do I change: php.ini
○ Change: precision:14 → precision:-1○ Change: serialize_precision:14 → serialize_precision:-1
● See: wiki.php.net/rfc/precise_float_value
Upcoming Features via PHP RFCAdd session_gc()
● Target: PHP 7.2● tl;dr: Enable Garbage Collection for
sessions.● See: wiki.php.net/rfc/session-gc
Upcoming Features via PHP RFCImplement C function socket_getaddrinfo()
● Target: PHP 7.2● tl;dr: complements the existing PHP
socket functions with getaddrinfo().● See: wiki.php.net/rfc/socket_getaddrinfo● See: man 3 getaddrinfo
Adds methods:
● Socket_addrinfo_lookup○ returns: [$resource]
● Socket_addrinfo_connect○ returns: $resource
● Socket_addrinfo_bind○ returns: $resource
● socket_addrinfo_explain○ returns: [$resource]
Upcoming Features via PHP RFCE_WARNING for invalid container read array-access
● Target: PHP 7.2● tl;dr: Throw an E_WARNING when using
short-array syntax to access non-existent locations in containers & non-containers; currently returns a NULL
● See: wiki.php.net/rfc/notice-for-non-valid-array-container
Who knew this was seemingly valid?
CMSes: DrupalDrupal 8.1.[7,8] & 7.5.0
● Drupal 8: Security & Patch Releases - Upgrade!○ “httpoxy” injection via Guzzle○ See: drupal.org/SA-CORE-2016-003
● Drupal 7: Maintenance Release○ Adds support for full UTF-8 on MySQL when both site & db are configured to support it○ Robots.txt now allows search engines access to CSS, JS, & image files
CMSes: WordPressWordPress 4.6 - “Pepper”
● Feature Release○ Editor improvements:
■ Content recovery: draft is saved to browser■ Inline link checker (no more 404 when publishing a mal-formed URL
● See: wordpress.org/news/2016/08/pepper
Frameworks - CakePHPCakePHP 3.3.[0,1,2,3] & 2.8.6
● 3.3.0 - minor release○ See: bakery.cakephp.org/2016/08/12/cakephp_330_released.html
● Some bugfix and maintenance updates● See:
○ bakery.cakephp.org/2016/09/02/cakephp_333_released.html○ bakery.cakephp.org/2016/08/02/cakephp_286_released.html
Frameworks - LaravelLaravel 5.2.[40,41,42,43,44,45], 5.3.[0,1,2,3,4,6]
● Laravel 5.3○ Several cool new features and tools
■ See: laravel-news.com/2016/08/laravel-5-3-is-now-released/○ See: github.com/laravel/framework/blob/5.3/CHANGELOG-5.3.md
● Laravel 5.2○ See: github.com/laravel/framework/blob/5.3/CHANGELOG-5.2.md
Frameworks - SymfonySymfony [3.1.3, 3.0.9, 2.8.9, 2.7.16]
● Maintenance Releases○ See:
■ symfony.com/blog/symfony-2-7-16-released■ symfony.com/blog/symfony-2-8-9-released■ symfony.com/blog/symfony-3-0-9-released■ symfony.com/blog/symfony-3-1-3-released
● SymfonyLive Chicago - Canceled :(○ See:
symfony.com/blog/we-re-sorry-to-announce-the-cancellation-of-the-symfonylive-chicago-2016
Frameworks - ZendZF 1.12.19
● Security patch - Upgrade!○ See: framework.zend.com/blog/2016-07-13-ZF-1.12.19-Released.html
● Probably the last ZF1 release○ See: framework.zend.com/blog/2016-06-28-zf1-eol.html
PHP: The Right Way● Updated URL for PHP Mentoring
○ Was phpmentoring.org; now php-mentoring.org
● Deleted dead tools from Code Style Guide● Added text and examples for phpcbf and
php-cs-fixer○ phptherightway.com/#code_style_guide
● Corrected and improved wording in The Basics
○ phptherightway.com/pages/The-Basics.html
● Updated ZF2 DB abstraction layer to “Zend-db”
○ phptherightway.com/#databases_abstraction_layers
● Added two new PaaS Providers○ phptherightway.com/#php_paas_providers
● Updated “jeckyll serve” command for building PHPtRW locally
○ github.com/codeguy/php-the-right-way/blob/gh-pages/CONTRIBUTING.md
● Note: Every open-source project can use your help with documentation. What are you waiting for?
PHP ConferencesMidwest.io
● August 20-23 - Kansas City, MO● See: midwest.io
Pacific Northwest PHP 2016
● Sept 15-17 - Seattle, WA● See: pnwphp2016.dryfta.com
StrangeLoop
● Sept 15-17 - St. Louis, MO● See: thestrangeloop.com
Bulgaria PHP 2016
● Oct 7-9 - Sofia, Bulgaria● See: bgphp.org
PHP Conferences - ContinuedTrue North PHP
● Nov 3-5 - Toronto, Canada● truenorthphp.ca
PHP[WORLD] 2016
● Nov 14-18 - Washington, D.C.● 10% KCPUG Discount: REDACTED● world.phparch.com
ZendCon
● Nov 18-21 - Las Vegas, NV● zendcon.com
SunshinePHP 2017
● Feb 2-4 - Miami, FL● 2017.sunshinephp.com/● Call for Papers due: Sept 30
○ See: cfp.sunshinephp.com/
Nomad PHP (Online) - September 22Nomad PHP EU - 01:00 PM CDT
A Deepdive Into the .git Directory
● Joshua Thijssen (@jaytaph)● nomadphp.com/4378-2
Nomad PHP US - 08:00 PM CDT
CommonMark: Markdown Done Right
● Colin O’Dell (@colinodell)● nomadphp.com/commonmark-markdown-
done-right