Home Development of Websites PHP Digest #211 (September 1 – 13,2021)

PHP Digest #211 (September 1 – 13,2021)

by admin

PHP Digest #211 (September 1 - 13,2021) Photo : Ivan Gantsev
Here is a collection of the latest news and materials from the PHP world.The first release candidate of PHP 8.1 has been released, two malicious packages were found in Packagist, and the popular AliceBundle repository has disappeared from GitHub.Two new RFCs are proposed for PHP 8.2:about $this as a placeholder for return values, and about removing the old collab types.Also in the release are a portion of useful tools, articles, and videos.
Enjoy reading!

PHP Digest #211 (September 1 - 13,2021) News

For the most detailed explanation of what will be in PHP 8.1, see php.watch/versions/8.1 And on Brent’s blog. stitcher.io/blog/new-in-php-81

  • Malicious Composer packages

    There was a package on Packagist symfont/process which, when installed, did exactly the same thing as symfony/process but it also sent the machine information to a third party and opened up a web shell.
    The assumption was that you could misspell and write symfont instead of symfony When installing.
    The malicious package has already been removed from both pacajist and githab, but the detailed breakdown of the malware
    Another backdoor was detected in the package laraveli/qr-code As can be seen from the code, the malware copied to the machine here is such a website
    Be careful when installing composer packages! To protect yourselffrom problems like this, it’s worth at least adding a runtime to your CI pipeline local-php-security-checker or ready-made GitHub Action the-php-security-checker For more complex cases you can add running the scanner marcocesarato/PHP-Antimalware-Scanner

  • Missing hautelook/alice-bundle

    Package repository hautelook/alice-bundle has been removed from GitHub. The package has 8 million downloads and the main contributor doesn’t know why it was removed from the maintainer list, and the repository was apparently made private.
    The working fork is available on the author’s Github : theofidry/AliceBundle

  • PHP Digest #211 (September 1 - 13,2021) PHP Internals

    • [RFC] $thisreturn type

      Nikita brought up for discussion the idea of using $this as the return value type. This would have the interpreter check that it is the same object that is returned.
      That is, if you compare with self and static :

    • self – The return value must be an instance of the class that specifies the type;
    • static – return value must be an instance of the class that calls the method with this type declaration;
    • $this – return value must be the same instance as the instance that calls the method with this type declaration.

    class Test {public function method(): $this {return $this;}public function not_this(): $this {return new self(); // Fatal Error}}

  • [RFC] Deprecate partially supported callables

    Now there are several ways to describe a calback function that will pass the type test callable , by calling is_callable() and as an argument call_user_func() But call them as a normal anonymous function $callable() will not work.
    It is suggested that such non-consistent options be deprecated :

    "self::method""parent::method""static::method"["self", "method"]["parent", "method"]["static", "method"]["Foo", "Bar::method"][new Foo, "Bar::method"]

    Normal calls of the form "function" , "Foo::method" , ["Foo", "method"] and [new Foo, "method"] are not affected by this sentence. Because for them, calling through parentheses will work :

    class Foo {function method() {echo 'method';}}[new Foo, "method"]();// > method

  • Alias stdClassto DynamicObject?

    In context Removal of dynamic (non-existent) properties I had an idea to rename the class stdClass in DynamicObject (make an alias). Because that way its purpose will be clear from the name.

  • All RFCs on GitHub

    As an experiment, Ben Ramsey, the PHP 8.1 release manager, exported everything to Git ( 838 ) ever discussed RFCs, including the change history for each RFC.

  • Tools

    • phabelio/phabel – Transpiler for PHP. Allows usage of features from the latest PHP versions in older environments, or when backwards compatibility is needed. Also support for features that don’t exist, such as keywords. async/await
      There have been similar tools before, e.g. marcioAlmada/yay or preprocess.io And making backports can also Rector But Phabel’s trick is the transparent integration with Composer
    • VKCOM/noverify – Fast static parser and linter for PHP projects implemented in Go. Added support for PHP 8 and now its you can put via Composer
    • koriym/Koriym.Attributes – This simple tool allows you to read PHPDoc annotations and PHP 8 attributes through a single interface. For the same tasks there is more advanced spiral/attributes
    • niklongstone/regex-reverse – Generates a random string that satisfies a given regular expression.
    • Innmind/Immutable – Pretty interesting immutable implementation of primitives : Sequence, Set, Map, Str, RegExp.
    • grep.app – A handy tool for quick code searches on Githab.

    PHP Digest #211 (September 1 - 13,2021) Symfony

    PHP Digest #211 (September 1 - 13,2021) Laravel

    PHP Digest #211 (September 1 - 13,2021) Yii

    PHP Digest #211 (September 1 - 13,2021) Articles


    • A joke and bug , of course, but still 🙂
      From version to version we’re going to randomly change some constants in PHP, so that nobody relies on hardcoded values.


    Subscribe to our Telegram Channel PHP Digest

    This digest was prepared in conjunction with Insolita If you liked the issue, please give it a plus.

    Notice a mistake or typo? Tell us at hubr’s private message or telegram

    You can send the link to via the form Or simply by emailing me at telegram
    Search for links across all digests
    Previous issue : PHP Digest No. 210

    You may also like