Fabien PotencierThe PHP Security Advisories Database (26.10.2014, 07:07 UTC)

A year and a half ago, I was very proud to announce a new initiative to create a database of known security vulnerabilities for projects using Composer. It has been a great success so far; many people extended the database with their own advisories. As of today, we have vulnerabilities for Doctrine, DomPdf, Laravel, SabreDav, Swiftmailer, Twig, Yii, Zend Framework, and of course Symfony (we also have entries for some Symfony bundles like UserBundle, RestBundle, and JsTranslationBundle.)

The security checker is now included by default in all new Symfony project via sensiolabs/SensioDistributionBundle; checking vulnerabilities is as easy as it can get:

$ ./app/console security:check

If you are not using Symfony, you can easily use the web interface, the command line tool, or the HTTP API. And of course, you are free to build your own tool, based on the advisories stored in the "database".

Today, I've decided to get one step further and to clarify my intent with this database: I don't want the database to be controlled by me or SensioLabs, I want to help people find libraries they must upgrade now. That's the reason why I've added a LICENSE for the database, which is now into the public domain.

Also, even if I've been managing this database since the beginning with only good intentions, it is important that the data are not controlled by just one person. We need one centralized repository for all PHP libraries, but a distributed responsibility. As this repository is a good starting point, I've decided to move the repository from the SensioLabs organization to the FriendsOfPHP organization.

I hope that these changes will help the broader PHP community. So, who wants to help?

SitePoint PHPStrategic Archive Extraction with Distill (25.10.2014, 16:00 UTC)

Perhaps you are building an application which depends on archives; for example, you constantly have to download archives and extract files from them. There are many libraries out there that can help you get files extracted from an archive, and a new player in town capable of doing this job is Distill.

With Distill, you can easily extract an archive into a specified directory. You can also give multiple archives to Distill and let it pick the most optimal one, as per a strategy you define yourself. Let’s dive into the code to see what we can achieve with Distill.

If you want to follow along, you can have a look at this Github repository to check out the code.


Before we can start using Distill, do note that at the moment of writing, it only supports Unix based systems. The reason for this is that Distill uses command line tools which are currently only available on Unix based systems.

Continue reading %Strategic Archive Extraction with Distill%

Symfony CMF1.2 stable released (25.10.2014, 04:00 UTC)

Today we have finally tagged the last packages and with this the CMF has reached 1.2! Unfortunately we ended up setting HHVM as an allowed failure in our test setup due to an configuration issue on Travis CI with HHVM 3.3, however things were working fine with 3.2 and we expect once the configuration issue is resolved, things will work fine with 3.3 as well. All packages however are now also tested against PHP 5.6, as well as Symfony 2.5 and the upcoming 2.6.

In terms of features, as mentioned in a previous news item PHPCR ODM has seen significant improvements related to the events system, the native translation support and performance related to collections. Another big step forward is that we are now also compatible with the recently released SonataAdminBundle 2.3, which provides significant improvements especially on the UI side. Furthermore, DoctrinePHPCRBundle now optionally supports the PHPCR shell. Other than that most Bundles have seen incremental improvements related to developer experience, performance or minor feature additions.

Likely the biggest step forward for the CMF however is the first stable release of the RoutingAutoBundle and its underlying library. With it users can automate the creation of routes. For example when a new content document is created, a route document is automatically created. Or when a route is moved, a redirect from the previous location is created as well. This makes it a lot easier to leverage the ability of the CMF to keep the content and route structure separate, as it allows a best of both worlds approach where most route related work is automated, but it still is possible to easily manually manage the route structure independent of the content structure.

As always we are also thrilled to see a steady increased in contributors providing feedback, fixes and improvements small or large. In order to allow users to quickly get a taste of what is possible, we have of course also updated our demo to use the latest version of the sandbox. The documentation has also been updated to cover the new features.

SitePoint PHPBuilding an Ad Manager in Symfony 2 (24.10.2014, 16:00 UTC)

Just this once won’t hurt - I am not going to write about Sass but Symfony. I had to do a little bit of backend at work and ended up with an interesting problem to solve, involving quite a lot of things so I thought it wouldn’t be such a bad idea to write an article about it.

But first, let me explain. The main idea was to build an ad manager. What the hell is an ad manager you say? Let’s say you have some places on your site/application to display ads. We do have things like this on our site, and one of our teams is (partially) dedicated to bringing those places to life with content.

Now for some boring reasons I won’t list here, we couldn’t use an existing tool, so we were doomed to build something from scratch. As usual, we wanted to do a lot without much coding, while keeping an overall simplicity for the end user (who is not a developer). I think we came up with a fairly decent solution for our little project.

Here are the features we set up:

  • YAML configuration + FTP access;
  • Either images, videos or HTML content;
  • Ability to customize cache duration;
  • Either sliders (yes, the pattern sucks) or random item in collection.

Continue reading %Building an Ad Manager in Symfony 2%

Anthony FerraraWhat's In A Type (24.10.2014, 16:00 UTC)
There has been a lot of talk about typing in PHP lately. There are a couple of popular proposals for how to clean up PHP's APIs to be simpler. Most of them involve changing PHP's type system at a very fundamental level. So I thought it would be a good idea to talk about that. What goes into a type?

Read more »
Bernhard SchussekDefining PHP Annotations in XML (24.10.2014, 09:48 UTC)

Annotations have become a popular mechanism in PHP to add metadata to your source code in a simple fashion. Their benefits are clear: They are easy to write and simple to understand. Editors offer increasing support for auto-completing and auto-importing annotations. But there are also various counter-arguments: Annotations are written in documentation blocks, which may be removed from packaged code. Also, they are coupled to the source code. Whenever an annotation is changed, the project needs to be rebuilt. This is desirable in some, but not in other cases.

For these reasons, Symfony always committed to supporting annotations, XML and YAML at the same time – and with the same capabilities – to let our users choose whichever format is appropriate to configure the metadata of their projects. But could we take this one step further? Could we build, for example, XML support directly into the Doctrine annotation library?

Let’s start with a simple example of an annotated class:

namespace Acme\CRM;
use Doctrine\ORM\Mapping\Column;
use Doctrine\ORM\Mapping\Entity;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotNull;
 * @Entity
class Address
     * @Column
     * @NotNull 
     * @Length(min=3)
    private $street;
     * @Column(name="zip-code")
     * @NotNull
    private $zipCode;

Right now, if toolkits (such as Doctrine ORM or Symfony Validation) want to support annotations and XML schemas, they have to write separate parsers that duplicate a lot of common code. Wouldn’t it be nice if they could use a generic parser instead?

Let’s try to map the annotations to a generic XML file:

<?xml version="1.0" encoding="UTF-8"?>
<class-mapping xmlns="http://doctrine-project.org/schemas/annotations/class-mapping"
<class name="Acme\CRM\Address">
    <orm:entity />
    <property name="street">
        <orm:column />
        <val:not-null />
        <val:length min="3" />
    <property name="zipCode">
        <orm:column name=

Truncated by Planet PHP, read more at the original (another 10342 bytes)

Nomad PHPJanuary 2015 (24.10.2014, 00:01 UTC)

/Regex makes me want to (weep|give up|(╯°□°)╯︵ ┻━┻)\.?/i

Presented By
Brett Florio
January 22, 2015 20:00 CST

The post January 2015 appeared first on Nomad PHP.

Nomad PHPJanuary 2015 – EU (24.10.2014, 00:01 UTC)

Encryption, It's For More Than Just Passwords

Presented By
John Congdon
January 22, 2015 TIME

The post January 2015 – EU appeared first on Nomad PHP.

thePHP.ccBuilding Testable Applications (23.10.2014, 05:30 UTC)
SitePoint PHPWhere are you? Implementing geolocation with Geocoder PHP (22.10.2014, 16:00 UTC)

GeoCoder PHP

The beauty of SitePoint, to me, is that you can get inspired to try something or be told about some cool project out there. The internet is simply too big for one person to scout out on their own. GeoCoder was one of those for me. I had never heard about it and came across it on the authors Trello board.

I love working with maps and geographic information and I use (reverse) geocoding heavily for a project I did for a client; CableTracks. We actually use a paid service for this although not for everything. The paid results hold much more information than you get from free services. I found out that GeoCoder PHP actually is what I was missing for the integration of various services that we use.

GeoCoder PHP provides: “an abstraction layer for geocoding manipulations”. The library is split into three parts: an HttpAdapter for doing requests, several geocoding Providers and various Formatter/Dumpers to do output formatting.


Installation of GeoCoder is most easily done using composer. Add the following to your composer.json:

    "require": {
        "willdurand/geocoder": "@stable"

Or get one of the archives from the GeoCoder PHP website.

Continue reading %Where are you? Implementing geolocation with Geocoder PHP%

LinksRSS 0.92   RDF 1.
Atom Feed   100% Popoon
PHP5 powered   PEAR
ButtonsPlanet PHP   Planet PHP
Planet PHP